• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

WebWasher CSM Conf Script navTo2 Variable XSS

Network Security News – Saturday, April 09, 2005 Events

WebWasher CSM Conf Script navTo2 Variable XSS

WebWasher CSM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'navTo2' variable upon submission to the CSM Conf script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15354

PaFileDB pafiledb.php start Parameter SQL Injection

PaFileDB contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'start' variable in the pafiledb.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15294

FreeBSD amd64 Direct Hardware Access Privilege Escalation

FreeBSD amd64 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by an incorrect initialization of bitmap used for determinatig the hardware access of unprivileged processes. This flaw may lead to a loss of confidentitaliy.. Read more at osvdb.org/15288

MailEnable IMAP A001 AUTHENTICATE Command Remote Overflow

A remote overflow exists in MailEnable. MailEnable fails to check bounds for input passed to "A001 AUTHENTICATE <buffer>" resulting in a buffer overflow. With a specially crafted request greater than 1016 bytes, an attacker can overwrite the ECX and EAX registers causing arbitrary code execution, resulting in a loss of integrity.. Read more at osvdb.org/15231

LiteCommerce cart.php Multiple Parameter SQL Injection

LiteCommerce contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'category_id' or 'product_id' variable in the cart.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15314

LiteCommerce cart.php Malformed target Parameter Script Source Disclosure

LiteCommerce contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker provides malformed data to the 'target' parameter of the cart.php script, which will disclose the source code for the script resulting in a loss of confidentiality.. Read more at osvdb.org/15313

SCO OpenServer termsh HOME Environment Variable Local Overflow

A local overflow exists in SCO OpenServer. The termsh utility fails to validate input received from the HOME environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code and gain additional privileges.. Read more at osvdb.org/15359

SCO OpenServer auditsh HOME Environment Variable Local Overflow

A local overflow exists in SCO OpenServer. The auditsh utility fails to validate input received from the HOME environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code and gain additional privileges.. Read more at osvdb.org/15358

SCO OpenServer atcronsh HOME Environment Variable Local Overflow

A local overflow exists in SCO OpenServer. The atcronsh utility fails to validate input received from the HOME environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code and gain additional privileges.. Read more at osvdb.org/15360

Gaim gaim_markup_strip_html Function Malformed HTML DoS

A remote overflow exists in Gaim. The 'gaim_markup_strip_html()' function fails to perform proper bounds checking resulting in a buffer overflow. By issuing a string that contains malformed HTML, a remote attacker can cause the application to crash resulting in a loss of availability.. Read more at osvdb.org/15276

Microsoft Outlook and Outlook Web Access Source Email Address Spoofing Weakness

Microsoft Outlook and Outlook Web Access clients are reported prone to a weakness that may allow remote attackers to send email with a spoofed address.It is reported th…

. Read more at securityfocus.com/bid/13078?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software