SupportPRO SupportDesk Ticket Multiple Field XSS

Network Security News – Sunday, November 27, 2005 Events

SupportPRO SupportDesk Ticket Multiple Field XSS

SupportPro SupportDesk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the post and view tickets parameters upon submission to the Ticket script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21088

OKBSYS Lite search.asp q Variable XSS

OKBSYS Lite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the 'search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21094

sNews index.php Multiple Variable SQL Injection

sNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' and 'category' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21093

Tunez songinfo.php song_id Variable SQL Injection

Tunez contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'songinfo.php' script not properly sanitizing user-supplied input to the 'song_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21062

VHCS Domain Alias Management Unspecified Hijack

VHCS contains a flaw related to the domain alias management when creating and deleting forwards that may allow an attacker to hijack other users' forwards. No further details have been provided.. Read more at osvdb.org/21061

SmartPPC Pro directory.php username Variable XSS

SmartPPC Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the 'directory.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21090

SmartPPC Pro frames.php username Variable XSS

SmartPPC Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the 'frames.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21091

SmartPPC Pro search.php username Variable XSS

SmartPPC Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21092

Revize CMS setWebSpace.jsp Multiple Variable XSS

Revize CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "resourcetype", "objectmap", and "redirect" variables upon submission to the setWebSpace.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20922

Orca Forum forum.php msg Variable SQL Injection

Orca Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'forum.php' script not properly sanitizing user-supplied input to the 'msg' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21085

Vuln: Q-News Remote File Include Vulnerability

Q-News Remote File Include Vulnerability. Read more at securityfocus.com/bid/15576

Vuln: PHPGreetz Remote File Include Vulnerability

PHPGreetz Remote File Include Vulnerability. Read more at securityfocus.com/bid/15575

Vuln: Athena PHP Website Administration Remote File Include Vulnerability

Athena PHP Website Administration Remote File Include Vulnerability. Read more at securityfocus.com/bid/15574

Vuln: PBLang Bulletin Board System Multiple HTML Injection Vulnerabilities

PBLang Bulletin Board System Multiple HTML Injection Vulnerabilities. Read more at securityfocus.com/bid/15573

Remote file include in Q-News

Remote file include in Q-News. Read more at securityfocus.com/archive/1/417797

Remote file include in phpgreetz

Remote file include in phpgreetz. Read more at securityfocus.com/archive/1/417798

Remote file include in Athena

Remote file include in Athena. Read more at securityfocus.com/archive/1/417796

Re: XSS on Yahoo Mail

Re: XSS on Yahoo Mail. Read more at securityfocus.com/archive/1/417794