• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Ay System WCS main.php path[ShowProcessHandle] Variable Remote File Inclusion

Network Security News – Wednesday, August 30, 2006 Events

Ay System WCS main.php path[ShowProcessHandle] Variable Remote File Inclusion

web Content System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to main.php not properly sanitizing user input supplied to the 'path[ShowProcessHandle]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28245

Ay System WCS impressum.php path[ShowProcessHandle] Variable Remote File Inclusion

web Content System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to impressum.php not properly sanitizing user input supplied to the 'path[ShowProcessHandle]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28247

Ay System WCS home.php path[ShowProcessHandle] Variable Remote File Inclusion

web Content System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to home.php not properly sanitizing user input supplied to the 'path[ShowProcessHandle]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28246

PHP iAddressBook person.php Multiple Variable XSS

PHP iAddressBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'addresses', 'emails', 'phones', 'chathandles', 'relatesnames' and 'urls' variables upon submission to the person.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28175

LBlog comments.asp id Variable SQL Injection

LBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'comments.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28036

Linux Kernel run_posix_cpu_timers Process Timer Local DoS

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered because a CPU could attach a timer to a currently exiting process, which will result in a kernel 'oops' and therefore in loss of availability for the platform.. Read more at osvdb.org/26947

XennoBB topic_post.php icon_topic Variable SQL Injection

XennoBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'topic_post.php' script not properly sanitizing user-supplied input to the 'icon_topic' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28090

Web3news _class.security.php PHPSECURITYADMIN_PATH Variable Remote File Inclusion

Web3news contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to _class.security.php not properly sanitizing user input supplied to the 'PHPSECURITYADMIN_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28248

Links Manager admin.php nick Variable SQL Injection

Links Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin.php' script not properly sanitizing user-supplied input to the 'nick' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28066

Fotopholder index.php path Variable XSS

Fotopholder contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'path' variable upon submission to index.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28242

Vuln: PHP File Upload GLOBAL Variable Overwrite Vulnerability

PHP File Upload GLOBAL Variable Overwrite Vulnerability. Read more at securityfocus.com/bid/15250

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software