Network Security News – Saturday, May 28, 2005 Events
XMB Forum phpinfo.php Information Disclosure
XMB Forum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user directly calls the phpinfo.php script, which will disclose information about the victim system, resulting in a loss of confidentiality.. Read more at osvdb.org/4643
XMB Forum misc.php restrict Variable XSS
XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'restrict' variable upon submission to the misc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16884
XMB Forum member.php restrict Variable XSS
XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'restrict' variable upon submission to the member.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14989
XMB Forum misc.php restrict Parameter SQL Injection
XMB Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the restrict variable in the misc.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16885
XMB Forum today.php restrict Parameter SQL Injection
XMB Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the restrict variable in the today.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16886
XMB Forum post.php Multiple Variable XSS
XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' or 'icons' variables upon submission to the post.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14987
XMB Forum stats.php Multiple Variable XSS
XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user supplied arguments upon submission to the stats.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14986
XMB Forum xmb.php xmbuser Variable XSS
XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'xmbuser' variable upon submission to the xmb.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14983
XMB Forum u2u.php folder Variable XSS
XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'folder' variable upon submission to the u2u.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14985
XMB Forum today.php restrict Variable XSS
XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'restrict' variable upon submission to the today.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14991
Clam Anti-Virus ClamAV Mac OS X Command Execution Vulnerability
ClamAV is a freely available, open source virus scanning utility. It is available for the Unix, Linux, and BSD platforms including Mac OS X.Clam Anti-Virus ClamAV runni…. Read more at securityfocus.com/bid/13795?ref=rss
Multiple Vendor TCP Timestamp PAWS Remote Denial Of Service Vulnerability
A denial of service vulnerability exists for the TCP RFC 1323. The issue exists in the Protection Against Wrapped Sequence Numbers (PAWS) technique that was included to i…. Read more at securityfocus.com/bid/13676?ref=rss
Leave a Reply