Network Security News – Wednesday, April 06, 2005 Events
Spymac WebOS network.php tos Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tos' variable upon submission to the network.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15255
Spymac WebOS newpoll.php Multiple Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'threadid' or 'catid' variables upon submission to the newpoll.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15254
Spymac WebOS manager.php Multiple Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'myforums', 'ppp', 'c', 'favs' or 'typ' variables upon submission to the manager.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15253
Spymac WebOS newthread.php Multiple Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'threadid' or 'catid' variables upon submission to the newthread.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15252
Spymac WebOS newreply.php threadid Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'threadid' variable upon submission to the newreply.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15251
Spymac WebOS threadlist.php catid Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'catid' variable upon submission to the threadlist.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15250
Spymac WebOS showthread.php threadid Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'threadid' variable upon submission to the showthread.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15249
Spymac WebOS notes.php Multiple Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'outbox', 'inbox', 'pmform', 'ppp' or 'totalPms' variables upon submission to the notes.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15248
Spymac WebOS upload_picture.php poll Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'poll' variable upon submission to the upload_picture.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15247
Spymac WebOS show_pics.php Multiple Variable XSS
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'catid' or 'split' variables upon submission to the show_pics.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15246
Leave a Reply