Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

TOPo index.php Multiple Variable XSS

Network Security News – Sunday, May 22, 2005 Events

TOPo index.php Multiple Variable XSS

TOPo contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'm', 's', 'ID', and 't' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16699

TOPo /data Directory Remote Information Disclosure

TOPo contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when directly accessing the 'dat' files located in the '/data' directory, which will disclose IP address of clients who have voted or added a comment resulting in a loss of confidentiality. Read more at osvdb.org/16700

MetaCart productsByCategory.asp strCatalog_NAME Variable XSS

MetaCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'strCatalog_NAME' variables upon submission to the 'productsByCategory.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16706

Novell ZENworks Remote Management Authentication Multiple Remote Overflows

Multiple remote overflows exist in Novell ZENworks. The authentication protocol fails to properly check the sign and length of data received from the network resulting in a heap overflow. Also, the authentication protocol fails to properly check the length of submitted passwords when copying into a fixed-length buffer, resulting in a stack overflow. With a specially crafted request, an attacker can gain control of critical system processes on the target with elevated privileges, resulting in a loss of confidentiality and integrity.. Read more at osvdb.org/16698

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *