Network Security News – Monday, March 28, 2005 Events
Valdersoft Shopping Cart search_result.php Multiple Parameter SQL Injection
Valdersoft Shopping Cart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'searchQuery' and 'searchTopCategoryID' variables in the search_result.php script are not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15054
phpCOIN Orders Module ord_id Parameter SQL Injection
phpCOIN contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'ord_id' variable in the Orders module is not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15046
ESMI PayPal Storefront products1h.php id Variable XSS
ESMI PayPal Storefront contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the products1h.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15059
ESMI PayPal Storefront pages.php idpages Parameter SQL Injection
ESMI PayPal Storefront contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'idpages' variable in the pages.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15057
FUDforum Icon Manager Path Disclosure
FUDforum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user deletes smileys from the icon manager, which may disclose the server installation path resulting in a loss of confidentiality.. Read more at osvdb.org/15042
Oracle Reports Server test.jsp Multiple Variable XSS
Oracle Reports Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'desname' or 'repprod' variables upon submission to the test.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15050
Valdersoft Shopping Cart item.php id Parameter SQL Injection
Valdersoft Shopping Cart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'id' variable in the item.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15052
Valdersoft Shopping Cart category.php id Parameter SQL Injection
Valdersoft Shopping Cart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'id' variable in the category.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15051
Valdersoft Shopping Cart index.php lang Parameter SQL Injection
Valdersoft Shopping Cart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'lang' variable in the index.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15053
Valdersoft Shopping Cart index.php lang Variable XSS
Valdersoft Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'lang' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15055
Leave a Reply