• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Microsoft IE Crafted URL Cross Domain Cookie Disclosure

Network Security News – Tuesday, August 29, 2006 Events

Microsoft IE Crafted URL Cross Domain Cookie Disclosure

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user clicks a specially crafted link on a malicious web site, which will disclose client side cookies from another domain resulting in a loss of confidentiality.. Read more at osvdb.org/1326

CubeCart gateway/Protx/confirmed.php oid Variable SQL Injection

CubeCart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'gateway/Protx/confirmed.php' script not properly sanitizing user-supplied input to the 'oid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27984

CubeCart admin/login.php email Variable XSS

CubeCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'email' variable upon submission to the /admin/login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27987

CubeCart gateway/Authorize/confirmed.php x_invoice_num Variable SQL Injection

CubeCart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'gateway/Authorize/confirmed.php' script not properly sanitizing user-supplied input to the 'x_invoice_num' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27985

Check Point VPN-1 SecuRemote Error Message Account Enumeration

Check Point VPN-1 SecuRemote contains a flaw related to the user validation process that may allow an attacker to guess existing usernames : A failed login due to an incorrect username or password will result in different responses.. Read more at osvdb.org/20210

Webvizyon Portal SayfalaAltList.asp ID Variable SQL Injection

Webvizyon Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SayfalaAltList.asp script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28192

Microsoft IE DOM Script Source Recursive DoS

Microsoft Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when user visits a maliciously crafted html page that recursively calls itself via a JavaScript function, and will result in loss of availability of the browser.. Read more at osvdb.org/2291

Microsoft IE CLSID Alteration Arbitrary Command Execution

Microsoft Internet Explorer contains a flaw related to the displaying of file extensions on links that may allow an attacker to trick a user into executing a potential dangerous file.. Read more at osvdb.org/7858

MyScrapbook txt-db-api/ Directory Multiple Script Direct Request Path Disclosure

MyScrapbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when directly requesting scripts found in the 'txt-db-api' directory, which will disclose installation path information resulting in a loss of confidentiality.. Read more at osvdb.org/26414

MyScrapbook singlepage.php Multiple Field XSS

MyScrapbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate page contents submitted to the singlepage.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26413

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software