Network Security News – Saturday, December 24, 2005 Events
AlstraSoft EPay Enterprise products.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the products.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21892
AlstraSoft EPay Enterprise forgot.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the forgot.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21889
AlstraSoft EPay Enterprise escrow.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the escrow.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21890
AlstraSoft EPay Enterprise donations.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the donations.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21891
AlstraSoft EPay Enterprise card.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the card.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21884
AlstraSoft EPay Enterprise bank.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the bank.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21885
AlstraSoft EPay Enterprise subscriptions.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the subscriptions.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21886
AlstraSoft EPay Enterprise send.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the send.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21887
AlstraSoft EPay Enterprise request.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the request.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21888
AlstraSoft EPay Enterprise profile.htm Unspecified XSS
EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the profile.htm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21883
Vuln: Epic Designs Eggblog Search.PHP Cross-Site Scripting Vulnerability
Epic Designs Eggblog Search.PHP Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/16056
Vuln: AlstraSoft EPay Enterprise Multiple HTML Injection Vulnerabilities
AlstraSoft EPay Enterprise Multiple HTML Injection Vulnerabilities. Read more at securityfocus.com/bid/16055
Vuln: ShopCentrik ShopEngine EXPS Parameter Cross-Site Scripting Vulnerability
ShopCentrik ShopEngine EXPS Parameter Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/16054
Vuln: Real Web Solution Statistics Counter Service SQL Injection Vulnerability
Real Web Solution Statistics Counter Service SQL Injection Vulnerability. Read more at securityfocus.com/bid/16052
[SECURITY] [DSA 926-2] New ketm packages fix privilege escalation
[SECURITY] [DSA 926-2] New ketm packages fix privilege escalation. Read more at securityfocus.com/archive/1/420157
[TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB
[TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB. Read more at securityfocus.com/archive/1/420159
RE: Webwasher CSM Appliance Script Security Restriction Bypass
RE: Webwasher CSM Appliance Script Security Restriction Bypass. Read more at securityfocus.com/archive/1/420158
Multiple Network-related Vulnerabilities in Electric Sheep
Multiple Network-related Vulnerabilities in Electric Sheep. Read more at securityfocus.com/archive/1/420161
Leave a Reply