Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Blog Torrent newusers User Credential Disclosure

Network Security News – Thursday, July 14, 2005 Events

Blog Torrent newusers User Credential Disclosure

Blog Torrent contains a flaw that may lead to an unauthorized information disclosure. The issue is due the newusers file being accessible via the web, which will disclose password hashes resulting in a loss of confidentiality.. Read more at osvdb.org/17832

Vortex Portal index.php act Variable Remote File Inclusion

Vortex Portal contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'act' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14959

Vortex Portal content.php act Variable Remote File Inclusion

Vortex Portal contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to content.php not properly sanitizing user input supplied to the 'act' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14958

Backup Manager Unauthorized Archive Repository Access

Backup Manager contains a flaw that may lead to an unauthorized information disclosure. The issue occurs because the backup archives are world readable, which could disclose the archived information to any local users on the system resulting in a loss of confidentiality.. Read more at osvdb.org/17797

DownloadProtect download.php file Variable Traversal Arbitrary File Access

DownloadProtect contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to download.php not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the download variable.. Read more at osvdb.org/17806

Id Board sql.cls.php tbl_suff Variable SQL Injection

Id Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the sql.cls.php script not properly sanitizing user-supplied input to the tbl_suff variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17811

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *