Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Mambo mambo.php Multiple Variable SQL Injection

Network Security News – Tuesday, February 28, 2006 Events

Mambo mambo.php Multiple Variable SQL Injection

Mambo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the mambo.php script not properly sanitizing user-supplied input to the 'username' and 'task' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23503

Mambo mambo.php 'mos_change_template' Variable Local File Inclusion

Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mambo.php not properly sanitizing user input supplied to the 'mos_change_template' variable. This may allow an attacker to read arbitrary local files or include local files which contain arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23505

Mambo content.php 'filter' Variable SQL Injection

Mambo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the content.php script not properly sanitizing user-supplied input to the 'filter' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23402

Issue Dealer Local Weblog Publisher Unspecified Issue

Issue Dealer contains a flaw related to the local weblog publisher that may allow an attacker to perform unspecified actions. No further details have been provided.. Read more at osvdb.org/23502

Fast Lexical Analyzer Generator (Flex) Multiple Unspecified Issues

flex contains multiple unspecified security issues. No further details have been provided.. Read more at osvdb.org/23440

PHPLIB Unspecified Remote Code Execution

PHPLib contains a flaw related to the phplib library that may allow an attacker to execute arbitrary code. No further details have been provided.. Read more at osvdb.org/23466

Calcium New Event EventText Field XSS

Calcium contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'EventText' variable upon submission to the 'Calcium' script during the creation of a new event. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23471

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *