Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Smartor Photo Album for phpBB album_comment.php bsid Variable XSS

Network Security News – Friday, April 29, 2005 Events

Smartor Photo Album for phpBB album_comment.php bsid Variable XSS

Smartor Photo Album for phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid' variable upon submission to the 'album_comment.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15933

Smartor Photo Album for phpBB album_cat.php bsid Variable XSS

Smartor Photo Album for phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid' variable upon submission to the 'album_cat.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15932

Smartor Photo Album for phpBB album_search.php mode Variable SQL Injection

Smartor Photo Album for phpBB contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the 'album_search.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15931

phpBB2 Plus Calendar Module calendar_scheduler.php start Variable XSS

phpBB2 Plus Calendar Module contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'start' variable upon submission to the 'calendar_scheduler.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15930

phpBB2 Plus groupcp.php bsid Variable XSS

phpBB2 Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid' variable upon submission to the 'groupcp.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15925

phpBB2 Plus index.php Multiple Variable XSS

phpBB2 Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid', 'c' or 'mark' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15926

phpBB2 Plus viewforum.php bsid Variable XSS

phpBB2 Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid' variable upon submission to the 'viewforum.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15928

phpBB2 Plus viewtopic.php bsid Variable XSS

phpBB2 Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid' variable upon submission to the 'viewtopic.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15929

phpBB2 Plus portal.php Multiple Variable XSS

phpBB2 Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid' or 'article' variables upon submission to the 'portal.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15927

nProtect Netizen Update Module Arbitrary File Placement

nProtect contains a flaw that may allow a malicious website owner to place arbitrary files on a vulnerable system. The issue is triggered when the product checks for updates. It is possible that the flaw may allow full system exposure resulting in a loss of integrity.. Read more at osvdb.org/15788

Apple Safari Web Browser HTTPS Buffer Overflow Vulnerability

Apple Safari Web Browser is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied dat…. Read more at securityfocus.com/bid/13432?ref=rss

PHPCoin Multiple SQL Injection Vulnerabilities

phpCoin is a customer information and shopping application designed for integration into an existing website. It is freely available for all platforms that support PHP s…. Read more at securityfocus.com/bid/13433?ref=rss

Mozilla Suite And Firefox Document Object Model Nodes Code Execution Vulnerability

Mozilla Suite is a collection of applications including a Web browser and an email client. Mozilla Firefox is a Web browser that supports tabbed browsing. These applica…. Read more at securityfocus.com/bid/13233?ref=rss

Mozilla Suite And Firefox XPInstall JavaScript Object Instance Validation Vulnerability

Mozilla Suite is a collection of applications including a Web browser and an email client. Mozilla Firefox is a Web browser that supports tabbed browsing. These applica…

. Read more at securityfocus.com/bid/13232?ref=rss

Mozilla Suite And Firefox Search Plug-In Remote Script Code Execution Vulnerability

Mozilla Suite is a collection of applications including a Web browser and an email client. Mozilla Firefox is a Web browser that supports tabbed browsing. These applica…. Read more at securityfocus.com/bid/13211?ref=rss

Mozilla Suite And Firefox Favicon Link Tag Remote Script Code Execution Vulnerability

Mozilla Suite is a collection of applications including a Web browser and an email client. Mozilla Firefox is a Web browser that supports tabbed browsing. These applica…. Read more at securityfocus.com/bid/13216?ref=rss

[HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection

Sender: Zinho [zinho at hackerscenter dot com]

. Read more at securityfocus.com/archive/1/397164?ref=rss

DHS Security Contact

Sender: Jason Coombs [jasonc at science dot org]. Read more at securityfocus.com/archive/1/397185?ref=rss

Re: New auto download / install / exploit URL?

Sender: Nicob [nicob at nicob dot net]. Read more at securityfocus.com/archive/1/397184?ref=rss

Safari HTTPS Overflow

Sender: Gilbert Verdian [gverdian at neoresearch dot org]

. Read more at securityfocus.com/archive/1/397187?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *