UBB.threads togglecats.php Cat Variable HTTP Response Splitting

Network Security News – Sunday, July 10, 2005 Events

UBB.threads togglecats.php Cat Variable HTTP Response Splitting

UBB.threads contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'Cat' variable upon submission to the 'togglecats.php' script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17519

UBB.threads toggleshow.php Cat Variable HTTP Response Splitting

UBB.threads contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'Cat' variable upon submission to the 'toggleshow.php' script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17518

UBB.threads showprofile.php Cat Variable HTTP Response Splitting

UBB.threads contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'Cat' variable upon submission to the 'showprofile.php' script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17520

UBB.threads showprofile.php Multiple Variable XSS

UBB.threads contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the the 'Number', 'Board', and 'what' variables upon submission to the 'showprofile.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17514

UBB.threads dosearch.php Searchpage Variable XSS

UBB.thread contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Searchpage' variable upon submission to the 'dosearch.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17517

UBB.threads showmembers.php like Variable XSS

UBB.threads contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'like' variable upon submission to the 'showmembers.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17516

UBB.threads showflat.php Multiple Variable XSS

UBB.threads contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fpart' & 'page' variables upon submission to the 'showflat.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17515

UBB.threads newreply.php Multiple Variable XSS

UBB.threads contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Number', 'what', & 'page' variables upon submission to the 'newreply.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17513

ekg Symlink Arbitrary File Manipulation

EKG contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the czyjest and handle_keypress() functions in the contrib/scripts/linki.py script creating temporary files insecurely. It is possible for a user to use a symlink style attack from a critical EKG file to the /tmp/rmrmg_ekg_url file. When EKG is run, the temporary symlink file is activated with the privileges of the user running EKG, resulting in a loss of integrity.. Read more at osvdb.org/17722

phpWebSite index.php Search Module mod Variable Traversal Arbitrary File Access

phpWebSite contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'Search' module 'mod' variable.. Read more at osvdb.org/17789