VenomBoard post.php3 Multiple Variable SQL Injection

Network Security News – Saturday, January 14, 2006 Events

VenomBoard post.php3 Multiple Variable SQL Injection

VenomBoard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the post.php3 script not properly sanitizing user-supplied input to the 'topic_id', 'root' and 'parent' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22297

TheWebForum register.php www Variable XSS

TheWebForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'www' variable upon submission to the 'register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22295

TheWebForum login.php Username Field SQL Injection

TheWebForum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the username field. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22294