Network Security News – Friday, August 19, 2005 Events
Hosting Controller error.asp error Variable XSS
Hosting Controller contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error' variable upon submission to the 'error.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17612
Naxtor Shopping Cart lost_passowrd.php email Variable XSS
Naxtor Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email' variable upon submission to the 'lost_passowrd.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18498
phpBook guestbook.php admin Variable XSS
phpBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'admin' variable upon submission to the 'guestbook.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18295
Plague News index.php cid Variable XSS
Plague News contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cid' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17688
PNG Counter demo.php digit Variable XSS
PNG Counter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'digit' variable upon submission to the 'demo.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18346
AderSoftware CFBB index.cfm page Variable XSS
AderSoftware CFBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'index.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18483
CartWIZ viewCart.asp message Variable XSS
CartWIZ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'viewCart.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18463
Form Sender processform.php3 Multiple Variable XSS
Form Sender contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' and 'failed' variables upon submission to the 'processform.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18164
Fusebox index.cfm fuseaction Variable XSS
Fusebox contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fuseaction' variable upon submission to the 'index.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18520
MyFAQ inssolution.php3 Faq Variable SQL Injection
MyFAQ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'inssolution.php3' script not properly sanitizing user-supplied input to the 'Faq' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18642
Vuln: Whisper32 Plaintext Password Disclosure Vulnerability
Whisper32 Plaintext Password Disclosure Vulnerability. Read more at securityfocus.com/bid/14600
Leave a Reply