VBZooM login.php UserID Variable XSS

Network Security News – Thursday, August 18, 2005 Events

VBZooM login.php UserID Variable XSS

VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserID' variable upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18663

VBZooM profile.php UserName Variable XSS

VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserName' variable upon submission to the 'profile.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18662

Xoops comment_edit.php cid Variable XSS

Xoops contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cid' variable upon submission to the 'comment_edit.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17634

Xoops newbb Module edit.php order Variable XSS

Xoops contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'order' variable upon submission to the 'edit.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17633

cPanel cpsrvd.pl user Variable XSS

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user' variable upon submission to the 'cpsrvd.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17399

DVBBS boardhelp.asp Multiple Variable XSS

DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'view' and 'act' variables upon submission to the 'boardhelp.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18512

DVBBS dispbbs.asp page Variable XSS

DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'dispbbs.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18679

DVBBS dispuser.asp name Variable XSS

DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' variable upon submission to the 'dispuser.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18680

DVBBS showerr.asp action Variable XSS

DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action' variable upon submission to the 'showerr.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18110

Jax Calendar calendar.inc.php Multiple Variable XSS

Jax Calendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'Y', 'm', 'd', 'cal_id', 'language', 'gmt_ofs' and 'view' variables upon submission to the 'calendar.inc.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18585

Vuln: PHPFreeNews Multiple Cross-Site Scripting Vulnerabilities

PHPFreeNews Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/14590

Vuln: PHPTB Topic Board Multiple Remote File Include Vulnerabilities

PHPTB Topic Board Multiple Remote File Include Vulnerabilities. Read more at securityfocus.com/bid/14592

Vuln: Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability

Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability

. Read more at securityfocus.com/bid/14594

Vuln: Mediabox404 Login_Admin_Mediabox404.PHP SQL Injection Vulnerability

Mediabox404 Login_Admin_Mediabox404.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/14593

Internet Explorer 6 Meta Refresh Parsing Weakness

Internet Explorer 6 Meta Refresh Parsing Weakness. Read more at securityfocus.com/archive/1/408426

Buffer-overflow in Chris Moneymaker’s World Poker Championship 1.0

Buffer-overflow in Chris Moneymaker’s World Poker Championship 1.0. Read more at securityfocus.com/archive/1/408416

NOVL-2005010098073 GroupWise Password Caching

NOVL-2005010098073 GroupWise Password Caching

. Read more at securityfocus.com/archive/1/408413

MSN Messenger Password Decrypter for WinXP/2003

MSN Messenger Password Decrypter for WinXP/2003. Read more at securityfocus.com/archive/1/408425