Exhibit Engine list.php Multiple Variable SQL Injection

Network Security News – Tuesday, June 07, 2005 Events

Exhibit Engine list.php Multiple Variable SQL Injection

Exhibit Engine contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "search_row", "sort_row", "order", and "perpage" variable in the list.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/17006

602LAN SUITE Log File Processing HTML Tag Obfuscation

602LAN SUITE contains a flaw that may allow remote manipulation of log data. The issue is triggered when a remote user submits an HTTP GET request for the string "</pre><!–". From that point, subsequent log entries will not be displayed when the administrator views the log file until the string " –><pre>" is encountered. This log manipulation can be used by a remote attacker to obfuscate records of other attack attempts, and will result in loss of log integrity for the service.

Administrators can still see the log entries by viewing the HTML source of the logs.. Read more at osvdb.org/17129

SPA-PRO Mail @Solomon IMAP create Command Remote Overflow

A remote overflow exists in SPA-PRO Mail @Solomon. SPA-PRO Mail @Solomon fails to perform proper bounds checking on the create command resulting in a buffer overflow. With a specially crafted request, an attacker can cause a remote overflow resulting in a loss of integrity.. Read more at osvdb.org/16990

SPA-PRO Mail @Solomon IMAP Multiple Command Traversal

SPA-PRO MAIL @Solomon contains a flaw that allows a remote attacker to access or manipulate arbitrary content outside of their home directory. The issue is due to multiple commands not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the IMAP service.. Read more at osvdb.org/16989

AIX Performance Tools stripnm Unspecified Local Root Access

AIX Performance Tools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an unspecified error in "bosext1.extcmds.obj" Licensed Program Product, specifically the 'stripnm' utility. This flaw may allow a local attacker to gain root privileges, resulting in a loss of integrity.. Read more at osvdb.org/17080

AIX Performance Tools rmss Unspecified Local Root Access

AIX Performance Tools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an unspecified error in "bosext1.extcmds.obj" Licensed Program Product, specifically the 'rmss' utility. This flaw may allow a local attacker to gain root privileges, resulting in a loss of integrity.. Read more at osvdb.org/17079

AIX Performance Tools rmap Unspecified Local Root Access

AIX Performance Tools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an unspecified error in "bosext1.extcmds.obj" Licensed Program Product, specifically the 'rmap' utility. This flaw may allow a local attacker to gain root privileges, resulting in a loss of integrity.. Read more at osvdb.org/17078

AIX Performance Tools netpmon Unspecified Local Root Access

AIX Performance Tools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an unspecified error in "bosext1.extcmds.obj" Licensed Program Product, specifically the 'netpmon' utility. This flaw may allow a local attacker to gain root privileges, resulting in a loss of integrity.. Read more at osvdb.org/17077

AIX Performance Tools lvedit Unspecified Local Root Access

AIX Performance Tools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an unspecified error in "bosext1.extcmds.obj" Licensed Program Product, specifically the 'lvedit' utility. This flaw may allow a local attacker to gain root privileges, resulting in a loss of integrity.. Read more at osvdb.org/17076

AIX Performance Tools genld Unspecified Local Root Access

AIX Performance Tools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an unspecified error in "bosext1.extcmds.obj" Licensed Program Product, specifically the 'genld' utility. This flaw may allow a local attacker to gain root privileges, resulting in a loss of integrity.. Read more at osvdb.org/17075

Vuln: YaPiG View.PHP Cross-Site Scripting Vulnerability

YaPiG View.PHP Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/13875

Vuln: YaPiG Upload.PHP Directory Traversal Vulnerability

YaPiG Upload.PHP Directory Traversal Vulnerability. Read more at securityfocus.com/bid/13877

Vuln: PortailPHP ID Parameter SQL Injection Vulnerability

PortailPHP ID Parameter SQL Injection Vulnerability

. Read more at securityfocus.com/bid/13708

Vuln: Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability

Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/13878

SQL Injection Exploit for Portail PHP < 1.3

SQL Injection Exploit for Portail PHP < 1.3. Read more at securityfocus.com/archive/1/401607

[ GLSA 200506-04 ] WordPress: Multiple vulnerabilities

[ GLSA 200506-04 ] WordPress: Multiple vulnerabilities. Read more at securityfocus.com/archive/1/401597

[ GLSA 200506-03 ] Dzip: Directory traversal vulnerability

[ GLSA 200506-03 ] Dzip: Directory traversal vulnerability

. Read more at securityfocus.com/archive/1/401608

[ GLSA 200506-02 ] Mailutils: SQL Injection

[ GLSA 200506-02 ] Mailutils: SQL Injection. Read more at securityfocus.com/archive/1/401609