Network Security News – Sunday, February 19, 2006 Events
tmsPUBLISHER pagename.cfm Malformed id Variable Path Disclosure
tmsPUBLISHER contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker supplies a non-integer to the 'id' variable of the pagename.cfm script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/23298
XMB Forums today.php Cookie Data SQL Injection
XMB Forums contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'today.php' script not properly sanitizing user-supplied input to the cookies. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23117
XMB Forums u2u.inc.php Multiple Function SQL Injection
XMB Forums contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the u2u.inc.php script not properly sanitizing user-supplied input to the 'u2u_mod_delete()', 'u2u_mod_move()', and 'u2u_mod_markUnread()' functions. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23118
Zen Cart Unspecified SQL Injection
Zen Cart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to unspecified script(s) not properly sanitizing user-supplied input to unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23110
Oreka Crafted RTP Packet Sequence Remote DoS
Oreka contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious sequence of RTP packets is received, and will result in loss of availability for the service.. Read more at osvdb.org/23300
phphd POST Method check.php username Variable SQL Injection
phphd contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the checkphp script not properly sanitizing user-supplied input to the 'username' variable via the POST method. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23025
Hitachi Business Logic Container (BLC) Unspecified SQL Injection
BLC contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to unspecified script(s) not properly sanitizing user-supplied input to unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23099
2200net Calendar System calendar.php id Variable SQL Injection
2200net Calendar System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the calendar.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23037
2200net Calendar System adminlogin.php acc Variable SQL Injection
2200net Calendar System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the adminlogin.php script not properly sanitizing user-supplied input to the 'acc' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23038
Leave a Reply