Network Security News – Monday, March 27, 2006 Events
dotNetBB iforget.aspx Email Field XSS
dotNetBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'em' variable upon submission to the iforget.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24122
uniForum wbadmlog.aspx Multiple Field XSS
uniForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'txtuser' and 'txtemail' variables upon submission to the wbadmlog.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24123
ssCMS search.aspx keywords Variable XSS
ssCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable upon submission to the search.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24120
Mac OS X automount Reserved Name File System Mount
Mac OS X contains an unspecified flaw related to the automount daemon that may allow a malicious file server to cause a denial of service or execute arbitrary code. No further details have been provided.. Read more at osvdb.org/23640
Leave a Reply