• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution

Network Security News – Thursday, May 11, 2006 Events

Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution

Microsoft Exchange contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due to an error within the EXCDO (Exchange Collaboration Data Objects) and CDOEX (Collaboration Data Objects for Exchange) functionality when processing iCal and vCal properties in email messages. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.. Read more at osvdb.org/25338

phpRaid auth.php Multiple Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to auth.php not properly sanitizing user input supplied to the 'phpbb_root_path' and 'smf_root_path' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25358

Ocean12 Calendar Manager Pro admin/edit.asp ID Variable SQL Injection

Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/edit.asp' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25346

Ocean12 Calendar Manager Pro admin/main.asp date Variable SQL Injection

Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/main.asp' script not properly sanitizing user-supplied input to the 'date' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25344

Ocean12 Calendar Manager Pro admin/main.asp date Variable XSS

Ocean12 Calendar Manager Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'date' variable upon submission to the 'admin/main.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25347

Ocean12 Calendar Manager Pro admin/view.asp SearchFor Variable SQL Injection

Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/view.asp' script not properly sanitizing user-supplied input to the 'SearchFor' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25345

PassMasterFlexPlus User-Agent HTTP Header Field XSS

PassMasterFlexPlus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the HTTP User-Agent header field upon displaying it in the application log files. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server when that user is viewing the log files, leading to a loss of integrity.. Read more at osvdb.org/25302

Flexcustomer /admin/index.php Multiple Variable SQL Injection

Flexcustomer contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the '/admin/index.php' script not properly sanitizing user-supplied input to the 'checkuser' and 'checkpass' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25343

Flexcustomer index.php Multiple Variable SQL Injection

Flexcustomer contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25342

Linux Kernel Socket Data Buffering Local DoS

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when the kernel buffers data for transfer over a socket pair. A flaw in the checking for available memory can result in a kernel panic when many socket pairs are created with the maximum kernel buffer size allocated to them. If the allocating process is then turned into a 'zombie' or if the corresponding file descriptors are closed but references are still held, the data to transfer will be held in the kernel, eventually resulting in memory exhaustion and hence in loss of availability for the platform.. Read more at osvdb.org/22060

Vuln: Xine Playlist Handling Remote Format String Vulnerability

Xine Playlist Handling Remote Format String Vulnerability. Read more at securityfocus.com/bid/17579

Vuln: PAFileDB Pafiledb_Constants.PHP Remote File Include Vulnerability

PAFileDB Pafiledb_Constants.PHP Remote File Include Vulnerability. Read more at securityfocus.com/bid/17930

Vuln: Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities

Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities

. Read more at securityfocus.com/bid/17928

Vuln: GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability

GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability. Read more at securityfocus.com/bid/17635

ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability

ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability. Read more at securityfocus.com/archive/1/433589

Re: Firefox 1.5.0.3 – DoS

Re: Firefox 1.5.0.3 – DoS

. Read more at securityfocus.com/archive/1/433568

Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING

Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING. Read more at securityfocus.com/archive/1/433563

[ MDKSA-2006:084 ] – Updated MySQL packages fix several vulnerabilities

[ MDKSA-2006:084 ] – Updated MySQL packages fix several vulnerabilities. Read more at securityfocus.com/archive/1/433559

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software