Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

PHP-Nuke Your_Account Module ublock Variable XSS

Network Security News – Wednesday, March 01, 2006 Events

PHP-Nuke Your_Account Module ublock Variable XSS

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ublock' variable upon submission to the Your_Account Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23431

Trillian AIM Plugin Null Message DoS

Trillian contains a flaw that may allow a remote denial of service. The issue is triggered when a blank AOL AIM message is received, and will result in loss of availability for the software.. Read more at osvdb.org/23528

GA's Forum Light archive.asp Multiple Variable SQL Injection (Myth/Fake)

GA's Forum Light has been reported to contain an SQL injection issue in the archive.asp script. Subsequent testing by SecurityTracker after the vendor disputed the issue indicates the software uses flat files to store data, not a backend database. Therefore, the SQL injection report is incorrect and was likely diagnosed due to a vbscript parsing error.. Read more at osvdb.org/23509

ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS

ArGoSoft Mail Server Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the Webmail application does not validate various e-mail headers (e.g. "subject" and "from") before being displayed by the "View Headers" functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23512

FreeBSD nfsd Malformed NFS Mount Request Remote DoS

FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed mount request is received, and will result in loss of availability for the platform.. Read more at osvdb.org/23511

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *