Network Security News – Sunday, July 03, 2005 Events
SSH Tectia Server Private Key Permission Weakness
SSH Tectia Server and SSH Secure Shell for Windows contains a flaw that may allow a malicious user to obtain the server host identification key caused by insufficient file permissions. It is possible that the flaw may allow an attacker to access the host identification key without the required administrative privileges. This key could then be copied and installed on a malicious server to masquerade as the original server.. Read more at osvdb.org/17685
Plague News index.php cid Variable SQL Injection
Plague News contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'cid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17687
Leave a Reply