FishCart upstnt.php cartid Variable SQL Injection

Network Security News – Wednesday, May 11, 2005 Events

FishCart upstnt.php cartid Variable SQL Injection

FishCart contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'cartid' variable in the upstnt.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16283

FishCart display.php psku Variable SQL Injection

FishCart contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'psku' variable in the display.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16282

FishCart upstracking.php Multiple Variable XSS

FishCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'trackingnum', 'reqagree', or 'm' variables upon submission to the upstracking.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16281

FishCart display.php nlst Variable XSS

FishCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'nlst' variable upon submission to the display.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16280

NukeET security.php codigo Variable XSS

NukeET contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'codigo' variable upon submission to the security.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16214

Ethereal ESS Dissector Remote Overflow

Ethereal contains a flaw related to the ESS dissector that may allow an attacker to execute arbitrary code by triggering an unspecified buffer overflow. No further details have been provided.. Read more at osvdb.org/16127

Ethereal CRMF Dissector Remote Overflow

Ethereal contains a flaw related to the CRMF dissector that may allow an attacker to execute arbitrary code by triggering an unspecified buffer overflow. No further details have been provided.. Read more at osvdb.org/16126

Ethereal CMS Dissector Remote Overflow

Ethereal contains a flaw related to the CMS dissector that may allow an attacker to execute arbitrary code by triggering an unspecified buffer overflow. No further details have been provided.. Read more at osvdb.org/16125

Ethereal CMP Dissector Remote Overflow

Ethereal contains a flaw related to the CMP dissector that may allow an attacker to execute arbitrary code by triggering an unspecified buffer overflow. No further details have been provided.. Read more at osvdb.org/16124

Ethereal CMIP Dissector Remote Overflow

Ethereal contains a flaw related to the CMIP dissector that may allow an attacker to execute arbitrary code by triggering an unspecified buffer overflow. No further details have been provided.. Read more at osvdb.org/16123

Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerability

Ethereal is a multi-platform network protocol sniffer and analyzer.A remote buffer overflow vulnerability reportedly affects Ethereal. This issue is due to a failure o…. Read more at securityfocus.com/bid/13567?ref=rss

Ethereal Multiple Remote Protocol Dissector Vulnerabilities

Ethereal is a multi-platform network protocol sniffer and analyzer.Many vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in variou…. Read more at securityfocus.com/bid/13504?ref=rss

HT Editor PE Parser Unspecified Remote Buffer Overflow Vulnerability

HT Editor is a hex editor for various platforms.HT Editor is affected by an unspecified buffer overflow vulnerability. This issue arises because the application does no…. Read more at securityfocus.com/bid/13587?ref=rss

HT Editor ELF Parser Unspecified Remote Heap Overflow Vulnerability

HT Editor is a hex editor for various platforms.HT Editor is affected by an unspecified heap overflow vulnerability. This issue arises because the application does not…

. Read more at securityfocus.com/bid/13584?ref=rss

LibTIFF TIFFOpen Buffer Overflow Vulnerability

LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is freely available for Unix and Unix like operating sy…. Read more at securityfocus.com/bid/13585?ref=rss

Gzip Zgrep Arbitrary Command Execution Vulnerability

zgrep is used to invoke grep on gzipped and compressed files.zgrep is reportedly affected by an arbitrary command execution vulnerability. This issue arises due to ins…. Read more at securityfocus.com/bid/13582?ref=rss

Gamespy cd-key validation system: "Cd-key in use" DoS versus many games

Sender: Luigi Auriemma [aluigi at autistici dot org]

. Read more at securityfocus.com/archive/1/397916?ref=rss

Crash in Zoidcom 1.0 beta 4

Sender: Luigi Auriemma [aluigi at autistici dot org]. Read more at securityfocus.com/archive/1/397906?ref=rss

Firefox Crash??

Sender: orebla Orebla [info at orebla dot it]. Read more at securityfocus.com/archive/1/397913?ref=rss

[ GLSA 200505-08 ] HT Editor: Multiple buffer overflows

Sender: Sune Kloppenborg Jeppesen [jaervosz at gentoo dot org]

. Read more at securityfocus.com/archive/1/397915?ref=rss