• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Professional Home Page Tools Login Script Multiple Variable XSS

Network Security News – Friday, July 28, 2006 Events

Professional Home Page Tools Login Script Multiple Variable XSS

Professional Home Page Tools contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "name", "vorname", and "nachname" variables upon submission to the Login script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27522

LinksCaffe links.php Multiple Variable SQL Injection

LinksCaffe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the links.php script not properly sanitizing user-supplied input to the 'cat', 'link_id', 'newdays', and 'offset' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database. When the magic_quote_gpc PHP option is disabled an attacker may use this flaw to create a shell in a writable folder that can be used to run arbitrary commands.

Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/27518

LinksCaffe counter.php tablewidth Variable XSS

LinksCaffe contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tablewidth' variable upon submission to the counter.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27519

LinksCaffe links.php newdays Variable XSS

LinksCaffe contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'newdays' variable upon submission to the links.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27520

LinksCaffe menu.inc.php Multiple Variable XSS

LinksCaffe contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tableborder', 'menucolor', 'textcolor' and 'bodycolor' variables upon submission to the menu.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27521

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software