• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Buddy Zone view_sub_forum.php XSS

Network Security News – Saturday, July 08, 2006 Events

Buddy Zone view_sub_forum.php XSS

Buddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_sub_forum.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26986

Buddy Zone view_sub_forum.php main_cat Variable SQL Injection

Buddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_sub_forum.php script not properly sanitizing user-supplied input to the 'main_cat' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/26979

Buddy Zone view_post.php XSS

Buddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_post.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26987

Buddy Zone view_group.php XSS

Buddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_group.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26993

Buddy Zone view_group.php group_id Variable SQL Injection

Buddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_group.php script not properly sanitizing user-supplied input to the 'group_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/26985

Buddy Zone view_event.php XSS

Buddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_event.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26990

Buddy Zone view_event.php event_id Variable SQL Injection

Buddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_event.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/26982

Buddy Zone view_classifieds.php cat_id Variable SQL Injection

Buddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_classifieds.php script not properly sanitizing user-supplied input to the 'cat_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/26980

Buddy Zone view_classifieds.php XSS

Buddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_classifieds.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26988

Buddy Zone view_ad.php XSS

Buddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_ad.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26989

Vuln: TWiki Arbitrary File Upload Vulnerability

TWiki Arbitrary File Upload Vulnerability. Read more at securityfocus.com/bid/18854

Vuln: OpenOffice Arbitrary Macro Execution Vulnerability

OpenOffice Arbitrary Macro Execution Vulnerability. Read more at securityfocus.com/bid/18738

Vuln: OpenOffice Java Applet System Access Vulnerability

OpenOffice Java Applet System Access Vulnerability

. Read more at securityfocus.com/bid/18737

Vuln: OpenOffice XML File Format Buffer Overflow Vulnerability

OpenOffice XML File Format Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18739

rPSA-2006-0122-1 kernel

rPSA-2006-0122-1 kernel. Read more at securityfocus.com/archive/1/439483

PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities

PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities

. Read more at securityfocus.com/archive/1/439486

WebEx Downloader Plug-in Multiple Vulnerabilities + rant

WebEx Downloader Plug-in Multiple Vulnerabilities + rant. Read more at securityfocus.com/archive/1/439445

Pivot <=1.30rc2 privilege escalation / remote commands execution

Pivot <=1.30rc2 privilege escalation / remote commands execution. Read more at securityfocus.com/archive/1/439495

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software