WoltLab Burning Board board.php boardid Variable SQL Injection

Network Security News – Saturday, August 20, 2005 Events

WoltLab Burning Board board.php boardid Variable SQL Injection

WoltLab Burning Board contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'board.php' script not properly sanitizing user-supplied input to the 'boardid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/10106

VP-ASP shopaffio.asp Multiple Variable SQL Injection

VP-ASP contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shopaffio.asp' script not properly sanitizing user-supplied input to the 'password' and 'lastname' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18014

PHP-Nuke NukeCalendar Module eid Variable XSS

The NukeCalendar (KalenderMx) module for PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'eid' variables upon submission to the module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/5266

PHP-Nuke auth.php admin Variable SQL Injection

PHP-Nuke contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'auth.php' script not properly sanitizing user-supplied input to the 'admin' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/5262

PHP-Nuke admin.php admin Variable SQL Injection

PHP-Nuke contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'admin.php' script not properly sanitizing user-supplied input to the 'admin' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/16635

Online Store Kit shop_by_brand.php cat_manufacturer Variable SQL Injection

Online Store Kit contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shop_by_brand.php' script not properly sanitizing user-supplied input to the 'cat_manufacturer' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/15447

Online Store Kit shop.php cat Variable SQL Injection

Online Store Kit contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shop.php' script not properly sanitizing user-supplied input to the 'cat' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/15446

Online Store Kit listing.php id Variable SQL Injection

Online Store Kit contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'listing.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/15448

NetUP utm_stat sid Variable SQL Injection

NetUP UTM contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'utm_stat' script not properly sanitizing user-supplied input to the 'sid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/10283

NetUP admin sid Variable SQL Injection

NetUP UTM contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'admin' script not properly sanitizing user-supplied input to the 'sid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/2591

Vuln: Linux Kernel SNMP Handler Denial of Service Vulnerability

Linux Kernel SNMP Handler Denial of Service Vulnerability. Read more at securityfocus.com/bid/14611

Vuln: Cisco Clean Access Agent Installation Bypass Vulnerability

Cisco Clean Access Agent Installation Bypass Vulnerability. Read more at securityfocus.com/bid/14612

Vuln: Linux Kernel ISO File System Denial Of Service Vulnerability

Linux Kernel ISO File System Denial Of Service Vulnerability

. Read more at securityfocus.com/bid/14614

Vuln: MyBulletinBoard Search.PHP SQL Injection Vulnerability

MyBulletinBoard Search.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/14615

Vul in MyBB

Vul in MyBB. Read more at securityfocus.com/archive/1/408624

WinAce Temporary File Parsing Buffer Overflow Vulnerability

WinAce Temporary File Parsing Buffer Overflow Vulnerability. Read more at securityfocus.com/archive/1/408600

Cisco Clean Access Agent (Perfigo) bypass

Cisco Clean Access Agent (Perfigo) bypass

. Read more at securityfocus.com/archive/1/408603

[USN-170-1] gnupg vulnerability

[USN-170-1] gnupg vulnerability. Read more at securityfocus.com/archive/1/408601