• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Novell Client Login Field Clipboard Content Disclosure

Network Security News – Friday, May 26, 2006 Events

Novell Client Login Field Clipboard Content Disclosure

Novell Client contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the Novell client Login dialog box failure to restrict access to the contents of the clipboard when the system is "locked". It can be possible to disclose the text contents of the current user's clipboard by pasting it into the "User Name" field, or to change the clipboard's content by performing a copy from the "User Name" field information.. Read more at osvdb.org/25760

Sugar Suite Multiple Script sugarEntry Global Variable Remote File Inclusion

Sugar Suite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to multiple scripts in the "modules" directory not properly sanitizing user input supplied to the "sugarEntry" gloabl variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25532

UBB.threads addpost_newpoll.php thispath Variable Remote File Inclusion

UBB.threads contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to addpost_newpoll.php not properly sanitizing user input supplied to the 'thispath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25714

phpListPro config.php Language Cookie Parameter Local File Inclusion

phpListPro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to config.php not properly sanitizing user input supplied to the "Language" cookie variable. This may allow an attacker to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25694

phpMyDirectory cron.php ROOT_PATH Variable Remote File Inclusion

phpMyDirectory contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to cron.php not properly sanitizing user input supplied to the "ROOT_PATH" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25698

UseBB Member List Search SQL Injection

UseBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the the member list search not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25685

Stylish Text Ads tr1.php id Variable SQL Injection

Stylish Text Ads contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the tr1.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25691

UseBB Date Format XSS

UseBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables related to the user date format. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25684

Stylish Text Ads advertise.php XSS

Stylish Text Ads contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate an unspecified variable upon submission to the advertise.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25692

singapore index.php image Variable XSS

Singapore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'image' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25706

Vuln: Easy Software Products CUPS Access Control List Bypass Vulnerability

Easy Software Products CUPS Access Control List Bypass Vulnerability. Read more at securityfocus.com/bid/14265

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software