Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

CommodityRentals usersession user_id SQL Injection

Network Security News – Wednesday, November 30, 2005 Events

CommodityRentals usersession user_id SQL Injection

CommodityRentals contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to multiple scripts not properly sanitizing user-supplied input to the "user_id" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Additionally, if a failed query is performed, the program will disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21055

drzes HMS /customers/crons.php Multiple Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/crons.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21188

drzes HMS /customers/pop_accounts.php Multiple Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/pop_accounts.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21185

drzes HMS /customers/software.php Multiple Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/software.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21192

drzes HMS /customers/viewplan.php customerPlanID Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/viewplan.php script not properly sanitizing user-supplied input to the 'customerPlanID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21181

drzes HMS /customers/pass_dirs.php Multiple Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/pass_dirs.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21189

drzes HMS /customers/databases.php Multiple Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/databases.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21186

drzes HMS /customers/htaccess.php Multiple Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/htaccess.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21191

drzes HMS /customers/viewusage.php plan_id Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/viewusage.php script not properly sanitizing user-supplied input to the 'plan_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21183

drzes HMS /customers/domains.php plan_id Variable SQL Injection

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/domains.php script not properly sanitizing user-supplied input to the 'plan_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21179

Vuln: Apple Mac OS X Security Update 2005-009 Multiple Vulnerabilities

Apple Mac OS X Security Update 2005-009 Multiple Vulnerabilities. Read more at securityfocus.com/bid/15647

Vuln: pcAnywhere Authentication Denial of Service Vulnerability

pcAnywhere Authentication Denial of Service Vulnerability. Read more at securityfocus.com/bid/15646

Vuln: Survey System Survey.PHP SQL Injection Vulnerability

Survey System Survey.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15641

Vuln: FAQ System Multiple SQL Injection Vulnerabilities

FAQ System Multiple SQL Injection Vulnerabilities. Read more at securityfocus.com/bid/15640

APPLE-SA-2005-11-29 Security Update 2005-009

APPLE-SA-2005-11-29 Security Update 2005-009. Read more at securityfocus.com/archive/1/418099

Re: DNS query spam

Re: DNS query spam. Read more at securityfocus.com/archive/1/418109

RE: – Cisco IOS HTTP Server code injection/execution vulnerability

RE: – Cisco IOS HTTP Server code injection/execution vulnerability-. Read more at securityfocus.com/archive/1/418104

Re: DNS query spam

Re: DNS query spam. Read more at securityfocus.com/archive/1/418108

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *