• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

bitweaver index.php HTTP CRLF injection vulnerability

Network Security News – Monday, July 24, 2006 Events

bitweaver index.php HTTP CRLF injection vulnerability

Bitweaver contains a flaw that may allow a malicious user to conduct HTTP response splitting attacks using CRLF sequences. The issue is triggered when CRLF sequences are injected into multiple parameters in the HTTP Header of index.php including the BWSESSION parameter.. Read more at osvdb.org/26590

DoubleSpeak Multiple Script SQL Injection (Myth/Fake)

igloo DoubleSpeak has been reported to contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is reportedly due to the index.php, faq.php, and hardware.php script not properly sanitizing user-supplied input to the 'config[private]' variable. However, subsequent examination and testing indicates that input is sanitized before being used in a query removing opportunity for injection.. Read more at osvdb.org/27436

Top XL /members/index.php id Variable XSS

Top XL contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the /members/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27414

Top XL add.php Multiple Variable XSS

Top XL contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pass' and 'pass2' variables upon submission to the add.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27413

phpFaber TopSites index.php Multiple Variable SQL Injection

phpFaber TopSites contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'i_cat' and 'method' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database. Additionally, some parts of user input is echoed during SQL error output which may allow an attacker to conduct a cross-site scripting attack. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27415

FileCOPA FTP Server LIST Command Overflow

A remote or local overflow exists in FileCOPA FTP server. The server fails to handle a long (Approx 350 bytes) parameter to the LIST command resulting in a buffer overflow. With a specially crafted LIST command, an attacker can cause a denial of service or possibly execute arbitrary code.. Read more at osvdb.org/27389

Eskolar CMS upd_doc.php SQL Injection

Eskolar CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the upd_doc.php script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27399

Eskolar CMS set_12.php SQL Injection

Eskolar CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the set_12.php script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27397

Eskolar CMS set_14.php SQL Injection

Eskolar CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the set_14.php script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27398

Eskolar CMS php/esa.php Multiple Variable SQL Injection

Eskolar CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the php/esa.php script not properly sanitizing user-supplied input to the "uid" and "pwd" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27392

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software