• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

S9Y Serendipity BBCode Plugin HTML Injection Vulnerability

Network Security News – Thursday, April 28, 2005 Events

S9Y Serendipity BBCode Plugin HTML Injection Vulnerability

Serendipity is a Web log application that is written in PHP.S9Y Serendipity is affected by an HTML injection vulnerability. This issue is due to a failure in the appli…. Read more at securityfocus.com/bid/13411?ref=rss

Dream4 Koobi CMS Index.PHP Q Parameter SQL Injection Vulnerability

Koobi CMS is Web based content management software utilizing a MySQL backend and is implemented in PHP.Koobi CMS is prone to an SQL injection vulnerability. This issue…. Read more at securityfocus.com/bid/13413?ref=rss

Dream4 Koobi CMS Index.PHP P Parameter SQL Injection Vulnerability

Koobi CMS is Web based content management software utilizing a MySQL backend and is implemented in PHP.Koobi CMS is prone to an SQL injection vulnerability. This issue…

. Read more at securityfocus.com/bid/13412?ref=rss

BakBone NetVault NVStatsMngr.EXE Local Privilege Escalation Vulnerability

NetVault is a backup and restore solution available for UNIX, Windows NT/2000, Linux, Netware and Apple Mac OS X platforms.BakBone NetVault is affected by a local privi…. Read more at securityfocus.com/bid/13408?ref=rss

BulletProof FTP Server Local Privilege Escalation Vulnerability

BulletProof FTP Server is an FTP server for Microsoft Windows platforms.BulletProof FTP Server is prone to a local privilege escalation vulnerability. This issue can a…. Read more at securityfocus.com/bid/13410?ref=rss

ZRCSA-200501 – Multiple vulnerabilities in Claroline

Sender: Sieg Fried [Siegfried at zone-h dot org]

. Read more at securityfocus.com/archive/1/397072?ref=rss

SQL-injections in koobi-cms

Sender: CENSORED [censored at mail dot ru]. Read more at securityfocus.com/archive/1/397057?ref=rss

[CLA-2005:950] Conectiva Security Announcement – evolution

Sender: Conectiva Updates [secure at conectiva dot com dot br]. Read more at securityfocus.com/archive/1/397058?ref=rss

[CLA-2005:949] Conectiva Security Announcement – gaim

Sender: Conectiva Updates [secure at conectiva dot com dot br]

. Read more at securityfocus.com/archive/1/397060?ref=rss

MySQL MaxDB Web Administration Service Malformed GET Request Overflow

A remote overflow exists in MySQL MaxDB. The MaxDB web administration service fails to properly handle HTTP GET requests containing a percent sign ('%') resulting in a buffer overflow. With a specially crafted HTTP GET request containing a percent sign followed by an overly long string as the file parameter, a remote attacker can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.. Read more at osvdb.org/15816

MetaCart2 searchAction.asp Multiple Variable SQL Injection

MetaCart2 (multiple products) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to multiple variables in the searchAction.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15874

MetaCart2 product.asp intProdID Variable SQL Injection

MetaCart2 (multiple products) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'intProdID' variable in the product.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15873

MetaCart2 productsByCategory.asp Multiple Variable SQL Injection

MetaCart2 (multiple products) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to multiple variables in the productsByCategory.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15872

PHPCart phpcart.php Arbitrary Price Manipulation

PHPCart contains a flaw that allows a remote users to manipulate prices without authorization. The flaw exists because the application does not validate 'price' or 'postage' variables upon submission to the 'phpcart.php' script. This could allow a user to create a specially crafted URL to modify arbitrary prices.. Read more at osvdb.org/15859

Microsoft IE wininet.dll Long Hostname Heap Corruption Code Execution

A remote overflow exists in Windows. Internet Explorer improperly validates long URLs resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15464

BIG-IP / 3-DNS Radius Authentication login_radius Security Bypass

F5 Big-IP and 3DNS contain a flaw that may allow a malicious user to bypass RADIUS authentication. The issue is triggered when an attacker sends a specially-crafted RADIUS ACCEPT packet response, with the origin set as the radius server, and the login_radius function fails to properly check the shared secret, resulting in a loss of integrity.. Read more at osvdb.org/15804

VooDoo cIRCle BOTNET Remote Overflow

A remote overflow exists in VooDoo cIRCle BOTNET. VooDoo cIRCle BOTNET fails to properly perform bounds checking of user-supplied input in the handling of packets from BOTNET connections resulting in a buffer overflow. With a specially crafted request, an attacker can crash a vulnerable bot resulting in a loss of availability. Successful exploitation requires access to establish a BOTNET connection (e.g. knowledge of password or client SSL certificate).. Read more at osvdb.org/15830

WordPress template-functions-post.php Multiple Field XSS

WordPress contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple fields upon submission to the 'template-functions-post.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15643

yappa-ng Nondescript Remote File Inclusion

yappa-ng contains a flaw that may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by a vulnerable script. No further details have been provided.. Read more at osvdb.org/15829

Microsoft Internet Explorer Content Advisor File Handling Buffer Overflow Vulnerability

Internet Explorer Content Advisor is a feature of the browser that allows administrators to control users from visiting unsuitable Web sites and content on the Internet….. Read more at securityfocus.com/bid/13117?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software