Network Security News – Friday, January 27, 2006 Events
Complete PHP Counter list.php SQL Injection
Complete PHP Counter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the list.php script not properly sanitizing user-supplied input to the 'c' or 's' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20085
PHP-Nuke Downloads Module url Variable SQL Injection
PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the downloads module not properly sanitizing user-supplied input to the 'url' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20292
PHP-Nuke Web_Links Module description Variable SQL Injection
PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the web_links module not properly sanitizing user-supplied input to the 'description' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20293
PHP-Nuke Your Account Username Field SQL Injection
PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20291
BitComet Client .torrent URI Handling Overflow
A remote overflow exists in Bitcomet Client. The BitComet Client fails to check the size of the publisher's name URI in a torrent file, resulting in a buffer overflow. With a specially crafted request, an attacker can allow arbitrary code execution resulting in a loss of availability.. Read more at osvdb.org/22625
Etomite todo.inc.php cij Variable Arbitrary Command Execution
Etomite Content Management System contains a default backdoor in the 'todo.inc.php' script. A remote attacker could exploit this vulnerability by sending a specially-crafted URL to the todo.inc.php script that uses the 'cij' parameter to pass malicious code to the popen() function, allowing the attacker to execute commands on the system. While the command output is mailed to a hardcoded email address, the commands are still executed.. Read more at osvdb.org/22693
Cisco CallManager Connection Saturation Window Message Queue Exhaustion DoS
Cisco CallManager contains a flaw that may allow a remote denial of service. The issue is triggered when a large number of connections to ports 2001, 2002, or 7727 are received (filling the Windows message queue), and will result in loss of availability for the service.. Read more at osvdb.org/22623
Cisco CallManager Port 2000 Connection Saturation Resource Consumption DoS
Cisco CallManager contains a flaw that may allow a remote denial of service. The issue is caused by a failure to diligently manage TCP connections on port 2000, and will result in loss of availability for the platform.. Read more at osvdb.org/22622
Linleys Dungeon Crawl Arbitrary Command Execution
Dungeon Crawl contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the program executes programs in an insecure manner when saving or loading games, allowing a local user to gain 'games' group privileges. This flaw may lead to a loss of integrity.. Read more at osvdb.org/22690
Leave a Reply