BXCP index.php where Variable SQL Injection

Network Security News – Friday, July 07, 2006 Events

BXCP index.php where Variable SQL Injection

BXCP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'where' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26938

ppp Winbind Plugin setuid Failure Local Privilege Escalation

ppp Winbind Plugin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the Winbind Plugin fails check the result of 'setuid' call . This flaw may lead to a loss of confidentiality and integrity.. Read more at osvdb.org/26994

Emilia Pinball Arbitrary Plugin Privilege Escalation

Emilia Pinball contains a flaw that may allow a local denial of service. The issue is triggered when an unspecified error occurs when loading compiled plugins, and will result in loss of availability for the system.. Read more at osvdb.org/26829