• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

phpSurveyor question.php Path Disclosure

Network Security News – Saturday, July 23, 2005 Events

phpSurveyor question.php Path Disclosure

phpSurveyor contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker requests the question.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/18086

phpSurveyor dumpsurvey.php sid Variable SQL Injection

phpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumpsurvey.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18107

Website Generator confirm.php theme Variable XSS

Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the confirm.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18160

phpSurveyor browse.php Multiple Variable XSS

phpSurveyor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sid', 'start', or 'id' variables upon submission to the browse.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18095

phpSurveyor dumplabel.php lid Variable SQL Injection

phpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumplabel.php script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18099

Website Generator table.php theme Variable XSS

Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the table.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18158

Contrexx CMS Gallery Module pId Variable SQL Injection

Contrexx CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gallery module not properly sanitizing user-supplied input to the 'pld' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18167

phpSurveyor html.php Direct Request Path Disclosure

phpSurveyor contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker makes a direct request to the html.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/18089

Ultimate PHP Board (UPB) top.php css Variable XSS

Ultimate PHP Board (UPB) Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'css' variable upon submission to the top.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18145

Website Generator spaw_control.class.php Direct Request Path Disclosure

Website Generator contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker makes a dierct request to the spaw_control.class.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/18155

Vuln: ASN Guestbook Multiple Cross-Site Scripting Vulnerabilities

ASN Guestbook Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/14356

Vuln: Oracle July Security Update Multiple Vulnerabilities

Oracle July Security Update Multiple Vulnerabilities. Read more at securityfocus.com/bid/14238

Vuln: Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities

Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities

. Read more at securityfocus.com/bid/14242

Vuln: Zlib Compression Library Decompression Denial Of Service Vulnerability

Zlib Compression Library Decompression Denial Of Service Vulnerability. Read more at securityfocus.com/bid/14340

[Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package

[Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package. Read more at securityfocus.com/archive/1/406293

Advisory 11/2005: Multiple vulnerabilities in Contrexx

Advisory 11/2005: Multiple vulnerabilities in Contrexx. Read more at securityfocus.com/archive/1/406262

Re: Oracle and setting the record straight

Re: Oracle and setting the record straight

. Read more at securityfocus.com/archive/1/406268

Re: RE: Peter Gutmann data deletion theaory?

Re: RE: Peter Gutmann data deletion theaory?. Read more at securityfocus.com/archive/1/406284

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software