Network Security News – Thursday, January 26, 2006 Events
active121 Site Manager risultati_ricerca.php cerca Variable XSS
active121 Site Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cerca' variable upon submission to the 'risultati_ricerca.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22715
Goldstag Content Management System search.asp text Variable XSS
Goldstag Content Management System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'text' variable upon submission to the 'search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22711
IdeoContent Manager index.php goto_id Variable XSS
IdeoContent Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'goto_id' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22713
IdeoContent Manager index.php Multiple Variable SQL Injection
IdeoContent Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'goto_id' and 'mid' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22714
IdeoContent Manager news_full.php page Variable XSS
IdeoContent Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'news_full.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22712
ioFTPd Login Error Message Username Enumeration
ioFTPd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to different messages being returned depending on whether or not a supplied username exists, which will disclose valid usernames resulting in a loss of confidentiality.. Read more at osvdb.org/22709
osCommerce Additional Images Module additional_images.php products_id Variable SQL Injection
osCommerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the additional_images.php script not properly sanitizing user-supplied input to the 'products_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19874
aspReady FAQ Manager Login Multiple Field SQL Injection
aspReady FAQ Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'txtLogin' and 'txtPassword' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19917
Joomla Content Submission SQL Injection
Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the content submission script not properly sanitizing user-supplied input to an unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20027
Fetchmail Bounced Message DoS
Fetchmail contains a flaw that may allow a remote denial of service. The issue is triggered when a message is bounced to the originator or the local postmaster, and will result in loss of availability for the service.. Read more at osvdb.org/22691
Vuln: Mozilla Thunderbird File Attachment Spoofing Vulnerability
Mozilla Thunderbird File Attachment Spoofing Vulnerability. Read more at securityfocus.com/bid/16271
Vuln: Fetchmail Bounced Message Denial Of Service Vulnerability
Fetchmail Bounced Message Denial Of Service Vulnerability. Read more at securityfocus.com/bid/16365
Vuln: ImageMagick Image Filename Remote Command Execution Vulnerability
ImageMagick Image Filename Remote Command Execution Vulnerability. Read more at securityfocus.com/bid/16093
Vuln: Flyspray Multiple Cross-Site Scripting Vulnerabilities
Flyspray Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/15209
Rosiello Security – Eterm-LibAST Advisory
Rosiello Security – Eterm-LibAST Advisory. Read more at securityfocus.com/archive/1/423088
Updated ipsec-tools packages fix vulnerability
Updated ipsec-tools packages fix vulnerability. Read more at securityfocus.com/archive/1/423070
Workaround for unpatched Oracle PLSQL Gateway flaw
Workaround for unpatched Oracle PLSQL Gateway flaw. Read more at securityfocus.com/archive/1/423029
[eVuln] CheesyBlog XSS Vulnerability
[eVuln] CheesyBlog XSS Vulnerability. Read more at securityfocus.com/archive/1/423023
Leave a Reply