• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

SKForum user.View.action userID Variable XSS

Network Security News – Saturday, April 08, 2006 Events

SKForum user.View.action userID Variable XSS

SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'userID' variable upon submission to the 'user.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24432

SKForum planning.View.action time Variable XSS

SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'time' variable upon submission to the 'planning.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24431

SKForum area.View.action areaID Variable XSS

SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'areaID' variable upon submission to the 'area.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24430

ARIA (Accounting Receiving and Inventory Administration) gencompanyadd.php Multiple Variable XSS

ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name', 'address1', 'address2', 'city', 'email', and 'web' variables upon submission to the gencompanyadd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24441

ARIA (Accounting Receiving and Inventory Administration) docmgmtadd.php Multiple Variable XSS

ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'description' and 'comment' variables upon submission to the docmgmtadd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24439

MWNewsletter unsubscribe.php user_name Variable SQL Injection

MWNewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the unsubscribe.php script not properly sanitizing user-supplied input to the 'user_name' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24445

MWNewsletter subscribe.php user_name Variable XSS

MWNewsletter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user_name' variable upon submission to the subscribe.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24446

ARIA (Accounting Receiving and Inventory Administration) gencompanyupd.php Multiple Variable XSS

ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name', 'address1', 'address2', 'city', 'email', and 'web' variables upon submission to the gencompanyupd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24440

Mailman Scrubber.py Crafted Multipart MIME Message DoS

Mailman contains a flaw that may allow a remote denial of service. The issue is triggered when a multipart MIME message with a malformed part is received by the 'Scrubber.py' script, and will result in loss of availability for the list.. Read more at osvdb.org/24367

Cisco 11500 Content Services Switch HTTP Compression DoS

Cisco 11500 series Content Service Switches contains a flaw that may allow a remote denial of service. The issue is triggered when either "a valid, but obsolete" or a "specially crafted" HTTP request is received, and will result in loss of availability for the service. The flaw is only exploitable when HTTP compression is enabled, but it is not clear what role compression plays in exploitation of the flaw.. Read more at osvdb.org/24433

Vuln: MPlayer Multiple Integer Overflow Vulnerabilities

MPlayer Multiple Integer Overflow Vulnerabilities. Read more at securityfocus.com/bid/17295

Vuln: Clam Anti-Virus ClamAV Multiple Vulnerabilities

Clam Anti-Virus ClamAV Multiple Vulnerabilities. Read more at securityfocus.com/bid/17388

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software