Ultimate eShop index.cgi subid Variable XSS

Network Security News – Thursday, June 29, 2006 Events

Ultimate eShop index.cgi subid Variable XSS

Ultimate eShop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'subid' variable upon submission to the index.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26746

Ultimate Estate index.pl cat Variable XSS

Ultimate Estate contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' variable upon submission to the index.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26741

Ultimate Estate index.pl id Variable SQL Injection

Ultimate Estate contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the index.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26740

NC LinkList index.php Multiple Variable XSS

NC LinkList contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' and 'view' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26675

Open-Realty index.php sorttype Variable SQL Injection

Open-Realty contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'sorttype' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26694

Docebo CMS util.media.php GLOBALS[where_cms] Variable Remote File Inclusion

docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to util.media.php not properly sanitizing user input supplied to the GLOBALS[where_cms] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26709

Docebo CMS news_class.php GLOBALS[where_framework] Variable Remote File Inclusion

docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to news_class.php not properly sanitizing user input supplied to the GLOBALS[where_framework] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26707

Docebo CMS content_class.php GLOBALS[where_framework] Variable Remote File Inclusion

docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to content_class.php not properly sanitizing user input supplied to the GLOBALS[where_framework] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26708

Docebo CMS class.definition.php GLOBALS[where_lms] Variable Remote File Inclusion

docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.definition.php not properly sanitizing user input supplied to the GLOBALS[where_lms] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26712

Docebo CMS scorm_utils.php GLOBALS[where_lms] Variable Remote File Inclusion

docebocms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to scorm_utils.php not properly sanitizing user input supplied to the GLOBALS[where_lms] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26713

Vuln: Apple Mac OS X Multiple Security Vulnerabilities

Apple Mac OS X Multiple Security Vulnerabilities. Read more at securityfocus.com/bid/18686

Vuln: Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities

Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/18436

Vuln: Mutt BROWSE_GET_NAMESPACE IMAP Namespace Processing Remote Buffer Overflow Vulnerability

Mutt BROWSE_GET_NAMESPACE IMAP Namespace Processing Remote Buffer Overflow Vulnerability

. Read more at securityfocus.com/bid/18642