Network Security News – Friday, September 08, 2006 Events
Microsoft IE FTP URL Arbitrary Command Injection
Internet Explorer contains a flaw that will allow an attacker to inject arbitrary FTP commands. The problem is that the Internet Explorer URL FTP request is not verified properly and will allow an attacker to inject or manipulate FTP commands, resulting in a loss of integrity.. Read more at osvdb.org/12299
Microsoft IE Forms Multiple Object ListWidth Property Overflow
Microsoft Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a user visits a malicious web site that instanciates a Form 2.0 ActiveX component, and will result loss of availability of the browser.. Read more at osvdb.org/27372
iFlance project.php New Project Box XSS
iFlance contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate an unspecified variable upon new project box creation in the project.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26044
iFlance acc_verify.php vk Variable XSS
iFlance contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'vk' variable upon submission to the acc_verify.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26043
iFlance admincp/login.php adminU Variable XSS
iFlance contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'adminU' variable upon submission to the admincp/login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26045
iFlance action/create.php project_name Variable XSS
iFlance contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'project_name' variable upon submission to the action/create.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26047
iFlance account/login.php Multiple Variable XSS
iFlance contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' and 'password' fields upon submission to the account/login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26046
TikiWiki jhot.php File Upload Arbitrary PHP Code Execution
TikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a loss of integrity.. Read more at osvdb.org/28456
MyHeadlines for PHP_nuke myh_op Variable XSS
MyHeadlines for PHP_nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'myh_op' variable upon submission to the modules.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28463
DUportal Pro members.asp iMem Variable SQL Injection
DUportal Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the members.asp script not properly sanitizing user-supplied input to the 'iMem' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17597
Vuln: Mozilla Multiple Products Remote Vulnerabilities
Mozilla Multiple Products Remote Vulnerabilities. Read more at securityfocus.com/bid/19181
Leave a Reply