PHP-Fusion shoutbox_panel.php shout_name XSS

Network Security News – Saturday, February 11, 2006 Events

PHP-Fusion shoutbox_panel.php shout_name XSS

PHP-Fusion contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'shout_name' variable upon submission to the shoutbox_panel.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22980

PHP-Fusion comments_include.php comments XSS

PHP-Fusion contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'comments' variable upon submission to the comments_include.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22981

Digital Scribe login Field SQL Injection

Digital Scribe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19460

Content2Web index.php show Variable SQL Injection

Content2Web contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'show' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19488

Noahs Classified index.php rollid Variable SQL Injection

Noahs Classifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'rollid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19420

ATutor password_reminder.php Email Field SQL Injection

ATutor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the password_reminder.php script not properly sanitizing user-supplied input to the 'email' field. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19411

Simplog archive.php Multiple Variable SQL Injection

Simplog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the archive.php script not properly sanitizing user-supplied input to the 'pid', 'blogid', 'cid' and "m' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19581

Simplog blogadmin.php blogid Variable SQL Injection

Simplog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the blogadmin.php script not properly sanitizing user-supplied input to the 'blogid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19582

Erik Thauvin mailback.pl Subject Line Arbitrary Mail Relay

Erik Thauvin's mailback.pl contains a flaw that may allow a malicious user to inject arbitrary email headers via the user supplied subject, allowing email to be sent to arbitrary recipients. The issue is triggered when a malicious user enters a subject with a newline followed by "CC" and "BCC" headers. It is possible that the flaw may allow spamming and other unauthorized mail relaying resulting in a loss of integrity.. Read more at osvdb.org/22955

my little forum functions.php BBcode link Tag XSS

my little forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate [link] BBCode tags upon submission to the 'functions.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22856

Vuln: GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities

GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities. Read more at securityfocus.com/bid/16568

Vuln: HP PSC 1210 All-in-One Driver Unspecified Vulnerability

HP PSC 1210 All-in-One Driver Unspecified Vulnerability. Read more at securityfocus.com/bid/16583

Vuln: Sun ONE Directory Server Remote Denial Of Service Vulnerability

Sun ONE Directory Server Remote Denial Of Service Vulnerability

. Read more at securityfocus.com/bid/16550

Vuln: ELOG Web Logbook Multiple Remote Vulnerabilities

ELOG Web Logbook Multiple Remote Vulnerabilities. Read more at securityfocus.com/bid/16579

[ Secuobs – Advisory ] Bluetooth : DoS on Nokia cell phones

[ Secuobs – Advisory ] Bluetooth : DoS on Nokia cell phones. Read more at securityfocus.com/archive/1/424688

iDEFENSE Security Advisory 02.10.06: IBM Lotus Domino Server LDAP DoS Vulnerability

iDEFENSE Security Advisory 02.10.06: IBM Lotus Domino Server LDAP DoS Vulnerability

. Read more at securityfocus.com/archive/1/424681

SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007)

SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007). Read more at securityfocus.com/archive/1/424715

TSLSA-2006-0006 – multi

TSLSA-2006-0006 – multi. Read more at securityfocus.com/archive/1/424687