ADN Forum verpag.php pagid Variable SQL Injection

Network Security News – Monday, January 09, 2006 Events

ADN Forum verpag.php pagid Variable SQL Injection

ADN Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the verpag.php script not properly sanitizing user-supplied input to the 'pagid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22241

ADN Forum index.php fid Variable SQL Injection

ADN Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'fid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22240

Modular Merchant Marketplace Shopping Cart category.php cat Variable XSS

Modular Merchant Marketplace shopping cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' variable upon submission to the 'category.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22243

Vuln: Navboard Multiple BBCode Tag Script Injection Vulnerabilities

Navboard Multiple BBCode Tag Script Injection Vulnerabilities. Read more at securityfocus.com/bid/16165

Vuln: VMWare Remote Arbitrary Code Execution Vulnerability

VMWare Remote Arbitrary Code Execution Vulnerability. Read more at securityfocus.com/bid/15998

Vuln: NetSarang XLPD Remote Denial of Service Vulnerability

NetSarang XLPD Remote Denial of Service Vulnerability. Read more at securityfocus.com/bid/16164

Vuln: Apache mod_auth_pgsql Multiple Unspecified Format String Vulnerabilities

Apache mod_auth_pgsql Multiple Unspecified Format String Vulnerabilities. Read more at securityfocus.com/bid/16153

[ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking

[ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking. Read more at securityfocus.com/archive/1/421148

[eVuln] NavBoard BBcode XSS Vulnerability

[eVuln] NavBoard BBcode XSS Vulnerability. Read more at securityfocus.com/archive/1/421149

Re: Interview: Ilfak Guilfanov

Re: Interview: Ilfak Guilfanov. Read more at securityfocus.com/archive/1/421150

Re: Download Accelerator Plus can be tricked to download malicious file

Re: Download Accelerator Plus can be tricked to download malicious file. Read more at securityfocus.com/archive/1/421052

TinyPHPForum /users/ Directory User Information Disclosure

TinyPHPForum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a URL requesting confidential user information from the /users/ directory occurs, which will disclose their password hash and other information, resulting in a loss of confidentiality.. Read more at osvdb.org/22257

TinyPHPForum action.php txt Variable XSS

TinyPHPForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'txt' variable upon submission to the 'action.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22256

TinyPHPForum profile.php uname Variable Traversal Arbitrary File Manipulation

TinyPHPForum contains a flaw that may allow a malicious user to view or create files in arbitrary locations on the server's file system. The issue is triggered when the 'uname' variable contains file system traversal characters, such as dot-dot-slash submitted to the 'profile.php' script. It is possible that the flaw may allow the web server to view or create files in arbitrary locations in the file system. resulting in a loss of confidentiality and integrity.. Read more at osvdb.org/22258

vBulletin reminder.php Add Reminder Field title Variable XSS

vBulletin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title' variable upon submission to the 'reminder.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22220

vBulletin calendar.php Add Reminder Field title Variable XSS

vBulletin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title' variable upon submission to the 'calendar.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22210

OnePlug CMS /services/details.asp Service_ID Variable SQL Injection

OnePlug CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /service/details.asp script not properly sanitizing user-supplied input to the 'Service_ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22249

OnePlug CMS /press/details.asp Press_Release_ID Variable SQL Injection

OnePlug contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the '/press/details.asp' script not properly sanitizing user-supplied input to the 'Press_Release_ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22248