Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Bitrix Site Manager dbquery_error.php Path Disclosure

Network Security News – Monday, June 20, 2005 Events

Bitrix Site Manager dbquery_error.php Path Disclosure

Bitrix Site Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when errors occur during execution of dbquery_error.php due to invalid user input, which will disclose web server path information resulting in a loss of confidentiality.. Read more at osvdb.org/17376

Bitrix Site Manager subscr_form.php Path Disclosure

Bitrix Site Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when errors occur during execution of subscr_form.php due to invalid user input, which will disclose web server path information resulting in a loss of confidentiality.. Read more at osvdb.org/17348

ProductCart editCategories.asp lid Variable SQL Injection

ProductCart contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the lid variable in the editCategories.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/17330

ProductCart viewPrd.asp idcategory Variable SQL Injection

ProductCart contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the idcategory variable in the viewPrd.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/17329

Bitrix Site Manager index.php _SERVER[DOCUMENT_ROOT] Variable Remote File Inclusion

Bitrix contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the _SERVER[DOCUMENT_ROOT] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/17341

Microsoft Outlook Express NNTP LIST Command Remote Overflow

A remote overflow exists in Windows. Outlook Express fails to validate results returned by an NNTP server to a LIST command before passing it to MSOE.DLL, resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution as the user resulting in a loss of integrity.. Read more at osvdb.org/17306

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *