• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

PHP-Fusion submit.php Multiple Variable XSS

Network Security News – Saturday, July 02, 2005 Events

PHP-Fusion submit.php Multiple Variable XSS

PHP-Fusion contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate news_body, article_description, and article_body variables upon submission to the submit.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17611

Comdev News Publisher wce.editnews.php s_type Variable XSS

Comdev News Publisher contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's_type' variable upon submission to the wce.editnews.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. This flaw requires administrative access to exploit.. Read more at osvdb.org/17651

Golden FTP Server Pro LS Command Traversal Information Disclosure

Golden FTP Server Pro contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an input validation error in the handling of the LS command. By changing directory to a share and then passing "\.." as an argument to the LS command, it will disclose the contents of the application directory (e.g. containing files with names of valid users) resulting in a loss of confidentiality.. Read more at osvdb.org/17678

Golden FTP Server Pro Nonexistant File Request Path Disclosure

Golden FTP Server Pro contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by changing to a share directory and then attempting to retrieve a non-existant file, which will disclose the absolute path of a share resulting in a loss of confidentiality.. Read more at osvdb.org/17679

Microsoft Site Server driver.asp Information Disclosure

Microsoft Site Server contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when using the 'LDAP_Anonymous' account and accessing the 'driver.asp' script, which will disclose installed ODBC drivers resulting in a loss of confidentiality.. Read more at osvdb.org/17654

Microsoft Site Server domain.asp Information Disclosure

Microsoft Site Server contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when using the 'LDAP_Anonymous' account and accessing the 'domain.asp' script, which will disclose the server's involved domain names resulting in a loss of confidentiality.. Read more at osvdb.org/17653

Microsoft Site Server findserver.asp Information Disclosure

Microsoft Site Server contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when using the 'LDAP_Anonymous' account and accessing the 'findserver.asp' script, which will disclose installed Site Server components resulting in a loss of confidentiality.. Read more at osvdb.org/17652

Microsoft Site Server DSN.asp Information Disclosure

Microsoft Site Server contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when using the 'LDAP_Anonymous' account and accessing the 'DSN.asp' script, which will disclose the Data Source Names (DSN) for selected ODBC drivers resulting in a loss of confidentiality.. Read more at osvdb.org/17655

Microsoft Site Server UserManager.asp Arbitrary LDAP Modification

Microsoft Site Server contains a flaw that may allow a remote attacker to arbitrarily modify the LDAP configuration. The issue is triggered when using the 'LDAP_Anonymous' account and accessing the 'UserManager.asp' script, which may allow a remote attacker to arbitrarily create, modify and/or delete LDAP users resulting in a loss of integrity.. Read more at osvdb.org/17657

Microsoft Site Server LDAP_Anonymous Account Default Password

By default, Microsoft Site Server installs with a default password. The 'LDAP_Anonymous' account has a password of 'LdapPassword_1' which is publicly known and documented. This allows attackers to trivially access the system.. Read more at osvdb.org/831

Vuln: XML-RPC for PHP Remote Code Injection Vulnerability

XML-RPC for PHP Remote Code Injection Vulnerability. Read more at securityfocus.com/bid/14088

Vuln: OpenLDAP TLS Plaintext Password Vulnerability

OpenLDAP TLS Plaintext Password Vulnerability. Read more at securityfocus.com/bid/14125

Vuln: PADL Software PAM_LDAP TLS Plaintext Password Vulnerability

PADL Software PAM_LDAP TLS Plaintext Password Vulnerability

. Read more at securityfocus.com/bid/14126

Vuln: OSTicket Multiple Input Validation Vulnerabilities

OSTicket Multiple Input Validation Vulnerabilities. Read more at securityfocus.com/bid/14127

/dev/random is probably not

/dev/random is probably not. Read more at securityfocus.com/archive/1/403986

TSLSA-2005-0031 – multi

TSLSA-2005-0031 – multi. Read more at securityfocus.com/archive/1/403989

[SECURITY ALERT] osTicket bugs

[SECURITY ALERT] osTicket bugs

. Read more at securityfocus.com/archive/1/403990

PHPXMLRPC Remote Code Execution

PHPXMLRPC Remote Code Execution. Read more at securityfocus.com/archive/1/403987

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software