Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

PostNuke Xanthia Module Multiple Variable SQL Injection

Network Security News – Monday, May 30, 2005 Events

PostNuke Xanthia Module Multiple Variable SQL Injection

The Xanthia Module for PostNuke contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'riga' and 'module' variables in the 'Xanthia' module not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16786

IRIX ftpd ftp_syslog Function Anonymous FTP Failure Issue

IRIX ftpd contains a flaw related to the ftp_syslog() function with anonymous FTP that may allow an attacker to avoid having actions logged. No further details have been provided.. Read more at osvdb.org/16897

OpenBB member.php reverse Variable XSS

OpenBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'reverse' variables upon submission to the 'member.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16624

MaxWebPortal password.asp memKey Variable SQL Injection

MaxWebPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'memKey' variable in the 'password.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16847

OpenBB read.php TID Variable SQL Injection

OpenBB contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'TID' variable in the 'read.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16623

PortailPHP index.php id Variable SQL Injection

PortailPHP contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the 'index.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16777

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *