Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

SPIP Administrative Area Multiple Unspecified SQL Injection

Network Security News – Monday, February 06, 2006 Events

SPIP Administrative Area Multiple Unspecified SQL Injection

SPIP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the administrative area not properly sanitizing user-supplied input to unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22844

Oracle Database SYS.KUPV$FT_INT Multiple Function SQL Injection

Oracle Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the UPDATE_JOB, ACTIVE_JOB, ATTACH_POSSIBLE, ATTACH_TO_JOB, CREATE_NEW_JOB, DELETE_JOB, DELETE_MASTER_TABLE, DETACH_JOB, GET_JOB_INFO, GET_JOB_QUEUES, GET_SOLE_JOBNAME, MASTER_TBL_LOCK and VALID_HANDLE functions not properly sanitizing user-supplied input to unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22840

Oracle Database SYS.KUPV$FT Multiple Function SQL Injection

Oracle Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SYS.KUPV$FT functions, ATTACH_JOB, OPEN_JOB and HAS_PRIVS not properly sanitizing user-supplied input to unspecified variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22839

Invision Power Board Dragoran Portal Module index.php site Variable SQL Injection

Invision Power Board Dragoran Portal Module contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'site' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22851

SPIP forum.php3 Multiple Variable SQL Injection

SPIP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to forum.php3 not properly sanitizing user input supplied to the 'id_article' and 'id_forum' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/22845

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *