Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

qmailadmin QMAILADMIN_TEMPLATEDIR Environment Variable Local Overflow

Network Security News – Tuesday, August 30, 2005 Events

qmailadmin QMAILADMIN_TEMPLATEDIR Environment Variable Local Overflow

A local overflow exists in qmailadmin. The CGI program fails to do proper boundary checking when processing environment variables resulting in a stack overflow. With a specially crafted request, an attacker can run arbitatry code on the server resulting in a loss of integrity.. Read more at osvdb.org/14533

MyBulletinBoard (MyBB) search.php action Variable SQL Injection

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'action' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19033

MyBulletinBoard (MyBB) polls.php polloptions Variable SQL Injection

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the polls.php script not properly sanitizing user-supplied input to the 'polloptions' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19032

MyBulletinBoard (MyBB) member.php Multiple Variable SQL Injection

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the member.php script not properly sanitizing user-supplied input to the 'action', 'username', and possibly other variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19031

MyBulletinBoard (MyBB) index.php Username Variable SQL Injection

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'username' variable. This will allow an attacker to inject or manipulate SQL queries in the backend database, including logging in as the site administrator and full access to the Admin Control Panel.. Read more at osvdb.org/19030

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *