Network Security News – Wednesday, June 21, 2006 Events
CMS Faethon data/footer.php mainpath Variable XSS
CMS Faethon contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'mainpath' variable upon submission to the data/footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26634
xarancms xarancms_haupt.php id Variable SQL Injection
Xarancms contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the xarancms_haupt.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26632
Horde /templates/problem/problem.inc Multiple Variable XSS
Horde contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name', 'email', 'subject', and 'message' variables upon submission to the templates/problem/problem.inc script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26514
CMS Faethon data/header.php mainpath Variable XSS
CMS Faethon contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'mainpath' variable upon submission to the data/header.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26635
Cisco WebVPN Clientless Mode dnserror.html domain Variable XSS
Cisco WebVPN contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the domain variable upon submission to the dnserror.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26453
Cisco WebVPN Clientless Mode connecterror.html XSS
Cisco WebVPN and ASA contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the domain variable upon submission to the connecterror.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26454
Microsoft Windows RRAS RASMAN Remote Overflow
An unspecified remote overflow exists in Windows. The RASMAN component of RRAS fails to validate unspecified network traffic resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/26437
Leave a Reply