PHPFreeNews AccessControl.php Multiple Field SQL Injection

Network Security News – Sunday, August 21, 2005 Events

PHPFreeNews AccessControl.php Multiple Field SQL Injection

PHPFreeNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the AccessControl.php script not properly sanitizing user-supplied input to the 'user' and 'pass' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18850

HAURI Anti-Virus Compressed Archive Extraction Traversal Arbitrary File Write

Multiple HAURI Anti-Virus products contain a flaw that allows a remote attacker to overwrite arbitrary files. The issue is due to unsafe extraction of compressed archives into a temporary directory before scanning which can be used to write files into arbitrary directories when scanning, specifically a malicious archive containing files that have "../../" directory sequences in their filenames, resulting a loss of integrity.. Read more at osvdb.org/18812

PHPFreeNews SearchResults.php Multiple Variable SQL Injection

PHPFreeNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SearchResults.php script not properly sanitizing user-supplied input to the 'Match' and 'CatID' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18849

PHPFreeNews NewsCategoryForm.php NewsMode Variable XSS

PHPFreeNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'NewsMode' variable upon submission to the NewsCategoryForm.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18851

MindAlign Unspecified Encryption Weakness

MindAlign contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered through an unspecified encryption weakness, which will disclose authentication or system information resulting in a loss of confidentiality.. Read more at osvdb.org/18757

MindAlign Unspecified User Enumeration Issue

MindAlign contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered through an unspecified user enumeration issue, which will disclose user account information resulting in a loss of confidentiality.. Read more at osvdb.org/18754

MindAlign Unspecified XSS

MindAlign contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18755

LocalWEB2000 Crafted Request Access Restriction Bypass

LocalWEB2000 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a web request for a password-protected file is pre-pended with '/./', which will disclose protected file contents resulting in a loss of confidentiality.. Read more at osvdb.org/5055

LocalWEB2000 Directory Traversal Arbitrary File Access

LocalWEB2000 contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via URL requests.. Read more at osvdb.org/825

LocalWEB2000 users.lst CleartextPassword Disclosure

LocalWEB2000 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the file users.lst is accessed, which will disclose usernames and passwords used to access restricted directories resulting in a loss of confidentiality.. Read more at osvdb.org/18810

Vuln: Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability

Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/14617

Vuln: Land Down Under Multiple SQL Injection Vulnerabilities

Land Down Under Multiple SQL Injection Vulnerabilities. Read more at securityfocus.com/bid/14618

Vuln: Land Down Under Multiple Cross-Site Scripting Vulnerabilities

Land Down Under Multiple Cross-Site Scripting Vulnerabilities

. Read more at securityfocus.com/bid/14619

Vuln: PCRE Regular Expression Heap Overflow Vulnerability

PCRE Regular Expression Heap Overflow Vulnerability. Read more at securityfocus.com/bid/14620

ToorCon 7 Lineup Finalized & Pre-Registration Ending

ToorCon 7 Lineup Finalized & Pre-Registration Ending. Read more at securityfocus.com/archive/1/408666

[USN-171-1] PHP4 vulnerabilities

[USN-171-1] PHP4 vulnerabilities. Read more at securityfocus.com/archive/1/408661

[SECURITY] [DSA 779-1] New Mozilla Firefox packages fix several vulnerabilities

[SECURITY] [DSA 779-1] New Mozilla Firefox packages fix several vulnerabilities

. Read more at securityfocus.com/archive/1/408662

Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection

Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection. Read more at securityfocus.com/archive/1/408660