Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

ezUserManager ezusermanager_core.inc.php ezUserManager_Path Variable Remote File

Network Security News – Thursday, May 18, 2006 Events

ezUserManager ezusermanager_core.inc.php ezUserManager_Path Variable Remote File Inclusion

ezUserManager contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to ezusermanager_core.inc.php not properly sanitizing user input supplied to the "ezUserManager_Path" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25540

Confixx Pro ftplogin/ login Variable XSS

Confixx Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "login" variable upon submission to the ftplogin/ script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25525

DeluxeBB misc.php name Variable SQL Injection

DeluxeBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the misc.php script not properly sanitizing user-supplied input to the "name" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25529

Azboard admin_ok.asp Multiple Variable SQL Injection

Azboard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin_ok.asp script not properly sanitizing user-supplied input to the "id" and "cate" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25528

Azboard list.asp Multiple Variable SQL Injection

Azboard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the list.asp script not properly sanitizing user-supplied input to the "searchstring" and "cate" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25527

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *