Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Gracenote CDDBControl ActiveX Control Option String Overflow

Network Security News – Tuesday, July 04, 2006 Events

Gracenote CDDBControl ActiveX Control Option String Overflow

A remote overflow exists in Gracenote CDDBControl ActiveX Control. The Gracenote CDDB fails to handle long option string resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/26874

Community Architect Guestbook guest Script XSS

Community Architect Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate any input upon submission to the cgi-bin/guest script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24784

MyBulletinBoard (MyBB) editpost.php Cross-Site Request Forgery

MyBulletinBoard (MyBB) contains a flaw that may allow a malicious user to delete posts via HTTP GET requests. The issue is triggered when a malicious post containing a specially crafted 'img' tag is handled by editpost.php script. It is possible that the flaw may allow a non-privileged user to delete arbitrary forum post resulting in a loss of integrity.. Read more at osvdb.org/26807

MF Piadas admin/admin.php page Variable XSS

MF Piadas contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'page' variable upon submission to the admin/admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26868

MF Piadas admin/admin.php page Variable Remote File Inclusion

MF Piadas contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/admin.php not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26867