• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

XML-RPC for PHP (PHPXMLRPC) parseRequest() Function Arbitrary PHP Code Execution

Network Security News – Saturday, July 09, 2005 Events

XML-RPC for PHP (PHPXMLRPC) parseRequest() Function Arbitrary PHP Code Execution

XML-RPC९rψP�HPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the 'parseRequest()' function not properly sanitizing user-supplied input. By creating an XML file that uses single quotes to escape into the 'eval()' call, a remote attacker can execute arbitrary PHP code resulting in a loss of integrity.. Read more at osvdb.org/17793

Xerox WorkCentre Unspecified Authentication Bypass

Xerox WorkCentre contains an unspecified flaw that may allow a malicious user to bypass authentication. No further details have been provided.. Read more at osvdb.org/17765

Xerox WorkCentre Crafted HTTP Request DoS

Xerox WorkCentre contains a flaw that may allow a remote denial of service. The issue is triggered when specially constructed HTTP requests are sent to the embedded web server, and will result in loss of availability for the device.. Read more at osvdb.org/17766

AutoIndex PHP Script index.php search Variable XSS

Autoindex PHP script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "search" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17753

Covide Groupware-CRM User ID SQL Injection

Covide Groupware-CRM contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to a script not properly sanitizing user-supplied input to the 'User ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17752

pngcntrp kaiseki.cgi Arbitrary Command Execution

pngcntrp contains a flaw that may allow a malicious user to execute arbitrary commands. This flaw exists because the application does not validate input upon submission to the kaiseki.cgi script It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.. Read more at osvdb.org/17784

MediaWiki Page Move Template XSS

MediaWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate an unspecified parameter upon submission to the page move template. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17763

Microsoft IE PNG Image Processing Arbitrary Code Execution

A remote overflow exists in Windows. Internet Explorer fails to validate PNG files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17313

Multiple Unix Vendor rlogin -froot Remote Authentication Bypass

The rlogin command of multiple Unix vendor contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when using the '-froot' parameter, which allows a remote attacker to gain root access on a system without being prompted for a password resulting in a loss of integrity.. Read more at osvdb.org/1007

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software