Network Security News – Saturday, July 23, 2005 Events
phpSurveyor question.php Path Disclosure
phpSurveyor contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker requests the question.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/18086
phpSurveyor dumpsurvey.php sid Variable SQL Injection
phpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumpsurvey.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18107
Website Generator confirm.php theme Variable XSS
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the confirm.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18160
phpSurveyor browse.php Multiple Variable XSS
phpSurveyor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sid', 'start', or 'id' variables upon submission to the browse.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18095
phpSurveyor dumplabel.php lid Variable SQL Injection
phpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumplabel.php script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18099
Website Generator table.php theme Variable XSS
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the table.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18158
Contrexx CMS Gallery Module pId Variable SQL Injection
Contrexx CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gallery module not properly sanitizing user-supplied input to the 'pld' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18167
phpSurveyor html.php Direct Request Path Disclosure
phpSurveyor contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker makes a direct request to the html.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/18089
Ultimate PHP Board (UPB) top.php css Variable XSS
Ultimate PHP Board (UPB) Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'css' variable upon submission to the top.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18145
Website Generator spaw_control.class.php Direct Request Path Disclosure
Website Generator contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker makes a dierct request to the spaw_control.class.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/18155
Vuln: ASN Guestbook Multiple Cross-Site Scripting Vulnerabilities
ASN Guestbook Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/14356
Vuln: Oracle July Security Update Multiple Vulnerabilities
Oracle July Security Update Multiple Vulnerabilities. Read more at securityfocus.com/bid/14238
Vuln: Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
. Read more at securityfocus.com/bid/14242
Vuln: Zlib Compression Library Decompression Denial Of Service Vulnerability
Zlib Compression Library Decompression Denial Of Service Vulnerability. Read more at securityfocus.com/bid/14340
[Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package
[Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package. Read more at securityfocus.com/archive/1/406293
Advisory 11/2005: Multiple vulnerabilities in Contrexx
Advisory 11/2005: Multiple vulnerabilities in Contrexx. Read more at securityfocus.com/archive/1/406262
Re: Oracle and setting the record straight
Re: Oracle and setting the record straight
. Read more at securityfocus.com/archive/1/406268
Re: RE: Peter Gutmann data deletion theaory?
Re: RE: Peter Gutmann data deletion theaory?. Read more at securityfocus.com/archive/1/406284
Leave a Reply