Network Security News – Thursday, April 07, 2005 Events
ProductCart techErr.asp error Variable XSS
ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error' variable upon submission to the techErr.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15268
ProductCart NewCust.asp redirectUrl Variable XSS
ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'redirectUrl' variable upon submission to the NewCust.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15266
ProductCart storelocator_submit.asp country Variable XSS
ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'country' variable upon submission to the storelocator_submit.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15267
ProductCart advSearch_h.asp Multiple Parameter SQL Injection
ProductCart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'idCategory' and 'resultCnt' variables in the advSearch_h.asp script are not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15263
ProductCart advSearch_h.asp keyword Variable XSS
ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keyword' variable upon submission to the advSearch_h.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15264
Active Auction House sendpassword.asp Title Variable XSS
Active Auction House contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Title' or 'Table' variables upon submission to the sendpassword.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15286
Active Auction House ItemInfo.asp itemID Parameter SQL Injection
Active Auction House contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'itemID' variable in the ItemInfo.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15282
Active Auction House watchthisitem.asp itemid Variable XSS
Active Auction House contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'itemid' variable upon submission to the watchthisitem.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15287
Active Auction House sendpassword.asp Email Field SQL Injection
Active Auction House contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Email field in the sendpassword.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15283
Active Auction House start.asp ReturnURL Variable XSS
Active Auction House contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ReturnURL', 'password' or 'username' variables upon submission to the start.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15284
GNU Sharutils Unshar Local Insecure Temporary File Creation Vulnerability
The GNU Sharutils are a collection of utilities for creating and manipulating shell archive files. It is freely available for Unix and Unix variant operating systems. The…
. Read more at securityfocus.com/bid/12981?ref=rss
CubeCart Multiple SQL Injection Vulnerabilities
CubeCart is an online storefront application written in PHP. It utilizes a MySQL database for data storage.CubeCart is reported prone to multiple SQL injection vulnerab…
. Read more at securityfocus.com/bid/13050?ref=rss
Leave a Reply