Realty Pro One search/searchlookup.php propertyid Variable XSS

Network Security News – Monday, May 29, 2006 Events

Realty Pro One search/searchlookup.php propertyid Variable XSS

Realty Pro One contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "propertyid" variable upon submission to the search/searchlookup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25773

Realty Pro One listings/request_info.php agentid Variable XSS

Realty Pro One contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "agentid" variable upon submission to the listings/request_info.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25775

Realty Pro One listings/index_other.php listingid Variable XSS

Realty Pro One contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "listingid" variable upon submission to the listings/index_other.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25772

Realty Pro One listings/index.php listingid Variable SQL Injection

Realty Pro One contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the listings/index.php script not properly sanitizing user-supplied input to the "listingid" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25771

Realty Pro One images.php id Variable XSS

Realty Pro One contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "id" variable upon submission to the images.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25774

Multiple Vendor Crafted Compressed DNS Packet DoS

Multiple vendor DNS servers contains a flaw that may allow a remote denial of service. The issue is triggered when the server receives a compressed DNS packet with a label length byte with an incorrect offset, and will result in loss of availability for the service.. Read more at osvdb.org/25291

Microsoft Windows itss.dll CHM Processing Overflow

Microsoft Windows contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due to a boundary error in the Infotech Storage System Library (itss.dll) when reading a ".CHM" file. It is possible that the flaw may cause a heap corruption and may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/25501

IRIX login Non-zero LOCKOUT Arbitrary File Modification

IRIX contains a flaw that may allow a malicious attacker to create or corrupt files on the system. The issue is due to the login program creating files when the lockout feature is enabled. It is possible for a malicious attacker to manipulate files, resulting in a loss of integrity.. Read more at osvdb.org/990

iFdate Multiple Post-authentication Field XSS

iFdate contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission various scripts post authentication. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25779

iFdate Multiple Login Field XSS

iFdate contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "username" and "password" variables during login. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25778

Vuln: Symantec Antivirus Remote Stack Buffer Overflow Vulnerability

Symantec Antivirus Remote Stack Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18107

Vuln: Chipmunk Multiple Cross-Site Scripting Vulnerabilities

Chipmunk Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/15149