• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Lazarus Guestbook picture.php img Variable XSS

Network Security News – Thursday, July 20, 2006 Events

Lazarus Guestbook picture.php img Variable XSS

Lazarus Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'img' variable upon submission to the picture.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27090

Lazarus Guestbook codes-english.php show Variable XSS

Lazarus Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'show' variable upon submission to the codes-english.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27089

Juniper Networks DX System Web Admin Log Script XSS

The Web Admin Log Script of Juniper's DX Application Acceleration Platform contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input submitted to the 'username' field upon submission to the login function. Values are stored unchecked in the application's log files. This could allow a user to create a specially crafted log file entriy that would execute arbitrary code in a administrator's browser within the trust relationship between the browser and the server when looking at the log files, leading to a loss of integrity.. Read more at osvdb.org/27131

Fujitsu ServerView Unspecified XSS

ServerView contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27105

HiveMail search.results.php fields[] Variable SQL Injection

HiveMail contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.results.php script not properly sanitizing user-supplied input to the 'fields[]' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27099

HiveMail search.results.php Multiple Variable Path Disclosure

HiveMail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker defines the "searchdate" and "folderids" variables in the search.results.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/27104

HiveMail read.markas.php markas Variable XSS

HiveMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'markas' variable upon submission to the read.markas.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27103

HiveMail index.php daysprune Variable XSS

HiveMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'daysprune' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27101

HiveMail compose.email.php data[to] Variable XSS

HiveMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'date[to]' variable upon submission to the compose.email.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27102

HiveMail addressbook.view.php Multiple Variable XSS

HiveMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "email", "cond", and "name" variables upon submission to the addressbook.view.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27100

Vuln: Oracle July 2006 Security Update Multiple Vulnerabilities

Oracle July 2006 Security Update Multiple Vulnerabilities. Read more at securityfocus.com/bid/19054

Vuln: Retired: Cisco Security Monitoring Analysis and Response System Multiple Vulnerabilities

Retired: Cisco Security Monitoring Analysis and Response System Multiple Vulnerabilities. Read more at securityfocus.com/bid/19071

Vuln: Noweb Insecure Temporary File Creation Vulnerability

Noweb Insecure Temporary File Creation Vulnerability

. Read more at securityfocus.com/bid/16610

Vuln: OSDate Multiple HTML Injection Vulnerabilities

OSDate Multiple HTML Injection Vulnerabilities. Read more at securityfocus.com/bid/19034

Re: imageVue16.1 upload vulnerability

Re: imageVue16.1 upload vulnerability. Read more at securityfocus.com/archive/1/440586

rPSA-2006-0133-1 libpng

rPSA-2006-0133-1 libpng

. Read more at securityfocus.com/archive/1/440594

[ GLSA 200607-06 ] libpng: Buffer overflow

[ GLSA 200607-06 ] libpng: Buffer overflow. Read more at securityfocus.com/archive/1/440585

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS). Read more at securityfocus.com/archive/1/440580

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software