Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Confixx Pro tools_ftp_pwaendern.php account Variable XSS

Network Security News – Sunday, June 25, 2006 Events

Confixx Pro tools_ftp_pwaendern.php account Variable XSS

Confixx Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'account' variable upon submission to the tools_ftp_pwaendern.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26628

Confixx Pro ftp_index.php path Variable XSS

Confixx Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'path' variable upon submission to the ftp_index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26629

SSPwiz Plus index.cfm message Variable XSS

SSPwiz Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the index.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26532

Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow

A remote overflow exists in Windows. The Graphics Rendering Engine fails to validate Windows Metafile images resulting in a heap overflow in the PolyPolygon function. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/26431

Microsoft JScript Object Release Memory Corruption

Windows contains a flaw that may allow a malicious user to execute arbitary code. The issue is triggered when JScript releases objects early, leading to memory corruption and may allow an attacker to run arbitary code. It is possible that the flaw may allow arbitary code executiomn resulting in a loss of integrity.. Read more at osvdb.org/26434

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *