Network Security News – Sunday, May 14, 2006 Events
Creative Community Portal PollResults.php Multiple Variable SQL Injection
Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PollResults.php script not properly sanitizing user-supplied input to the 'AddVote' or 'answer_id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25311
Creative Community Portal EventView.php event_id Variable SQL Injection
Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the EventView.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25310
Creative Community Portal DiscView.php forum_id Variable SQL Injection
Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DiscView.php script not properly sanitizing user-supplied input to the 'forum_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25308
Creative Community Portal Discussions.php forum_id Variable SQL Injection
Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Discussion.php script not properly sanitizing user-supplied input to the 'forum_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25309
Creative Community Portal DiscReply.php mid Variable SQL Injection
Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DiscReply.php script not properly sanitizing user-supplied input to the 'mid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25312
Creative Community Portal ArticleView.php article_id Variable SQL Injection
Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ArticleView.php script not properly sanitizing user-supplied input to the 'article_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25307
Claroline phpnuke.inc.php clarolineRepositorySys Variable Remote File Inclusion
Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/phpnuke.inc.php not properly sanitizing user input supplied to the 'clarolineRepositorySys' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25326
Claroline moodle.inc.php clarolineRepositorySys Variable Remote File Inclusion
Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/moodle.inc.php not properly sanitizing user input supplied to the 'clarolineRepositorySys' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25325
Claroline mambo.inc.php includePath Variable Remote File Inclusion
Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/mambo.inc.php not properly sanitizing user input supplied to the 'includePath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25324
Claroline ldap.inc.php clarolineRepositorySys Variable Remote File Inclusion
Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/ldap.inc.php not properly sanitizing user input supplied to the 'clarolineRepositorySys' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25315
Vuln: XPDF DCTStream Baseline Remote Heap Buffer Overflow Vulnerability
XPDF DCTStream Baseline Remote Heap Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15727
Leave a Reply