Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Phpclanwebsite index.php par Variable SQL Injection

Network Security News – Sunday, January 29, 2006 Events

Phpclanwebsite index.php par Variable SQL Injection

Phpclanwebsite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "par" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22720

Imp Webmail status.php3 message Variable XSS

Imp Webmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'status.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/668

Helm Web Hosting Control Panel forgotPassword.asp txtEmailAddress Variable XSS

Helm Web Hosting Control Panel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'txtEmailAddress' variable upon submission to the 'forgotPassword.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22454

E-Post Multiple Product SMTP Multiple AUTH Command Remote Overflow

A remote overflow exists in E-Post. The SMTP service fails to check the length of the username supplied to the AUTH PLAIN and AUTH LOGIN commands, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/22761

E-Post Multiple Product IMAP DELETE Command Mailbox Name Overflow DoS

E-Post contains a flaw that may allow a remote denial of service. The issue is triggered when the IMAP service receives a DELETE command with a long mailbox name, and will result in loss of availability for the service.. Read more at osvdb.org/22763

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *