SaralBlog search.php SQL Injection

Network Security News – Monday, January 30, 2006 Events

SaralBlog search.php SQL Injection

SaralBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'search' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22740

Zoph Multiple Unspecified SQL Injections

Zoph contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to unspecified script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22743

BlogPHP config.php Cookie Fields SQL injection

BlogPHP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the config.php script not properly sanitizing user-supplied input via a cookie to the 'blogphp_username' and 'blogphp_password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22738

DDSN CMS Admin Panel Login Multiple Field SQL Injection

DDSN CMS Admin Panel contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22696

NewsPHP index.php Multiple Variable SQL Injection

NewsPHP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'discuss', 'tim', 'id', 'last' and 'limit' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22717

eggblog topic.php message Variable XSS

eggblog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'message' variable upon submission to the topic.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22752

eggblog blog.php id Variable SQL Injection

eggblog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the blog.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22751

miniBloggie login.php Multiple Field SQL Injection

miniBloggie contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22729

AndoNET Blog index.php entrada Variable SQL Injection

AndoNet Blog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'entrada' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22755

Cisco IOS AAA tclsh Command Authentication Bypass

Cisco IOS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the Authentication, Authorization, and Accounting (AAA) command authorization feature is enabled and the TCL shell is available. This flaw may lead to a loss of integrity.. Read more at osvdb.org/22723

Vuln: Sylpheed LDIF Import Remote Buffer Overflow Vulnerability

Sylpheed LDIF Import Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15363

Vuln: Joshua Chamas Crypt::SSLeay Perl Module Insecure Entropy Source Vulnerability

Joshua Chamas Crypt::SSLeay Perl Module Insecure Entropy Source Vulnerability. Read more at securityfocus.com/bid/13471

Vuln: GDB Multiple Vulnerabilities

GDB Multiple Vulnerabilities. Read more at securityfocus.com/bid/13697

Vuln: XPDF DCTStream Progressive Remote Heap Buffer Overflow Vulnerability

XPDF DCTStream Progressive Remote Heap Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15726

Ege Internet Web Desing Remote Command Exucetion

Ege Internet Web Desing Remote Command Exucetion. Read more at securityfocus.com/archive/1/423365

[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting

[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting. Read more at securityfocus.com/archive/1/423363

Multiple vulnerabilities in CommuniGate Pro Server

Multiple vulnerabilities in CommuniGate Pro Server. Read more at securityfocus.com/archive/1/423364

Re: [security] What A Click! [Internet Explorer]

Re: [security] What A Click! [Internet Explorer]. Read more at securityfocus.com/archive/1/423301