Network Administration Visualized (NAV) Report Interface SQL Injection

Network Security News – Monday, May 01, 2006 Events

Network Administration Visualized (NAV) Report Interface SQL Injection

Network Administration Visualized contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the report interface not properly sanitizing user-supplied input to an unknown variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25066

IRIX permissions Local Overflow

A local overflow exists in IRIX. The permissions program of the Indigo Magic Desktop package fails to check bounds resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with the privileges of the sys group, resulting in a loss of integrity.. Read more at osvdb.org/997

Microsoft Visual Studio .dbp File DataProject Field Buffer Overflow

A remote overflow exists in Visual Studio. Visual Studio fails to perform proper boundary checks within the handling of ".dbp" files that contain an overly long string in the "DataProject" field, resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23711

IRIX day5datacopier PATH Variable Arbitrary Command Execution

IRIX contains a flaw that may allow a malicious user to execute arbitrary commands as the root user. The issue is triggered when a malicious user creates a trojan horse with the same name as the system program cp and manipulates the PATH environment variable to include the directory containing the trojan. The day5datacopier CGI script will execute the trojan horse because it does not use an absolute path in its call, resulting in a loss of integrity.. Read more at osvdb.org/8559

Invision Power Board action_admin/paysubscriptions.php name Variable Traversal Arbitrary PHP File Inclusion

Invision Power Board contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to action_admin/paysubscriptions.php not properly sanitizing user input supplied to the 'name' variable. This may allow an attacker to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25008

Invision Power Board search.php lastdate Variable Arbitrary PHP Code Execution

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly validate the 'lastdate' variable in a "preg_replace()" call in the search.php script. This could allow a user to inject and execute arbitrary PHP code via the "e" pattern modifier, leading to a loss of integrity.. Read more at osvdb.org/25005

Instant Photo Gallery member.php member Variable XSS

Instant Photo Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'member' variable upon submission to the member.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24984

Instant Photo Gallery portfolio.php cat_id Variable XSS

Instant Photo Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat_id' variable upon submission to the portfolio.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24985