• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Docebo Multiple Script Global Variable Remote File Inclusion

Network Security News – Saturday, May 27, 2006 Events

Docebo Multiple Script Global Variable Remote File Inclusion

Docebo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to multiple scripts not properly sanitizing user input supplied to multiple variables. This may allow an attacker to overwrite global variables to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25757

Diesel Joke Site category.php id Variable SQL Injection

Diesel Joke Site contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'category.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25769

Publicist Comment Box XSS

Publicist contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate inpu submitted to the applications comment box. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25765

Publicist Failed SQL Query Path Disclosure

Publicist contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker enters certain information into the application's login box. Using crafted input, this might lead to a failure in a SQL query which will disclose the software's installation path, resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/25762

Publicist hitlist_editorial_public_info.php visa Variable SQL Injection

Publicist contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'hitlist_editorial_public_info.php' script not properly sanitizing user-supplied input to the 'visa' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25764

Publicist info.php return Variable SQL Injection

Publicist contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'info.php' script not properly sanitizing user-supplied input to the 'return' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25763

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software