Network Security News – Sunday, May 15, 2005 Events
Telecat BBS Message Post Line Center BASIC Access
Telecat BBS contains a flaw that may allow a user to gain elevated privileges. The issue occurs when a user posts a message, types a line of text and attempts to center the text with a CTRL-V. In some cases, this will cause the program to fail and give access to the BASIC interpreter. In other cases, it may hang the BBS and require the SYSOP to reboot the system.. Read more at osvdb.org/2350
MaxWebPortal privatesend_info.asp sendto Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'sendto' variable in the privatesend_info.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16518
MaxWebPortal pop_avatar_delete.asp Multiple Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'A_ID' or 'A_URL' variable in the pop_avatar_delete.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16514
MaxWebPortal inc_top.asp Name Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'Name' variable in the inc_top.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16507
MaxWebPortal privatedelete.asp id Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the privatedelete.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16517
MaxWebPortal pop_announce_delete.asp A_ID Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'A_ID' variable in the pop_announce_delete.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16513
MaxWebPortal inc_functions.asp fpassword Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'fpassword' variable in the inc_functions.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16502
MaxWebPortal post_info.asp Multiple Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'txtAddress', 'message' and 'subject' variable in the post_info.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16503
MaxWebPortal pm_view.asp id Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the pm_view.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16512
MaxWebPortal inc_function.asp FORUM_ID Variable SQL Injection
MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'FORUM_ID' variable in the inc_function.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16508
Skull-Splitter Guestbook Multiple HTML Injection Vulnerabilities
Skull-Splitter Guestbook is a Web based application written in PHP.Skull-Splitter Guestbook is prone to multiple HTML injection vulnerabilities. This is due to the app…. Read more at securityfocus.com/bid/13632?ref=rss
Leave a Reply