X-Cart Gold giftcert.php Multiple Variable SQL Injection

Network Security News – Wednesday, June 01, 2005 Events

X-Cart Gold giftcert.php Multiple Variable SQL Injection

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'gcid' and 'gcindex' variables in the giftcert.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16951

X-Cart Gold search.php mode Variable SQL Injection

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the search.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16950

X-Cart Gold register.php mode Variable SQL Injection

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the register.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16949

X-Cart Gold orders.php mode Variable SQL Injection

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the orders.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16948

X-Cart Gold help.php section Variable SQL Injection

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'section' variable in the help.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16947

X-Cart Gold error_message.php id Variable SQL Injection

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the error_message.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16946

X-Cart Gold product.php Multiple Variable SQL Injection

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'productid' and 'mode' variables in the product.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16945

X-Cart Gold home.php Multiple Variable SQL Injection

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'cat' and 'printable' variables in the home.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16944

X-Cart Gold giftcert.php Multiple Variable XSS

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'gcid' or 'gcindex' variables upon submission to the giftcert.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16943

X-Cart Gold search.php mode Variable XSS

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16942

Microsoft Internet Explorer Method Caching Mouse Click Event Hijacking Vulnerability

In BID 8577 and 9009, it was reported that by using the window.moveBy() method an attacker could potentially hijack mouse click events and influence an Internet Explorer …. Read more at securityfocus.com/bid/9108?ref=rss

Multiple Browser URI Obfuscation Weakness

A weakness is reported in Microsoft Internet Explorer and Opera browser that may allow an attacker to obfuscate the URI of a link. This could facilitate the impersonation…. Read more at securityfocus.com/bid/10517?ref=rss

Microsoft Internet Explorer Implicit Drag and Drop File Installation Vulnerability

Microsoft Internet Explorer is reported prone to a vulnerability that may allow unauthorized installation of malicious executables. Proof-of-concepts have been released …. Read more at securityfocus.com/bid/10973?ref=rss

Microsoft Internet Explorer Valid File Drag and Drop Embedded Code Vulnerability

The Microsoft cumulative Internet Explorer patch (MS04-038) attempted to limit what files may be dragged and dropped onto the local computer from the Internet Zone to pre…

. Read more at securityfocus.com/bid/11466?ref=rss

Microsoft Internet Explorer AddChannel Cross-Zone Scripting Vulnerability

The Channel functionality offers frequently updated collections of information, or channels, to clients.A vulnerability has been reported in Microsoft Internet Explorer…. Read more at securityfocus.com/bid/12427?ref=rss

Microsoft Internet Explorer URI Decoding Vulnerability

Microsoft Internet Explorer is prone to a vulnerability that exposed when the process attempts to decode characters in a URI that have been encoded. Specifically, ther…. Read more at securityfocus.com/bid/12473?ref=rss

Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4

Sender: Alberto Trivero [trivero at jumpy dot it]

. Read more at securityfocus.com/archive/1/399491?ref=rss

Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

Sender: Justin [justinvinn at gmail dot com]. Read more at securityfocus.com/archive/1/399494?ref=rss

multiple vulnerability Calendarix Advanced

Sender: DarkBicho [darkbicho at gmail dot com]. Read more at securityfocus.com/archive/1/399489?ref=rss

Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

Sender: Todd C dot Miller [Todd dot Miller at courtesan dot com]

. Read more at securityfocus.com/archive/1/399493?ref=rss