Network Security News – Saturday, April 08, 2006 Events
SKForum user.View.action userID Variable XSS
SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'userID' variable upon submission to the 'user.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24432
SKForum planning.View.action time Variable XSS
SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'time' variable upon submission to the 'planning.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24431
SKForum area.View.action areaID Variable XSS
SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'areaID' variable upon submission to the 'area.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24430
ARIA (Accounting Receiving and Inventory Administration) gencompanyadd.php Multiple Variable XSS
ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name', 'address1', 'address2', 'city', 'email', and 'web' variables upon submission to the gencompanyadd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24441
ARIA (Accounting Receiving and Inventory Administration) docmgmtadd.php Multiple Variable XSS
ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'description' and 'comment' variables upon submission to the docmgmtadd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24439
MWNewsletter unsubscribe.php user_name Variable SQL Injection
MWNewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the unsubscribe.php script not properly sanitizing user-supplied input to the 'user_name' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24445
MWNewsletter subscribe.php user_name Variable XSS
MWNewsletter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user_name' variable upon submission to the subscribe.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24446
ARIA (Accounting Receiving and Inventory Administration) gencompanyupd.php Multiple Variable XSS
ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name', 'address1', 'address2', 'city', 'email', and 'web' variables upon submission to the gencompanyupd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24440
Mailman Scrubber.py Crafted Multipart MIME Message DoS
Mailman contains a flaw that may allow a remote denial of service. The issue is triggered when a multipart MIME message with a malformed part is received by the 'Scrubber.py' script, and will result in loss of availability for the list.. Read more at osvdb.org/24367
Cisco 11500 Content Services Switch HTTP Compression DoS
Cisco 11500 series Content Service Switches contains a flaw that may allow a remote denial of service. The issue is triggered when either "a valid, but obsolete" or a "specially crafted" HTTP request is received, and will result in loss of availability for the service. The flaw is only exploitable when HTTP compression is enabled, but it is not clear what role compression plays in exploitation of the flaw.. Read more at osvdb.org/24433
Vuln: MPlayer Multiple Integer Overflow Vulnerabilities
MPlayer Multiple Integer Overflow Vulnerabilities. Read more at securityfocus.com/bid/17295
Vuln: Clam Anti-Virus ClamAV Multiple Vulnerabilities
Clam Anti-Virus ClamAV Multiple Vulnerabilities. Read more at securityfocus.com/bid/17388
Leave a Reply