Prodder enc_url Crafted URL Arbitrary Command Execution

Network Security News – Wednesday, June 07, 2006 Events

Prodder enc_url Crafted URL Arbitrary Command Execution

Prodder contains a flaw that may allow a malicious user to remotely execute arbitrary commands. The issue is triggered because the program fails to properly sanitise input in the shape of a podcast URL before passing it to a shell command, resulting in a loss of integrity.. Read more at osvdb.org/25690

PostgreSQL Single Quote Escaping Filter Bypass

PostgreSQL contains a flaw that may allow a malicious user to bypass security restrictions and execute arbitrary SQL commands. The issue is triggered due to an error when escaping ASCII single quote "'" characters (by turning them into "\'") and operating in multibyte encodings (e.g. SJIS, BIG5, GBK, GB18030, or UHC) that allow using the "0x5c" ASCII code (backslash) as the trailing byte of a multibyte character. It is possible that the flaw may allow SQL injection attacks resulting in a loss of confidentiality and integrity.. Read more at osvdb.org/25731

ByteHoard server.php bhconfig[bhfilepath] Variable Remote File Inclusion

ByteHoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to server.php not properly sanitizing user input supplied to the 'bhconfig[bhfilepath]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25948