Ideal BB.NET forums.aspx catID Variable XSS

Network Security News – Wednesday, December 14, 2005 Events

Ideal BB.NET forums.aspx catID Variable XSS

BB.NET contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'catID' variables upon submission to the forums.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21514

Ideal BB.NET categoryindex.aspx boardID Variable XSS

BB.NET contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'boardID' variables upon submission to the categoryindex.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21512

Ideal BB.NET member.aspx memberID Variable XSS

BB.NET contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'memberID' variables upon submission to the member.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21515

Ideal BB.NET topics.aspx Multiple Variable XSS

BB.NET contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'forumID', 'boardID' and 'topicRepeater1-p' variables upon submission to the topics.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21511

MyBulletinBoard (MyBB) Unspecified Issue

MyBulletinBoard contains an unspecified flaw with an unspecified impact. No further details have been provided.. Read more at osvdb.org/21601

MyBulletinBoard (MyBB) Unspecified SQL Injection

MyBulletinBoard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input to the unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21600

CF_Nuke index.cfm Multiple Variable Local File Inclusion

CF-Nuke contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.cfm not properly sanitizing user input supplied to the 'sector' and 'page' variables for .cfm files. This may allow an attacker to include a .cfm file from the local host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/21505

CF_Nuke index.cfm Multiple Variable XSS

CF_Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'topic', 'cat' and 'newsid' variables upon submission to the index.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21507

CF_Nuke index.cfm newsid Variable SQL Injection

CF_Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.cfm script not properly sanitizing user-supplied input to the 'newsid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21506

Netref index.php cat Variable SQL Injection

Netref contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'cat' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21623

Vuln: Mantis View_filters_page.PHP Cross-Site Scripting Vulnerability

Mantis View_filters_page.PHP Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/15842

Vuln: mcGallery PRO Multiple Input Validation Vulnerabilities

mcGallery PRO Multiple Input Validation Vulnerabilities. Read more at securityfocus.com/bid/15845

Vuln: Snipe Gallery Multiple Input Validation Vulnerabilities

Snipe Gallery Multiple Input Validation Vulnerabilities. Read more at securityfocus.com/bid/15844

Vuln: Plogger Index.PHP Multiple Input Validation Vulnerabilities

Plogger Index.PHP Multiple Input Validation Vulnerabilities. Read more at securityfocus.com/bid/15839

Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation

Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation. Read more at securityfocus.com/archive/1/419390

ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug

ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug. Read more at securityfocus.com/archive/1/419393

Secunia Research: Internet Explorer Suppressed "Download Dialog"Vulnerability

Secunia Research: Internet Explorer Suppressed "Download Dialog"Vulnerability. Read more at securityfocus.com/archive/1/419395

[EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability

[EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability. Read more at securityfocus.com/archive/1/419377