Network Security News – Thursday, August 18, 2005 Events
VBZooM login.php UserID Variable XSS
VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserID' variable upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18663
VBZooM profile.php UserName Variable XSS
VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserName' variable upon submission to the 'profile.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18662
Xoops comment_edit.php cid Variable XSS
Xoops contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cid' variable upon submission to the 'comment_edit.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17634
Xoops newbb Module edit.php order Variable XSS
Xoops contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'order' variable upon submission to the 'edit.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17633
cPanel cpsrvd.pl user Variable XSS
cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user' variable upon submission to the 'cpsrvd.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17399
DVBBS boardhelp.asp Multiple Variable XSS
DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'view' and 'act' variables upon submission to the 'boardhelp.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18512
DVBBS dispbbs.asp page Variable XSS
DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'dispbbs.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18679
DVBBS dispuser.asp name Variable XSS
DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' variable upon submission to the 'dispuser.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18680
DVBBS showerr.asp action Variable XSS
DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action' variable upon submission to the 'showerr.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18110
Jax Calendar calendar.inc.php Multiple Variable XSS
Jax Calendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'Y', 'm', 'd', 'cal_id', 'language', 'gmt_ofs' and 'view' variables upon submission to the 'calendar.inc.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18585
Vuln: PHPFreeNews Multiple Cross-Site Scripting Vulnerabilities
PHPFreeNews Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/14590
Vuln: PHPTB Topic Board Multiple Remote File Include Vulnerabilities
PHPTB Topic Board Multiple Remote File Include Vulnerabilities. Read more at securityfocus.com/bid/14592
Vuln: Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
. Read more at securityfocus.com/bid/14594
Vuln: Mediabox404 Login_Admin_Mediabox404.PHP SQL Injection Vulnerability
Mediabox404 Login_Admin_Mediabox404.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/14593
Internet Explorer 6 Meta Refresh Parsing Weakness
Internet Explorer 6 Meta Refresh Parsing Weakness. Read more at securityfocus.com/archive/1/408426
Buffer-overflow in Chris Moneymaker’s World Poker Championship 1.0
Buffer-overflow in Chris Moneymaker’s World Poker Championship 1.0. Read more at securityfocus.com/archive/1/408416
NOVL-2005010098073 GroupWise Password Caching
NOVL-2005010098073 GroupWise Password Caching
. Read more at securityfocus.com/archive/1/408413
MSN Messenger Password Decrypter for WinXP/2003
MSN Messenger Password Decrypter for WinXP/2003. Read more at securityfocus.com/archive/1/408425
Leave a Reply