• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

CMScout BBCode Tag XSS

Network Security News – Thursday, July 27, 2006 Events

CMScout BBCode Tag XSS

CMScout contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input to the BBCode tags. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25247

CMScout Message Body XSS

CMScout contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the forum posts or private messages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25246

vBulletin member.php u Variable XSS (Myth/Fake)

vBulletin has been reported to contain a flaw that allows a remote cross site scripting attack. This flaw supposedly exists because the application does not validate the 'u' variable upon submission to the member.php script. The vendor has disputed this report stating "userid parameter is run through our filtering system as an unsigned integer.". Read more at osvdb.org/27508

VMware Player .vmx ide1:0.fileName Parameter Overflow DoS (Myth/Fake)

EMC VMware Player contains a flaw that may allow a local denial of service. The issue is triggered when a user loads a .vmx file containing an ide1:0.fileName parameter with an overly long value, and will result in loss of availability for the the VMware instace. However, for an attacker to gain access and edit the .vmx file, it would require a level of access that would allow a wide variety of attacks. This level of access is considered to be trusted and not readily available to someone looking to launch this type of attack.. Read more at osvdb.org/27524

SiteDepth CMS constants.php SD_DIR Variable Remote File Inclusion

SiteDepth CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to constants.php script not properly sanitizing user input supplied to the 'SD_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27412

WHM AutoPilot step_one_tables.php server_inc Variable Remote File Inclusion

WHM AutoPilot contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to step_one_tables.php not properly sanitizing user input supplied to the 'server_inc' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/12695

Opera Large href Tag DoS

Opera contains a flaw that may allow a remote denial of service. The issue is triggered when the browser is used to open a web page containing an 'A' tag with a very long 'href' value, and will result in a crash of the browser.. Read more at osvdb.org/27510

Pivot edit_new.php Paths[extensions_path] Variable Remote File Inclusion

Pivot contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to edit_new.php not properly sanitizing user input supplied to the 'Paths[extensions_path]' variable. This may allow an attacker to include a file from the local host or a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27512

PhpLinkExchange index.php page Variable Remote File Inclusion

PhpLinkExchange contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php script not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27410

sNews snews.php search_query Variable XSS

sNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search_query' variables upon submission to the 'snews.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27481

Vuln: Asterisk IAX2 Remote Buffer Overflow Vulnerability

Asterisk IAX2 Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18295

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software