• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

KnowledgeTree Open Source view.php fDocumentId Variable XSS

Network Security News – Tuesday, June 13, 2006 Events

KnowledgeTree Open Source view.php fDocumentId Variable XSS

KnowledgeTree Open Source contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fDocumentId' variable upon submission to the view.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26179

KnowledgeTree Open Source search/simpleSearch.php fSearchableText Variable XSS

KnowledgeTree Open Source contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fSearchableText' variable upon submission to the search/simpleSearch.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26180

myNewsletter validatelogin.asp UserName Variable SQL Injection

myNewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the validatelogin.asp script not properly sanitizing user-supplied input to the 'UserName' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26274

myNewsletter adminLogin.asp UserName Variable SQL Injection

myNewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the adminLogin.asp script not properly sanitizing user-supplied input to the 'UserName' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26127

e107 Unspecified SQL Injection

e107 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25739

e107 Unspecified Emailing Issue

e107 has reported an unspecified remote vulnerability in the emailing system. No more details are available.. Read more at osvdb.org/25740

Novell ZENworks Console One Remote-Diagnostics Access

Novell ZENworks for Servers contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote authenticated but unprivileged user is accessing Console One, which will allow access to Remote Diagnostic features resulting in a loss of confidentiality.. Read more at osvdb.org/21052

Novell GroupWise Client ofview File Parsing Overflow

Novell GroupWise Client contains a flaw that may allow a malicious user, if he has gained access to the post office directory, to create a buffer overflow on a client that attempted to log into the compromised post office. The issue is triggered when parsing the file containing the labels of different views. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/18298

PunkBuster WebTool webkey Authentication Overflow

A remote overflow exists in Punkbuster for Servers WebTool. The software fails to properly validate user-supplied input via the 'webkey' parameter, resulting in a buffer overflow. With a specially crafted URL, an attacker can crash the server and potentially run arbitrary code, resulting in a loss of availability and/or integrity.. Read more at osvdb.org/25738

PDF Form Filling and Flattening Tool Field Name Overflow

A overflow exists in PDF Form Filling and Flattening Tool. The PDF Form Filling and Flattening Tool fails to copy form field names to a 256 byte fixed length buffer resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitary code execution resulting in a loss of integrity.. Read more at osvdb.org/25902

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software