Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Webfresh Guest Book guest.cgi Name XSS

Network Security News – Wednesday, June 15, 2005 Events

Webfresh Guest Book guest.cgi Name XSS

Fresh Guestbook is contains a flaw that allows a remote cross site scripting attack. The flaw exists because the application does not validate the name variable upon submission to the "guest.cgi" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17290

Mac OS X SecurityAgent ScreenSaver Bypass

SecurityAgent in Mac OS X contains a flaw that may allow a malicious user to bypass screensaver restrictions. The issue is triggered when opening a URL from a text input field via the contextual menu. It is possible that the flaw may allow a malicious user to launch an arbitrary application behind a locked screensaver window resulting in a loss of integrity.. Read more at osvdb.org/16725

Mac OS X File System Search Arbitrary File Name Disclosure

Mac OS X contains a flaw that may lead to an unauthorized information disclosure. Өe issue is due to the incorrect checking of permissions on enclosing directories without the POSIX read, but with the POSIX execute bits set for group and other, which will disclose file names in restricted directories resulting in a loss of confidentiality.. Read more at osvdb.org/16726

LokwaBB misc.php Username Variable SQL Injection

LokwaBB contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the Username variable in the 'misc.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/17294

LokwaBB pm.php pmid Variable Arbitrary Message Access

LokwaBB contains a flaw that may allow a remote attacker to access arbitrary messages. The issue is due to the 'pmid' variable in the 'pm.php' script not being properly sanitized and may allow a remote attacker to access arbitrary messages, resulting in a loss of confidentiality.. Read more at osvdb.org/17292

LokwaBB member.php member Variable SQL Injection

LokwaBB contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'member' variable in the 'member.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/17293

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *