PHP-Fusion messages.php msg_send Variable SQL Injection

Network Security News – Wednesday, October 26, 2005 Events

PHP-Fusion messages.php msg_send Variable SQL Injection

PHP-Fusion contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'messages.php' script not properly sanitizing user-supplied input to the 'msg_send' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19718

saphp Lesson add.php forumid Variable SQL Injection

saphp Lesson contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'add.php' script not properly sanitizing user-supplied input to the 'forumid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20290

saphp Lesson showcat.php forumid Variable SQL Injection

saphp Lesson contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'showcat.php' script not properly sanitizing user-supplied input to the 'forumid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20289

Tiny Personal Firewall Non-standard TCP Packet Outbound Filtering Bypass

Tiny Personal Firewall contains a flaw that may allow a remote attacker to bypass the firewall's access control filtering mechanism. The problem is that the application fails to inspect and block outbound packets generated by alternate protocol stacks, which may allow a remote attacker to bypass outbound filterings by using non-standard TCP packets created with non-Windows protocol adapters resulting in a loss of integrity.. Read more at osvdb.org/20277

ZoneAlarm Non-standard TCP Packet Outbound Filtering Bypass

ZoneAlarm contains a flaw that may allow a remote attacker to bypass the firewall's access control filtering mechanism. The problem is that the application fails to inspect and block outbound packets generated by alternate protocol stacks, which may allow a remote attacker to bypass outbound filterings by using non-standard TCP packets created with non-Windows protocol adapters resulting in a loss of integrity.. Read more at osvdb.org/20275

TClanPortal index.php id Variable SQL Injection

TClanPortal contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20305

Zomplog detail.php id Variable SQL Injection

Zomplog contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'detail.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20250

Zomplog detail.php name Variable XSS

Zomplog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' variable upon submission to the 'detail.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20253

Zomplog get.php catid Variable SQL Injection

Zomplog contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'get.php' script not properly sanitizing user-supplied input to the 'catid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20251

Zomplog get.php username Variable XSS

Zomplog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the 'get.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20254

Vuln: AR-Blog Remote Authentication Bypass Vulnerability

AR-Blog Remote Authentication Bypass Vulnerability. Read more at securityfocus.com/bid/15203

Vuln: SparkleBlog Multiple HTML Injection Vulnerabilities

SparkleBlog Multiple HTML Injection Vulnerabilities. Read more at securityfocus.com/bid/15202

Vuln: AR-Blog Comment HTML Injection Vulnerability

AR-Blog Comment HTML Injection Vulnerability. Read more at securityfocus.com/bid/15201

Vuln: Basic Analysis And Security Engine Base_qry_main.PHP SQL Injection Vulnerability

Basic Analysis And Security Engine Base_qry_main.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15199

SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS

SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS. Read more at securityfocus.com/archive/1/414572

SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability

SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability. Read more at securityfocus.com/archive/1/414573

Skype security advisory

Skype security advisory. Read more at securityfocus.com/archive/1/414519

SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable)

SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable). Read more at securityfocus.com/archive/1/414574