• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

hitweb genpage-cgi.php REP_INC Variable Remote File Inclusion

Network Security News – Monday, August 14, 2006 Events

hitweb genpage-cgi.php REP_INC Variable Remote File Inclusion

hitweb contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'genpage-cgi.php' script not properly sanitizing user input supplied to the 'REP_INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27880

MVCnPHP BaseCommand.php glConf[path_library] Variable Remote File Inclusion

MVCnPHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to BaseCommand.php not properly sanitizing user input supplied to the glConf[path_libraries] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27894

MVCnPHP BaseLoader.php glConf[path_library] Variable Remote File Inclusion

MVCnPHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to BaseLoader.php not properly sanitizing user input supplied to the glConf[path_libraries] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27895

MVCnPHP BaseView.php glConf[path_library] Variable Remote File Inclusion

MVCnPHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to BaseView.php not properly sanitizing user input supplied to the glConf[path_libraries] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27896

SquirrelMail compose.php Arbitrary Variable Manipulation

Squirrelmail contains a flaw that may allow a malicious user to overwrite arbitrary variables in the file compose.php. It is possible that the flaw may allow user preferences or file attachments to be overwritten, resulting in a loss of integrity.. Read more at osvdb.org/27917

ADOdb tmssql.php do Variable XSS

ADOdb contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'do' variable upon submission to the 'tmssql.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27620

Douran FollowWeb register.aspx XSS

Douran FollowWeb contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the 'register.aspx' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27918

BlogHoster previewcomment.php nickname Variable XSS

BlohHoster contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'nickname' variable upon submission to the 'previewcomment.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27886

SaralBlog view.php website XSS

SaralBlog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'website' variable upon submission to the 'view.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27907

PHPMyRing view_com.php idsite Variable SQL Injection

PHPMyRing contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'view_com.php' script not properly sanitizing user-supplied input to the 'idsite' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27881

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software