w-Agora update.php3 Unspecified Variable XSS

Network Security News – Sunday, August 27, 2006 Events

w-Agora update.php3 Unspecified Variable XSS

w-Agora contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the update.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28165

w-Agora modules.php3 Unspecified Variable XSS

w-Agora contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the modules.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28168

w-Agora insert.php3 Unspecified Variable XSS

w-Agora contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the insert.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28166

w-Agora index.php3 Unspecified Variable XSS

w-Agora contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the index.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28167

w-Agora browse.php3 Unspecified Variable XSS

w-Agora contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the browse.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28170

w-Agora auth.php3 Unspecified Variable XSS

w-Agora contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the auth.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28169

Microsoft IE HTTP 1.1 URL Parsing Overflow

A remote overflow exists in Microsoft's Internet Explorer. Internet Explorer fails to correctly handle a long URL using HTTP 1.1 compression resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/28132

Microsoft IE Crafted Elements Status Bar URL Spoofing

Microsoft Internet Explorer contains a flaw related to the information displayed in the status bar that may allow an attacker to spoof the information in the status bar when a user mouse overs a link. The user might be tricked into believing the link leads to a different page leading to potential phishing attack.. Read more at osvdb.org/23609

mail f/w system Unspecified Arbitrary Mail Header Injection

CGI-RESCUE mail f/w system contains a flaw that may allow a malicious user to inject arbitrary email headers. Input passed to unspecified parameters is not properly sanitized before being used to construct an email message. It is possible that the flaw may allow an attacker to send spam messages from the server resulting in a loss of integrity.. Read more at osvdb.org/28131

Empire CMS e/class/CheckLevel.php check_path Remote File Inclusion

Empire CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to e/class/CheckLevel.php not properly sanitizing user input supplied to the 'check_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28116

Vuln: Alt-N MDaemon Multiple Remote Pre-Authentication POP3 Buffer Overflow Vulnerabilities

Alt-N MDaemon Multiple Remote Pre-Authentication POP3 Buffer Overflow Vulnerabilities. Read more at securityfocus.com/bid/19651

Vuln: AlsaPlayer Multiple Buffer Overflow Vulnerabilities

AlsaPlayer Multiple Buffer Overflow Vulnerabilities. Read more at securityfocus.com/bid/19450

Vuln: Zen Cart Multiple SQL Injection Vulnerabilities

Zen Cart Multiple SQL Injection Vulnerabilities

. Read more at securityfocus.com/bid/19542

Vuln: Zen Cart Multiple File Include Vulnerabilities

Zen Cart Multiple File Include Vulnerabilities. Read more at securityfocus.com/bid/19543

[ GLSA 200608-24 ] AlsaPlayer: Multiple buffer overflows

[ GLSA 200608-24 ] AlsaPlayer: Multiple buffer overflows. Read more at securityfocus.com/archive/1/444417

AlstraSoft Video Share Enterprise Remote File Include Vulnerability

AlstraSoft Video Share Enterprise Remote File Include Vulnerability

. Read more at securityfocus.com/archive/1/444416

Bigace 1.8.2 (GLOBALS) Remote File Inclusion

Bigace 1.8.2 (GLOBALS) Remote File Inclusion. Read more at securityfocus.com/archive/1/444415

Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities

Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities. Read more at securityfocus.com/archive/1/444425