Lotus Domino Unspecified XSS

Network Security News – Saturday, October 08, 2005 Events

Lotus Domino Unspecified XSS

Lotus Domino contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19614

Gravity Board X banned.php Direct Request Path Disclosure

Gravity Board X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'banned.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18632

Gravity Board X login Field SQL Injection

Gravity Board X contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'login' field not properly sanitizing user-supplied input. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18625

Microsoft AntiSpyware Registry Extension Bypass

Microsoft AntiSpyware contains a flaw that may allow a remote attacker to bypass the registry protection. The problem is that the application does not recognize registry modifications when a file has no extension. It is possible that the flaw may allow a remote attacker to execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/19876

Gravity Board X deletethread.php board_id Variable XSS

Gravity Board X contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'board_id' variable upon submission to the 'deletethread.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18627

Gravity Board X boardstats.php Direct Request Path Disclosure

Gravity Board X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'boardstats.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18633

Gravity Board X deletethread.php Path Disclosure

Gravity Board X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the 'deletethread.php' script not properly sanitizing user-supplied input, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18629

Gravity Board X ban.php Direct Request Path Disclosure

Gravity Board X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'ban.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18630

Gravity Board X /forms/ Directory Multiple Script Path Disclosure

Gravity Board X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes direct requests to multiple scripts in the 'forms' directory, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18635

Gravity Board X addnews.php Direct Request Path Disclosure

Gravity Board X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'addnews.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18631

Vuln: SUSE Linux Multiple Local Privilege Escalation Vulnerabilities

SUSE Linux Multiple Local Privilege Escalation Vulnerabilities. Read more at securityfocus.com/bid/15040

Vuln: HylaFAX Insecure UNIX Domain Socket Usage Vulnerability

HylaFAX Insecure UNIX Domain Socket Usage Vulnerability. Read more at securityfocus.com/bid/15043

Vuln: MediaWiki History Database Corruption Vulnerability

MediaWiki History Database Corruption Vulnerability

. Read more at securityfocus.com/bid/15041

Vuln: HylaFAX Insecure Temporary File Creation Vulnerability

HylaFAX Insecure Temporary File Creation Vulnerability. Read more at securityfocus.com/bid/14907

Re: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

Re: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers. Read more at securityfocus.com/archive/1/412776

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers. Read more at securityfocus.com/archive/1/412775

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

. Read more at securityfocus.com/archive/1/412772

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers. Read more at securityfocus.com/archive/1/412773