• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Bug Report bug_report.php Multiple Field XSS

Network Security News – Tuesday, May 17, 2005 Events

Bug Report bug_report.php Multiple Field XSS

Bug Report contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied "name", "sujet", "commentaires", "os", "navig" and "url" variables upon submission to the bug_report.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server when the malicious user data is viewed via "bug_list.php" or "admin/index.php", leading to a loss of integrity.. Read more at osvdb.org/16601

GuildFTPd Traversal Arbitrary File Enumeration

GuildFTPd contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the application not properly sanitizing user input, specifically traversal style attacks (../../), which causes the application to return an error message whether the file exists on the system or not resulting in a loss of confidentiality.. Read more at osvdb.org/370

Kerio MailServer on Linux .eml Attachment DoS

Kerio MailServer contains a flaw that may allow a remote denial of service. The issue is triggered by improper parsing of emails with .eml attachments. A remote attacker could send an email embedded with multiple .eml files which would cause Kerio MailServer running on Linux to crash, resulting in loss of availability for the service.. Read more at osvdb.org/16487

Oracle Database/Application Server HTTP Server Unspecified Remote DoS

Oracle Database Server and Application Server contain a flaw related to the HTTP server that may allow an attacker to cause a denial of service. No further details have been provided.. Read more at osvdb.org/15564

Oracle Database Server XDK Component SYS_DBURIGEN Issue

Oracle Database Server contains a flaw related to the XDK component SYS_DBURIGEN function that may allow an attacker to trivially cause a denial of of service, or with more effort, compromise the integrity or confidentiality of the server. No further details have been provided.. Read more at osvdb.org/15561

Oracle Database/Application Server HTTP Server SSL Complex Remote DoS

Oracle Database Server and Application Server contain a flaw related to the HTTP server SSL component that may allow an attacker to cause a denial of service. No further details have been provided.. Read more at osvdb.org/15571

Oracle Collaboration Suite Calendar Component Unspecified Disclosure

Oracle Collaboration Server contains a flaw related to the calendar component that may allow an attacker to gain unauthorized access to information. No further details have been provided.. Read more at osvdb.org/15603

Oracle Collaboration Suite Conferencing Local Unauthenticated Issue

Oracle Collaboration Suite contains a flaw related to the conferencing component that may allow an unauthenticated attacker to compromise the integrity or confidentiality of the server. No further details have been provided.. Read more at osvdb.org/15610

Oracle Collaboration Suite Email Server Unspecified NNTP DoS

Oracle Collaboration Suite contains a flaw related to the email server and NNTP protocol that may allow an attacker to cause a denial of service. No further details have been provided.. Read more at osvdb.org/15596

Oracle E-Business Suite Unspecified Remote Issue

Oracle E-Business Suite contains an unspecified flaw that may allow an attacker to compromise the integrity or confidentiality of the system. No further details have been provided.. Read more at osvdb.org/15583

Multiple Linux Kernel IOCTL Handlers Local Memory Corruption Vulnerabilities

The Linux kernel raw device and pktcdvd block device ioctl handlers are reported prone to local kernel-based memory corruption vulnerabilities. The issues manifest due to…. Read more at securityfocus.com/bid/13651?ref=rss

JGS-Portal Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

JGS-Portal is a portal plug-in for Woltlab Burning Board. It is implemented in PHP.JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilitie…. Read more at securityfocus.com/bid/13650?ref=rss

WoltLab Burning Board Verify_email Function SQL Injection Vulnerability

WoltLab Burning Board is a free Web based bulletin board package based on PHP and MySQL. WoltLab Burning Board is prone to an SQL injection vulnerability. This issue i…. Read more at securityfocus.com/bid/13643?ref=rss

Adobe Version Cue Local Privilege Escalation Vulnerability

Adobe Version Cue is a product designed to manage document versions for Adobe products. It should be noted that this issue is reported to only affect Adobe product runnin…

. Read more at securityfocus.com/bid/11833?ref=rss

NPDS THOLD Parameter SQL Injection Vulnerability

NPDS is a forum software written in PHP.NPDS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-sup…. Read more at securityfocus.com/bid/13649?ref=rss

DotNetNuke User Registration Information HTML Injection Vulnerability

DotNetNuke (formerly known as the IBuySpy Workshop) is a web based content management system.DotNetNuke is prone to an HTML injection vulnerability. This issue is due …. Read more at securityfocus.com/bid/13644?ref=rss

[SePro Bugtraq] WBB Portal – JGS-Portal <= 3.0.2 – Multiple Vulnerabilities (09.05.05)

Sender: [deluxe at security-project dot org]

. Read more at securityfocus.com/archive/1/398315?ref=rss

Mac OS X – Adobe Version Cue local root exploit [c version exploit]

Sender: ali reza AcTiOnSpIdEr [actionspider at gmail dot com]. Read more at securityfocus.com/archive/1/398314?ref=rss

Pico Server (pServ) Local Information Disclosure

Sender: Claus R dot F dot Overbeck [bugtraq at clausrfoverbeck dot de]. Read more at securityfocus.com/archive/1/398297?ref=rss

Pico Server (pServ) Information Disclosure Of CGI Sources

Sender: Claus R dot F dot Overbeck [bugtraq at clausrfoverbeck dot de]

. Read more at securityfocus.com/archive/1/398290?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software