Hostflow Help Desk Add Ticket Description Field XSS

Network Security News – Thursday, July 06, 2006 Events

Hostflow Help Desk Add Ticket Description Field XSS

Hostflow Helpdesk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Description' variable upon submission to the add ticket script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26872

phpRaid login.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the login.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26895

phpRaid index.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26893

phpRaid locations.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the locations.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26894

phpRaid guilds.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the guilds.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26892

phpRaid configuration.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the configuration.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26891

phpRaid announcements.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the announcements.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26888

phpRaid users.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the users.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26904

phpRaid view.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the view.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26902

phpRaid rss.php phpraid_dir Variable Remote File Inclusion

phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the rss.php script not properly sanitizing user input supplied to the 'phpraid_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26889

Vuln: Linux Kernel LSM ReadV/WriteV Security Restriction Bypass Vulnerability

Linux Kernel LSM ReadV/WriteV Security Restriction Bypass Vulnerability. Read more at securityfocus.com/bid/18105

Vuln: Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities

Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities. Read more at securityfocus.com/bid/17910

Vuln: Linux Kernel IP ID Information Disclosure Weakness

Linux Kernel IP ID Information Disclosure Weakness

. Read more at securityfocus.com/bid/17109

Vuln: Linux Kernel Shared Memory Security Restriction Bypass Vulnerabilities

Linux Kernel Shared Memory Security Restriction Bypass Vulnerabilities. Read more at securityfocus.com/bid/17587

vBulletin 3.5.4 (install_path) Exploit

vBulletin 3.5.4 (install_path) Exploit. Read more at securityfocus.com/archive/1/439207

TigerTom Scripts

TigerTom Scripts

. Read more at securityfocus.com/archive/1/439208

[ MDKSA-2006:116 ] – Updated kernel packages fixes multiple vulnerabilities

[ MDKSA-2006:116 ] – Updated kernel packages fixes multiple vulnerabilities. Read more at securityfocus.com/archive/1/439168

BLOG:CMS 4.1.0 SQL injection File Include Vulnerability

BLOG:CMS 4.1.0 SQL injection File Include Vulnerability. Read more at securityfocus.com/archive/1/439160