Network Security News – Tuesday, November 29, 2005 Events
Helpdesk Issue Manager find.php Multiple Variable SQL Injection
HelpDesk Issue Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the find.php script not properly sanitizing user-supplied input to several variables (id, detail[], orderdir and orderby). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21115
e-Quick Cart shopprojectlogin.asp strpemail Variable SQL Injection
e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shopprojectlogin.asp' script not properly sanitizing user-supplied input to the 'strpemail' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20998
e-Quick Cart shopprojectlogin.asp strpid Variable XSS
e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strpid' variable upon submission to the 'shopprojectlogin.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20995
e-Quick Cart shoptellafriend.asp Custname Variable XSS
e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Custname' variable upon submission to the 'shoptellafriend.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20996
e-Quick Cart shoptellafriend.asp id Variable SQL Injection
e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shoptellafriend.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20999
e-Quick Cart shopmaillist.asp strfirstname Variable XSS
e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strfirstname' variable upon submission to the 'shopmaillist.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20994
e-Quick Cart shopgift.asp strgifttoname Variable XSS
e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strgifttoname' variable upon submission to the 'shopgift.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20993
e-Quick Cart shopaddtocart.asp productid Variable SQL Injection
e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shopaddtocart.asp' script not properly sanitizing user-supplied input to the 'productid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20997
blogBuddies index.php u Variable XSS
blogBuddies contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'u' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21111
blogBuddies magpie_slashbox.php rss_url Variable XSS
blogBuddies contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'rss_url' variable upon submission to the 'magpie_slashbox.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21113
Vuln: SearchSolutions Multiple Products Cross-Site Scripting Vulnerabilities
SearchSolutions Multiple Products Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/15612
Vuln: Microsoft Windows SynAttackProtect Predictable Hash Remote Denial of Service Vulnerability
Microsoft Windows SynAttackProtect Predictable Hash Remote Denial of Service Vulnerability. Read more at securityfocus.com/bid/15613
Vuln: PHP Doc System Local File Include Vulnerability
PHP Doc System Local File Include Vulnerability. Read more at securityfocus.com/bid/15611
Vuln: GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
GuppY Multiple Local File Include and Information Disclosure Vulnerabilities. Read more at securityfocus.com/bid/15610
Re: – Cisco IOS HTTP Server code injection/execution vulnerability
Re: – Cisco IOS HTTP Server code injection/execution vulnerability-. Read more at securityfocus.com/archive/1/417949
Core FORCE and OpenBSD PF’s
Core FORCE and OpenBSD PF’s. Read more at securityfocus.com/archive/1/417965
Flaw in Syn Attack Protection on non-updated Microsoft OSes can lead to DoS
Flaw in Syn Attack Protection on non-updated Microsoft OSes can lead to DoS. Read more at securityfocus.com/archive/1/417952
What is wrong with these people?
What is wrong with these people?. Read more at securityfocus.com/archive/1/417948
Leave a Reply