Network Security News – Friday, June 30, 2006 Events
thinkWMS printarticle.php id Variable SQL Injection
ThinkWMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the printarticle.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26743
thinkWMS index.php Multiple Variable SQL Injection
ThinkWMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' and 'catid' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26742
CA Multiple Product Scan Job Description Field Format String
CA Integrated Threat Management, eTrust Antivirus and eTrust PestPatrol Anti-Spyware Corporate Edition contain a flaw that may allow a remote denial of service. The issue is triggered when a format string error occurs when handling the description field of a scan job, and will result in loss of availability for the platform.. Read more at osvdb.org/26654
Eduha Meeting File Upload Arbitrary PHP Code Execution
Eduha Meeting File contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered when the user uploads a file, the script does not correctly restrict the extension of files that can be uploaded. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.. Read more at osvdb.org/26627
Hitachi Groupmax Address/Mail Server Unspecified DoS
Hitachi Groupmax Address/Mail Server contains a flaw that may allow an unspecified denial of service. The issue is triggered when unspecified errors occurs during the handling of unexpected requests, and will result in loss of availability for certain processes.. Read more at osvdb.org/26679
Free Realty propview.php sort Variable SQL Injection
Free Realty contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the propview.php script not properly sanitizing user-supplied input to the 'sort' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26667
Hosting Controller Unspecified Authenticated Privilege Escalation
Hosting Controller contains a flaw that may allow a malicious user to gain access to unauthorized privileges and list all resellers or change their passwords. The issue is triggered when unspecified errors occurs. This flaw may lead to a loss of Confidentiality and Integrity.. Read more at osvdb.org/26693
IMGallery galerie.php Multiple Variable SQL Injection
IMGallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the galerie.php script not properly sanitizing user-supplied input to the 'start' and 'sort' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26695
IRIX disk_bandwidth Relative Pathname Privilege Escalation
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user tricks the disk_bandwidth program into running a malicious binary or a malicious script, due to its failure to use an absolute path in a system function call. This flaw may lead to a loss of integrity.. Read more at osvdb.org/936
Cisco 79xx IP Phone SYN Flood Device Reboot Remote DoS
Cisco 79xx IP phones contain a flaw that may allow a remote denial of service. The issue is triggered when an attacker initiates a SYN flood against the phone, and will result in loss of availability for the device.. Read more at osvdb.org/22469
Vuln: XennoBB Messages.PHP Cross-site Scripting Vulnerability
XennoBB Messages.PHP Cross-site Scripting Vulnerability. Read more at securityfocus.com/bid/18652
Vuln: Apple Mac OS X ImageIO TIFF Images Remote Buffer Overflow Vulnerability
Apple Mac OS X ImageIO TIFF Images Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18731
Leave a Reply