HelpDeskPoint index.php page Variable SQL Injection

Network Security News – Wednesday, January 04, 2006 Events

HelpDeskPoint index.php page Variable SQL Injection

HelpDeskPoint contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'page' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21318

Web Wiz Multiple Product check_user.asp txtUserName Variable SQL Injection

Web Wiz News, Web Wiz Journal, Web Wiz Polls and Web Wiz Database Login contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the check_user.asp script not properly sanitizing user-supplied input to the 'txtUserName' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22148

VEGO Web Forum index.php theme_id Variable SQL Injection

VEGO Web Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'theme_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22140

VEGO Links Builder login.php username Variable SQL Injection

VEGO Links Builder contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22139

Juniper NetScreen Security Manager (NSM) guiSrv/devSrv Crafted String Remote DoS

Juniper Netscreen Security Manager contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted long strings are sent to the 'guiSrv' or 'devSrv' processes, which will crash the services and therefore result in loss of availability for the services.

Note that the watchdog service installed on NSM will restart the crashed service after about five minutes.. Read more at osvdb.org/22047

Primo Cart user.php email Variable SQL Injection

Primo Cart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the user.php script not properly sanitizing user-supplied input to the 'email' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22146

eFileGo Server Traversal Arbitrary Command Execution

eFileGo contains a flaw that allows a remote attacker to execute programs outside of the web path. The issue is due to the eFileGo server not properly sanitizing user input, specifically traversal style attacks (../../) supplied to the server.. Read more at osvdb.org/22151

eFileGo upload.exe CPU Consumption DoS

eFileGo contains a flaw that may allow a remote denial of service. The issue is triggered when an attempt is made to upload a file to an invalid directory. This will result in the 'upload'exe' program consuming large amounts of CPU resources on the system, potentially leading to loss of availability for the platform.. Read more at osvdb.org/22152

PHPenpals profile.php personalID Variable SQL Injection

PHPenpals contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the profile.php script not properly sanitizing user-supplied input to the 'personalID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22150

PHPjournaler index.php readold Variable SQL Injection

PHPjournaler contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'readold' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22149

Vuln: Intel Graphics Accelerator Driver Remote Denial Of Service Vulnerability

Intel Graphics Accelerator Driver Remote Denial Of Service Vulnerability. Read more at securityfocus.com/bid/16127

Vuln: CS-Cart Multiple SQL Injection Vulnerabilities

CS-Cart Multiple SQL Injection Vulnerabilities. Read more at securityfocus.com/bid/16134

Vuln: Jax Calendar Jax_calendar.PHP SQL Injection Vulnerability

Jax Calendar Jax_calendar.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/16130

Vuln: EZ Invoice Inc. EZI Invoices.PHP SQL Injection Vulnerability

EZ Invoice Inc. EZI Invoices.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/16133

Re: Drupal all versiyon xss cehennem.org

Re: Drupal all versiyon xss cehennem.org. Read more at securityfocus.com/archive/1/420683

Re: Drupal all versiyon xss cehennem.org

Re: Drupal all versiyon xss cehennem.org. Read more at securityfocus.com/archive/1/420681

WSJ: The new "metasploit" computer virus

WSJ: The new "metasploit" computer virus. Read more at securityfocus.com/archive/1/420699

[ GLSA 200601-01 ] pinentry: Local privilege escalation

[ GLSA 200601-01 ] pinentry: Local privilege escalation. Read more at securityfocus.com/archive/1/420657