Softbiz Web Host Directory Search Engine SQL Injection

Network Security News – Thursday, January 12, 2006 Events

Softbiz Web Host Directory Search Engine SQL Injection

Web Host Directory contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search module not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21083

Wizz Forum ForumAuthDetails.php AuthID Variable SQL Injection

Wizz Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ForumAuthDetails.php script not properly sanitizing user-supplied input to the 'AuthID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20845

Wizz Forum ForumReply.php TopicID Variable SQL Injection

Wizz Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ForumReply.php script not properly sanitizing user-supplied input to the 'TopicID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20847

Wizz Forum ForumTopicDetails.php TopicID Variable SQL Injection

Wizz Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ForumTopicDetails.php script not properly sanitizing user-supplied input to the 'TopicID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20846

FreeBSD ee ispell_op Function Symlink Arbitrary File Overwrite

The Easy Editor (ee) on FreeBSD contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program evoking the ispell_op function, which creates temporary files insecurely under ee. It is possible for a user to use a symlink style attack to manipulate arbitrary files with the privileges of the user running ee, resulting in a loss of integrity.. Read more at osvdb.org/22320

FreeBSD ipfw Layer 4 Tracking Fragmented IP Packet Remote DoS

FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker sends ICMP IP fragments to or through an ipfw firewall which match any reset, reject or unreach actions. Due to the incorrect handling of IP fragments, the pointer to layer 4 header information fails to get initialized, resulting in loss of availability for the platform.. Read more at osvdb.org/22319

Microsoft Windows Open Type (EOT) Font Remote Overflow

A remote overflow exists in Microsoft Windows. Many versions fail to perform correct boundary checks in web requests involving embedded fonts, resulting in a heap overflow. With a specially crafted web font, an attacker can cause arbitrary code execution, resulting in a loss of integrity.. Read more at osvdb.org/18829