Jax Calendar jax_calendar.php cal_id Variable SQL Injection

Network Security News – Sunday, December 04, 2005 Events

Jax Calendar jax_calendar.php cal_id Variable SQL Injection

Jax Calendar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the jax_calendar.php script not properly sanitizing user-supplied input to the cal_id variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21406

PHPX auth.inc.php username Field SQL Injection

PHPX contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin login script calling auth.inc.php which does not properly sanitize user-supplied input to the 'username' field. This may allow an attacker to bypass the admin login check and inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21384

DUware Multiple Product type.asp iType SQL Injection

Multiple DUware products contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the type.asp script not properly sanitizing user-supplied input to the iType variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21385

SimpleBBS Search Module SQL Injection

SimpleBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search module not properly sanitizing user-supplied input to undisclosed variables. This may allow an attacker to inject or manipulate SQL queries in the backend database. No further details have been provided.. Read more at osvdb.org/21399

Trac Ticket Query Module group Variable SQL Injection

Trac contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the query script not properly sanitizing user-supplied input to the group variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21386

Multiple Unix Vendor lpd Incomplete Print Job Display Queue Overflow

A local overflow exists in multiple operating systems. The line printer daemon (lpd) fails to correctly parse an incomplete print job request, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/1945

WebCalendar edit_report_handler.php time_range Variable SQL Injection

WebCalendar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the edit_report_handler.php script not properly sanitizing user-supplied input to the 'time_range' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21382

MailEnable Crafted RENAME Command Remote DoS

MailEnable contains a flaw that may allow a remote denial of service. The issue is triggered when an authenticated user sends an IMAP rename message with non-existent mailbox names to the IMAP server, and will result in loss of availability for the service.. Read more at osvdb.org/21109

MailEnable Invalid IMAP Commands Remote DoS

MailEnable contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends invalid IMAP commands to the IMAP server, and will result in loss of availability for the service.. Read more at osvdb.org/21388

Calendar Express year.php Multiple Variable SQL Injection

Calendar Express contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the year.php script not properly sanitizing user-supplied input to the 'cid' and 'catid' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21405

Vuln: PHPYellowTM Multiple SQL Injection Vulnerabilities

PHPYellowTM Multiple SQL Injection Vulnerabilities. Read more at securityfocus.com/bid/15700

Vuln: Alisveristr E-commerce Login Multiple SQL Injection Vulnerabilities

Alisveristr E-commerce Login Multiple SQL Injection Vulnerabilities. Read more at securityfocus.com/bid/15699

Vuln: PHP-Fusion Messages.PHP SQL Injection Vulnerability

PHP-Fusion Messages.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15698

Vuln: PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities

PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities. Read more at securityfocus.com/bid/15411

[OpenPKG-SA-2005.027] OpenPKG Security Advisory (php)

[OpenPKG-SA-2005.027] OpenPKG Security Advisory (php). Read more at securityfocus.com/archive/1/418502

Re: Re: Microsoft Windows CreateRemoteThread Exploit

Re: Re: Microsoft Windows CreateRemoteThread Exploit. Read more at securityfocus.com/archive/1/418504

QNX 4.25 suided dhcp.client binary

QNX 4.25 suided dhcp.client binary. Read more at securityfocus.com/archive/1/418513

[OpenPKG-SA-2005.026] OpenPKG Security Advisory (lynx)

[OpenPKG-SA-2005.026] OpenPKG Security Advisory (lynx). Read more at securityfocus.com/archive/1/418503