Network Security News – Wednesday, December 28, 2005 Events
ProjectApp search_employees.asp keywords Variable XSS
ProjectApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable upon submission to the search_employees.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21963
ProjectApp pmprojects.asp projectid Variable XSS
ProjectApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'projectid' variable upon submission to the pmprojects.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21966
ProjectApp login.asp ret_page Variable XSS
ProjectApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ret_page' variable upon submission to the login.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21967
ProjectApp default.asp skin_number Variable XSS
ProjectApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'skin_number' variable upon submission to the default.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21968
ProjectApp links.asp keywords Variable XSS
ProjectApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable upon submission to the links.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21965
ProjectApp forums.asp keywords Variable XSS
ProjectApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable upon submission to the forums.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21962
ProjectApp cat.asp keywords Variable XSS
ProjectApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable upon submission to the cat.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21964
Community Enterprise docWindow.cfm documentFormatId Variable SQL Injection
Community Enterprise contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'docWindow.cfm' script not properly sanitizing user-supplied input to the 'documentFormatId' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21969
bitweaver message_box.php sort_mode Variable SQL Injection
bitweaver contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the message_box.php script not properly sanitizing user-supplied input to the 'sort_mode' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21922
bitweaver list_galleries.php sort_mode Variable XSS
bitweaver contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sort_mode' variable upon submission to the list_galleries.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21924
Vuln: Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability
Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability. Read more at securityfocus.com/bid/16074
Leave a Reply