Network Security News – Sunday, January 22, 2006 Events
Nuked-Klan Forum Module Multiple Variable SQL Injection
Nuked-Klan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Forum Module not properly sanitizing user-supplied input to the 'forum_id', 'thread_id' and 'link_id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20338
Nuked-Klan Links Module link_id Variable SQL Injection
Nuked-Klan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Links Module not properly sanitizing user-supplied input to the 'link_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20337
Nuked-Klan Sections Module artid Variable SQL Injection
Nuked-Klan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Sections Module not properly sanitizing user-supplied input to the 'artid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20339
My Amazon Store Manager search.php q Variable XSS
My Amazon Store Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22626
NavBoard post.php BBcode XSS
NavBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate BBcode upon submission to the 'post.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22277
Netbula Anyboard anyboard.cgi tK Variable XSS
Netbula Anyboard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tK' variable upon submission to the 'anyboard.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22461
427BB posts.php Message Body XSS
427BB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Message Body upon submission to the 'posts.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22276
ezDatabase index.php p Variable XSS
ezDatabase contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'p' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22684
Hitachi HITSENSER Data Mart Server Unspecified SQL Injection
HITSENSER Data Mart Server contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22669
Nuked-Klan Download Module dl_id Variable SQL Injection
Nuked-Klan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Download Module not properly sanitizing user-supplied input to the 'dl_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20340
Leave a Reply