Network Security News – Sunday, December 25, 2005 Events
Pegasus Mail RFC2822 Message Display Overflow
A remote overflow exists in Pegasus Mail. Pegasus Mail fails to validate RFC2822 headers in incoming email messages, resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/21843
Free Lanparty Inter-/Intranet Portal (FLIP) forum.php frame Variable XSS
FLIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'frame' variable upon submission to the 'forum.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21789
Free Lanparty Inter-/Intranet Portal (FLIP) text.php name Variable XSS
FLIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' variable upon submission to the 'text.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21788
ODFaq faq.php Multiple Variable SQL Injection
ODFaq contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the faq.php script not properly sanitizing user-supplied input to the 'cat' and 'srcText' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21790
OpenEdit results.html Multiple Variable XSS
OpenEdit contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'page' and 'oe-action' variables upon submission to the 'results.html' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21866
Lighthouse CMS index.php search Variable XSS
Lighthouse CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21852
Mercury CMS index.cfm Multiple Variable XSS
Mercury CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'content' and 'criteria' variables upon submission to the 'index.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21863
Slashcode submit.pl filter Variable XSS
Slashcode contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'filter' variable upon submission to the 'submit.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21875
Slashcode search.pl topic Variable XSS
Slashcode contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'topic' variable upon submission to the 'search.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21874
PortalApp login.asp ret_page Variable XSS
PortalApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ret_page' variable upon submission to the 'login.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21880
Vuln: CPIO Potential Buffer Overflow Vulnerability
CPIO Potential Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/16057
Vuln: Fetchmail Missing Email Header Remote Denial of Service Vulnerability
Fetchmail Missing Email Header Remote Denial of Service Vulnerability. Read more at securityfocus.com/bid/15987
Leave a Reply