Woltlab Burning Board JGS-Portal jgs_portal_beitraggraf.php year Variable SQL In

Network Security News – Friday, May 20, 2005 Events

Woltlab Burning Board JGS-Portal jgs_portal_beitraggraf.php year Variable SQL Injection

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'year' variable in the jgs_portal_beitraggraf.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16674

Woltlab Burning Board JGS-Portal jgs_portal_beitraggraf.php year Variable XSS

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' variable upon submission to the jgs_portal_beitraggraf.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16667

Woltlab Burning Board JGS-Portal jgs_portal_box.php id Variable SQL Injection

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the jgs_portal_box.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16681

Woltlab Burning Board JGS-Portal jgs_portal_box.php id Variable XSS

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the jgs_portal_box.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16671

Woltlab Burning Board JGS-Portal jgs_portal_log.php Accept-Language Header SQL Injection

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Accept-Language header field in the jgs_portal_log.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16680

Woltlab Burning Board JGS-Portal jgs_portal_mitgraf.php year Variable SQL Injection

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'year' variable in the jgs_portal_mitgraf.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16678

Woltlab Burning Board JGS-Portal jgs_portal_mitgraf.php year Variable XSS

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' variable upon submission to the jgs_portal_mitgraf.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16672

Woltlab Burning Board JGS-Portal jgs_portal_sponsor.php id Variable SQL Injection

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the jgs_portal_sponsor.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16679

Woltlab Burning Board JGS-Portal jgs_portal_sponsor.php id Variable XSS

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the jgs_portal_sponsor.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16670

Woltlab Burning Board JGS-Portal jgs_portal_statistik.php year Variable XSS

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' variable upon submission to the jgs_portal_statistik.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16666

IBM AIX IPL_Varyon Local Buffer Overflow Vulnerability

IBM AIX 'ipl_varyon' utility is designed to allow users to set the default physical boot volume.A local buffer overflow vulnerability reportedly affects IBMs AIX 'ipl_v…. Read more at securityfocus.com/bid/12516?ref=rss

Episodex Guestbook HTML Injection Vulnerability

Episodex Guestbook is Web guestbook software implemented is ASP.Episodex Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the a…. Read more at securityfocus.com/bid/13692?ref=rss

Episodex Guestbook Unauthorized Access Vulnerability

Episodex Guestbook is Web guestbook software implemented is ASP.Episodex Guestbook is prone to an unauthorized access vulnerability. An unauthenticated remote attack…. Read more at securityfocus.com/bid/13693?ref=rss

PHP Advanced Transfer Manager Arbitrary File Include Vulnerability

PHP Advanced Transfer Manager is an upload and download manager implemented in PHP. PHP Advanced Transfer Manager is prone to an arbitrary file include vulnerability. …

. Read more at securityfocus.com/bid/13691?ref=rss

Extreme Networks ExtremeWare XOS Privilege Escalation Vulnerability

Extreme Networks ExtremeWare XOS is prone to a local privilege escalation vulnerability. The exact details of the vulnerability are not available. However, reports indi…. Read more at securityfocus.com/bid/13690?ref=rss

IBM AIX Multiple Device Management Utilities Local Format String Vulnerability

The IBM AIX 'chdev' utility is designed to provide functionality to modify the characteristics of a specified device. A user needs group 'system' privileges in order to e…. Read more at securityfocus.com/bid/12472?ref=rss

UNICODE BUFFER OVERFLOW IN MS-WORD

Sender: Bahaa Naamneh [b_naamneh at hotmail dot com]

. Read more at securityfocus.com/archive/1/398546?ref=rss

JavaMail Information Disclosure (msgno)

Sender: Ricky Latt [ygnboyz at gmail dot com]. Read more at securityfocus.com/archive/1/398544?ref=rss

phpATM arbitrary PHP code inclusion

Sender: Ingvar Gilbert [bugtraq at ingwie dot de]. Read more at securityfocus.com/archive/1/398536?ref=rss

[ GLSA 200505-14 ] Cheetah: Untrusted module search path

Sender: Sune Kloppenborg Jeppesen [jaervosz at gentoo dot org]

. Read more at securityfocus.com/archive/1/398541?ref=rss