Network Security News – Monday, April 10, 2006 Events
wpBlog index.php postid Variable SQL Injection
wpBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'postid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24385
WEBalbum Cookie skin2 Parameter Traversal Local File Inclusion
WEBalbum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to start.php not properly sanitizing user input supplied to the 'skin2' cookie parameter. This may allow an attacker to include arbitrary code or execute commands by injecting code into local log files via GET commands, and then accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.. Read more at osvdb.org/24160
Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
Commerce Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the sample files within the "AuthFiles" directory which can be exploited to bypass authentication and logon as a valid user without knowing the password. This flaw may lead to a loss of integrity.. Read more at osvdb.org/24121
MD News admin.php id Variable SQL Injection
MD News contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24454
SiteMan admin_login.asp txtpassword Variable SQL Injection
SiteMan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin_login.asp script not properly sanitizing user-supplied input to the 'txtpassword' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24362
Interact login.php Error Message Username Enumeration
Interact contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when login.php returns different error messages depending on if a valid username was supplied. This can be exploited to help enumerate valid usernames resulting in a loss of confidentiality.. Read more at osvdb.org/24388
Interact login.php user_name Variable SQL Injection
Interact contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'user_name' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24390
Crafty Syntax Image Gallery Crafted HTTP POST Request Arbitrary PHP Code Execution
Crafty Syntax Image Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to a flaw in the newimage.php script which does not properly validate uploaded images. This may allow an attacker to upload arbitrary PHP scripts using manipulated HTTP POST data that contains arbitrary commands which will be executed with the privileges of the web server.. Read more at osvdb.org/24387
Crafty Syntax Image Gallery slides.php limitquery_s Variable SQL Injection
Crafty Syntax Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the slides.php script not properly sanitizing user-supplied input to the 'limitquery_s' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24386
Leave a Reply