Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Contelligent External Browser Unspecified XSS

Network Security News – Monday, August 08, 2005 Events

Contelligent External Browser Unspecified XSS

Contelligent External Browser contains a flaw related to the way the Contelligent client processes 'actions' that may allow an attacker to perform an XSS attack. No further details have been provided.. Read more at osvdb.org/18527

Ultimate PHP Board (UPB) viewtopic.php Multiple Variable XSS

Ultimate PHP Board (UPB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' and 'page' variables upon submission to the 'viewtopic.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17366

Ultimate PHP Board (UPB) viewtopic.php id Variable Path Disclosure

Ultimate PHP Board (UPB) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'id' variable in the 'viewtopic.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/17362

Ultimate PHP Board (UPB) users.dat Information Disclosure

Ultimate PHP Board (UPB) contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when requesting the 'users.dat' file, which will disclose sensitive user information resulting in a loss of confidentiality.. Read more at osvdb.org/17374

Ultimate PHP Board (UPB) search.php sText Variable XSS

Ultimate PHP Board (UPB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sText' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17373

Ultimate PHP Board (UPB) newpost.php Multiple Variable XSS

Ultimate PHP Board (UPB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' and 't_id' variables upon submission to the 'newpost.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17368

Ultimate PHP Board (UPB) profile.php id Variable XSS

Ultimate PHP Board (UPB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'profile.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17367

Ultimate PHP Board (UPB) profile.php id Variable Path Disclosure

Ultimate PHP Board (UPB) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'id' variable in the 'profile.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/17363

Ultimate PHP Board (UPB) newpost.php t_id Variable Path Disclosure

Ultimate PHP Board (UPB) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 't_id' variable in the 'newpost.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/17364

Ultimate PHP Board (UPB) login.php ref Variable XSS

Ultimate PHP Board (UPB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ref' variable upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17365

Vuln: Owl Intranet Engine Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

Owl Intranet Engine Multiple Cross-Site Scripting and SQL Injection Vulnerabilities. Read more at securityfocus.com/bid/12114

Vuln: Acunetix Web Vulnerability Scanner Remote Denial of Service Vulnerability

Acunetix Web Vulnerability Scanner Remote Denial of Service Vulnerability. Read more at securityfocus.com/bid/14488

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *