Network Security News – Tuesday, January 10, 2006 Events
Joomla! mosDBTable Class Multiple SQL Injection
Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the mosDBTable class not properly sanitizing user-supplied input to unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21043
MusicBox index.php type Variable SQL Injection
MusicBox contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'type' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22272
Joomla! Search Mambots Query Saturation DoS
Joomla! contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker requests an unusually high search number to 'Search Mambots' which causes a search flood to occur, and will result in loss of availability for the service.. Read more at osvdb.org/21041
Joomla! SEF Unspecified XSS
Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to SEF not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21039
Joomla! _GET Array Global Variable XSS
Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the _GET array not properly sanitizing user-supplied input to the 'global' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21040
Joomla! Polls Module (mod_poll) Itemid Variable SQL Injection
Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Polls module not properly sanitizing user-supplied input to the 'Itemid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21042
WSN Forum memberlist.php id Variable SQL Injection
WSN Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the memberlist.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21068
phpComasy index.php id Variable SQL Injection
phpComasy contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20984
Apple AirPort Extreme Base Station Crafted Packet Network Interface DoS
Apple Airport Extreme Base Stations contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted packet is received on the network interface, and will result in loss of availability for users of the wireless network.. Read more at osvdb.org/22244
Arki-DB index.php catid SQL Injection
Arki-DB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'catid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20944
Vuln: Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities
Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities. Read more at securityfocus.com/bid/16167
Vuln: PHPNuke Multiple Modules IMG Tag HTML Injection Vulnerability
PHPNuke Multiple Modules IMG Tag HTML Injection Vulnerability. Read more at securityfocus.com/bid/16192
Vuln: Xoops Pool Module IMG Tag HTML Injection Vulnerability
Xoops Pool Module IMG Tag HTML Injection Vulnerability. Read more at securityfocus.com/bid/16189
Leave a Reply