• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

iPostMX 2005 userlogin.cfm RETURNURL Variable XSS

Network Security News – Monday, June 19, 2006 Events

iPostMX 2005 userlogin.cfm RETURNURL Variable XSS

iPostMX contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'RETURNURL' variable upon submission to the userlogin.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26522

iPostMX 2005 account.cfm RETURNURL Variable XSS

iPostMX contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'RETURNURL' variable upon submission to the account.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26523

PictureDis Products thumstbl.php lang Variable Remote File Inclusion

PictureDis contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to thumstbl.php not properly sanitizing user input supplied to the 'lang' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26500

PictureDis Products wallpapr.php lang Variable Remote File Inclusion

PictureDis contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to wallpapr.php not properly sanitizing user input supplied to the 'lang' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26502

PictureDis Products wpfiles.php lang Variable Remote File Inclusion

PictureDis contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to upfiles.php not properly sanitizing user input supplied to the 'lang' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26501

APBoard main.php viewcatmod Variable SQL Injection

APBoard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the main.php script not properly sanitizing user-supplied input to the 'viewcatmod' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26583

APBoard board.php PHPSESSID Variable SQL Injection

APBoard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the board.php script not properly sanitizing user-supplied input to the 'PHPSESSID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26582

phpCMS include/class.session_phpcms.php PHPCMS_INCLUDEPATH Variable Remote File Inclusion

phpCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.session_phpcms.php not properly sanitizing user input supplied to the 'PHPCMS_INCLUDEPATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26391

phpCMS parser.php PHPCMS_INCLUDEPATH Variable Remote File Inclusion

phpCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to parser.php not properly sanitizing user input supplied to the 'PHPCMS_INCLUDEPATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26389

PhpMyFactures verif.php Direct Request Path Disclosure

PhpMyFactures contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the verif.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/26486

Vuln: Typespeed Remote Buffer Overflow Vulnerability

Typespeed Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18194

Vuln: Bitweaver CMS Multiple Cross-Site Scripting Vulnerabilities

Bitweaver CMS Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/17406

Vuln: DotWidget For Articles Multiple Remote File Include Vulnerabilities

DotWidget For Articles Multiple Remote File Include Vulnerabilities

. Read more at securityfocus.com/bid/18479

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software