VCD-db Search Module batch Variable XSS

Network Security News – Saturday, December 17, 2005 Events

VCD-db Search Module batch Variable XSS

VCD-db contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'batch' variables upon submission to the search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21700

VCD-db search.php by Variable SQL Injection

VCD-db contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'by' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21699

Plogger index.php Multiple Variable XSS

Plogger contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'level' and 'searchterms' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21711

Plogger index.php id Variable SQL Injection

Plogger contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21710

PlexCart X3 Product Search Module SQL Injection

PlexCart X3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the plexcart.pl script not properly sanitizing user-supplied input to the 's_itemname' and 's_orderby' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21712

mcGalleryPRO index.php language Variable Local File Inclusion

mcGalleryPRO contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'language' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/21718

mcGalleryPRO Search Module XSS

mcGalleryPRO contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21721

mcGalleryPRO show.php Multiple Variable SQL Injection

mcGalleryPRO contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the show.php script not properly sanitizing user-supplied input to the 'id', 'rand' and 'start' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21719

Ad Manager Pro advertiser_statistic.php ad_number Variable SQL Injection

Ad Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the advertiser_statistic.php script not properly sanitizing user-supplied input to the 'ad_number' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21709

Jamit Job Board index.php cat Variable SQL Injection

Job Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'cat' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21687

Vuln: PHP Arena PAFileDB Extreme Edition SQL Injection Vulnerability

PHP Arena PAFileDB Extreme Edition SQL Injection Vulnerability. Read more at securityfocus.com/bid/15912

Vuln: IHTML Merchant SQL Injection Vulnerability

IHTML Merchant SQL Injection Vulnerability. Read more at securityfocus.com/bid/15911

Vuln: IHTML Merchant Mall SQL Injection Vulnerability

IHTML Merchant Mall SQL Injection Vulnerability. Read more at securityfocus.com/bid/15910

Vuln: EZUpload Remote File Include Vulnerability

EZUpload Remote File Include Vulnerability. Read more at securityfocus.com/bid/15918

Update on the PGP NTFS File Wipe Issue, 16 Dec 2005

Update on the PGP NTFS File Wipe Issue, 16 Dec 2005. Read more at securityfocus.com/archive/1/419654

Advisory: XSS in WebCal (v1.11-v3.04)

Advisory: XSS in WebCal (v1.11-v3.04). Read more at securityfocus.com/archive/1/419655

DoS in Cisco Clean Access

DoS in Cisco Clean Access. Read more at securityfocus.com/archive/1/419645

exploit (html) for Advanced Guestbook 2.2

exploit (html) for Advanced Guestbook 2.2. Read more at securityfocus.com/archive/1/419656