Network Security News – Saturday, February 25, 2006 Events
NOCC Mail Attachment Predictable Temp File Name Arbitrary Command Execution
NOCC contains a flaw that allows an attacker to execute programs remotely. This flaw exists because the application chooses a predictable way to determine temporary filenames for email attachments. This could allow a user to upload a malicious script via an email attachment and execute it, leading to a loss of integrity.. Read more at osvdb.org/23420
NOCC Profile Full Name Field Arbitrary PHP Code Injection
NOCC contains a flaw that allows an attacker to execute arbitrary code remotely. This flaw exists because the application does not validate the 'full name' field in its 'profile' section. This could allow a malicious user to inject arbitrary scripting code into this field which gets executed on the server, leading to a loss of integrity.. Read more at osvdb.org/23421
NOCC /profiles/ Directory Direct Request Information Disclosure
NOCC contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the '/profiles/' directory is requested directly, which will disclose the contents of that directory, resulting in a loss of confidentiality. The contents potentially include users' emails.. Read more at osvdb.org/23422
NOCC footer.php nocc_theme Variable XSS
NOCC contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'nocc_theme' variable upon submission to the 'footer.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23423
NOCC html_bottom_table.php Multiple Variable XSS
NOCC contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page_line', 'prev' and 'next' variables upon submission to the 'html_bottom_table.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23427
NOCC no_mail.php html_no_mail Variable XSS
NOCC contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'html_no_mail' variable upon submission to the 'no_mail.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23426
NOCC error.php html_error_occurred Variable XSS
NOCC contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'html_error_occured' variable upon submission to the 'error.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23424
NOCC filter_prefs.php html_filter_select Variable XSS
NOCC contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'html_filter_select' variable upon submission to the 'filter_prefs.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23425
Leave a Reply