FreznoShop product_details.php id Variable SQL Injection

Network Security News – Friday, August 12, 2005 Events

FreznoShop product_details.php id Variable SQL Injection

FreznoShop contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'product_details.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18686

Qmail RCPT TO Command Remote Overflow

qmail-smtpd contains a flaw that may allow a remote denial of service. The issue is triggered by sending an email with a large number of recipient addresses. Qmail will attempt to process such message, which will consume all memory on the server host, and will result in loss of availability for this computer.. Read more at osvdb.org/5850

Chipmunk Forum index.php fontcolor Variable XSS

Chipmunk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fontcolor' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18653