BLOG:CMS index.php id Variable SQL Injection

Network Security News – Wednesday, July 05, 2006 Events

BLOG:CMS index.php id Variable SQL Injection

Blog:Cms contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26877

HP-UX Kernel Unspecified Local DoS

HP-UX Kernel contains a flaw that may allow a local denial of service. The issue is triggered when handling certain malformed requests, and will result in loss of availability for the system. No further details have been provided.. Read more at osvdb.org/26873

Scout Portal Toolkit SPT–ForumTopics.php forumid Variable SQL Injection

Scout Portal Toolkit contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SPT–ForumTopics.php script not properly sanitizing user-supplied input to the 'forumid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26870

SiteBar command.php command Variable XSS

SiteBar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'command' variable upon submission to the command.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26869

IRIX File Alteration Monitor (fam) Arbitrary Directory Listing

IRIX contains a flaw that may allow a malicious attacker to obtain a complete listing of files and directories on vulnerable systems. The issue is triggered when the File Altercation Monitor (fam) daemon is instructed by a program to monitor the root directory. It is possible that the flaw may allow retrieval of all files under the root directory, resulting in a loss of confidentiality.. Read more at osvdb.org/164