Accelerated Mortgage Manager password Field SQL Injection

Network Security News – Saturday, December 10, 2005 Events

Accelerated Mortgage Manager password Field SQL Injection

Accelerated Mortgage Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin login script not properly sanitizing user-supplied input to the password field. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21581

Website Baker user: Field SQL Injection

Website Baker has a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin login check script not properly sanitizing user-supplied input to the user field. This may allow an attacker to bypass authentication and upload a malicious php script to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21572

Lyris ListManager Crafted Login Authentication Bypass

Lyris ListManager contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when a remote attacker provides crafted authentication credentials when requested. By supplying any user name that ends with the '@' character, along with any password, server authentication can be bypassed.. Read more at osvdb.org/21573

Lyris ListManager MSDE Default sa Password

By default, Lyris ListManager installs with a default password. The 'sa' account has a password of 'lminstall' which is publicly known and documented. This allows attackers to trivially access the program or system.. Read more at osvdb.org/21559

Lyris ListManager Subscription Form Administrative Command Injection

Lyris ListManager contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when an attacker provides a crafted list name password parameter using %0A%0D sequences and line wraps to the new subscription page (/subscribe/subscribe). It is possible that the flaw may allow an unauthenticated user to execute arbitrary commands with the privileges of the web server process.. Read more at osvdb.org/21547

Lyris ListManager Error Message Information Disclosure

Lyris ListManager contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker requests a nonexistant page. The resulting error page contains diagnostic information in the hidden 'env' variable, which will disclose software version, installation path, SQL queries and more, resulting in a loss of confidentiality.. Read more at osvdb.org/21552

Lyris ListManager TCLHTTPd %00 TML Source Disclosure

Lyris ListManager contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker requests a TML script with a NULL byte code. Such a request will cause the TCLHTTPd service to disclose the source of the TML script rather than processing it normally.. Read more at osvdb.org/21551

Lyris ListManager TCLHTTPd Status Module Information Disclosure

Lyris ListManager contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker requests the /status/ module, which will disclose server configuration information resulting in a loss of confidentiality.. Read more at osvdb.org/21550

Lyris ListManager Multiple ORDERBY SQL Injection Flaws

Lyris ListManager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the multiple scripts not properly sanitizing user-supplied input to lists of items. By providing newlines in conjunction with whitespace and ASCII 0xFF characters, an attacker can access the xp_cmdshell stored procedure. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21549

Lyris ListManager Read Message Attachment SQL Injection

Lyris ListManager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the read message attachment function not properly sanitizing user-supplied input to the attachment URL. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21548

Vuln: MilliScripts Register.PHP Cross-Site Scripting Vulnerability

MilliScripts Register.PHP Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/15792

Vuln: Motorola SB5100E Cable Modem LanD Packet Denial Of Service Vulnerability

Motorola SB5100E Cable Modem LanD Packet Denial Of Service Vulnerability. Read more at securityfocus.com/bid/15795

Vuln: Ethereal OSPF Protocol Dissection Stack Buffer Overflow Vulnerability

Ethereal OSPF Protocol Dissection Stack Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15794

Vuln: Simple Machines Forum Memberlist.php SQL Injection Vulnerability

Simple Machines Forum Memberlist.php SQL Injection Vulnerability. Read more at securityfocus.com/bid/15791

iDefense Security Advisory 12.09.05: Ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability

iDefense Security Advisory 12.09.05: Ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability. Read more at securityfocus.com/archive/1/419076

Milliscript 1.4 Multiple Vulnerabilities

Milliscript 1.4 Multiple Vulnerabilities. Read more at securityfocus.com/archive/1/419070

[TKPN2005-12-001] Multiple critical vulnerabilities in MyBB

[TKPN2005-12-001] Multiple critical vulnerabilities in MyBB. Read more at securityfocus.com/archive/1/419067

[security bulletin] SSRT051069 – HP Tru64 Unix Secure Web Server (SWS 6.4.1 and earlier) PHP/XMLRPC Remote Unauthorized Execution of Arbitrary Code

[security bulletin] SSRT051069 – HP Tru64 Unix Secure Web Server (SWS 6.4.1 and earlier) PHP/XMLRPC Remote Unauthorized Execution of Arbitrary Code. Read more at securityfocus.com/archive/1/419064