PHP Arena paCheckbook index.php Multiple Variable SQL Injection

Network Security News – Monday, May 15, 2006 Events

PHP Arena paCheckbook index.php Multiple Variable SQL Injection

psCheckbook contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "transtype" and "entry" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25349

phpBB TopList toplist.php phpbb_root_path Variable Remote File Inclusion

TopList contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to toplist.php not properly sanitizing user input supplied to the 'phpbb_root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25260

TopList for phpBB list.php returnpath Variable Remote File Inclusion

TopList contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to list.php not properly sanitizing user input supplied to the 'returnpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25294

Winamp m3u/pls .wma Parsing Overflow

A remote overflow exists in WinAmp. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted '*.m3u' and/or '*.pls' file and an ending filename having the '*.wma' extension, a remote attacker can cause arbitrary code execution or the application to crash resulting in a loss of integrity and/or availability.. Read more at osvdb.org/22975

OpenPGP CFB Module Quick Check Feature Information Disclosure

OpenPGP protocol contains a flaw that may allow a malicious user to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. The issue is triggered when handling a message that was encrypted using cipher feedback (CFB) mode. It is possible that the flaw may result in a loss of confidentiality.. Read more at osvdb.org/13775

OpenPGP / PGP Secret Key Ring Modification Private Key Disclosure

OpenPGP protocol contains a flaw that may allow a malicious user to determine the private signature key. The issue is triggered when an attacker alters the encrypted private key file and captures a single message signed with the signature key. It is possible that the flaw may result in a loss of confidentiality and/or integrity.. Read more at osvdb.org/11966

OzzyWork Galeri add.asp Arbitrary File Upload

OzzyWork contains a flaw that may allow a malicious user to upload arbitray files. The issue is caused by improper file extensions checks in add.asp. It is possible that the flaw may allow an attacker to upload and execute arbitrary ASP code resulting in a loss of integrity.. Read more at osvdb.org/25427

OzzyWork Galeri admin_default.asp Multiple Field SQL Injection

OzzyWork Galeri contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin_default.asp script not properly sanitizing user-supplied input to the 'id' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25426

OcT 3121/3122 Printer Web Server Overflow DoS

OcT contains a flaw that may allow a remote denial of service. The issue is triggered due to an error in the built-in webserver when handling an overly long user-supplied URL, and will result in loss of availability for the platform.. Read more at osvdb.org/25000

OpenFAQ submit.php q Variable XSS

OpenFAQ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the submit.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25350