Network Security News – Thursday, June 02, 2005 Events
PHP Poll Creator poll_vote.php relativer_pfad Variable Remote File Inclusion
PHP Poll Creator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to poll_vote.php not properly sanitizing user input supplied to the relativer_pfad variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16846
Calendarix Advanced cal_pophols.php id Variable SQL Injection
Calendarix Advanced contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the id variable in the 'cal_pophols.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16972
Calendarix Advanced cal_cat.php catview Variable SQL Injection
Calendarix Advanced contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the catview variable in the 'cal_cat.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16975
Calendarix Advanced calendar.php year Variable XSS
Calendarix Advanced contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the year variable upon submission to the 'calendar.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16973
Calendarix Advanced cal_week.php catview Variable SQL Injection
Calendarix Advanced contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the catview variable in the 'cal_week.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16974
Calendarix Advanced cal_day.php catview Variable SQL Injection
Calendarix Advanced contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the catview variable in the 'cal_day.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16971
phpPgAds / phpAdsNew adframe.php refresh Variable XSS
phpPgAds and phpAdsNew contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the refresh variable upon submission to the 'adframe.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14787
phpPgAds / phpAdsNew maintenance-cleantables.php Path Disclosure
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'maintenance-cleantables.php' script, which will disclose the full installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14780
phpPgAds / phpAdsNew maintenance-autotargeting.php Path Disclosure
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'maintenance-autotargeting.php' script, which will disclose the full installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14781
phpPgAds / phpAdsNew phpads.php Path Disclosure
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'phpads.php' script, which will disclose the full installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14783
Leave a Reply