Network Security News – Thursday, June 29, 2006 Events
Ultimate eShop index.cgi subid Variable XSS
Ultimate eShop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'subid' variable upon submission to the index.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26746
Ultimate Estate index.pl cat Variable XSS
Ultimate Estate contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' variable upon submission to the index.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26741
Ultimate Estate index.pl id Variable SQL Injection
Ultimate Estate contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the index.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26740
NC LinkList index.php Multiple Variable XSS
NC LinkList contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' and 'view' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26675
Open-Realty index.php sorttype Variable SQL Injection
Open-Realty contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'sorttype' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26694
Docebo CMS util.media.php GLOBALS[where_cms] Variable Remote File Inclusion
docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to util.media.php not properly sanitizing user input supplied to the GLOBALS[where_cms] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26709
Docebo CMS news_class.php GLOBALS[where_framework] Variable Remote File Inclusion
docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to news_class.php not properly sanitizing user input supplied to the GLOBALS[where_framework] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26707
Docebo CMS content_class.php GLOBALS[where_framework] Variable Remote File Inclusion
docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to content_class.php not properly sanitizing user input supplied to the GLOBALS[where_framework] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26708
Docebo CMS class.definition.php GLOBALS[where_lms] Variable Remote File Inclusion
docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.definition.php not properly sanitizing user input supplied to the GLOBALS[where_lms] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26712
Docebo CMS scorm_utils.php GLOBALS[where_lms] Variable Remote File Inclusion
docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to scorm_utils.php not properly sanitizing user input supplied to the GLOBALS[where_lms] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26713
Vuln: Apple Mac OS X Multiple Security Vulnerabilities
Apple Mac OS X Multiple Security Vulnerabilities. Read more at securityfocus.com/bid/18686
Vuln: Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities
Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/18436
Vuln: Mutt BROWSE_GET_NAMESPACE IMAP Namespace Processing Remote Buffer Overflow Vulnerability
Mutt BROWSE_GET_NAMESPACE IMAP Namespace Processing Remote Buffer Overflow Vulnerability
. Read more at securityfocus.com/bid/18642
Leave a Reply