socialMPN article.php sid Variable SQL Injection

Network Security News – Saturday, August 06, 2005 Events

socialMPN article.php sid Variable SQL Injection

socialMPN contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'article.php' script not properly sanitizing user-supplied input to the 'sid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17555

socialMPN friend.php sid Variable SQL Injection

socialMPN contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'friend.php' script not properly sanitizing user-supplied input to the 'sid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17561

socialMPN index.php siteid Variable SQL Injection

socialMPN contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'siteid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17560

socialMPN newtopic.php username Variable SQL Injection

socialMPN contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'newtopic.php' script not properly sanitizing user-supplied input to the 'username' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17558

socialMPN sections.php Multiple Variable SQL Injection

socialMPN contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'sections.php' script not properly sanitizing user-supplied input to the 'secid' and 'artid' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17559

socialMPN user.php uname Variable SQL Injection

socialMPN contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'user.php' script not properly sanitizing user-supplied input to the 'uname' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17556

socialMPN viewforum.php siteid Variable SQL Injection

socialMPN contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewforum.php' script not properly sanitizing user-supplied input to the 'siteid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17557

MyHelpDesk index.php id Variable SQL Injection

MyHelpDesk contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/10120

FlexPHPNews usercheck.php logincheck Variable Path Disclosure

FlexPHPNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'logincheck' variable in the 'usercheck.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18490

FlexPHPNews usercheck.php Admin Login Multiple Field SQL Injection

FlexPHPNews contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'usercheck.php' script not properly sanitizing user-supplied input to the 'username' and 'password' fields. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18492

Vuln: No-Brainer SMTP Client Log_Msg() Remote Format String Vulnerability

No-Brainer SMTP Client Log_Msg() Remote Format String Vulnerability. Read more at securityfocus.com/bid/14441

Vuln: Ethereal Multiple Protocol Dissector Vulnerabilities

Ethereal Multiple Protocol Dissector Vulnerabilities. Read more at securityfocus.com/bid/14399

Vuln: Lantronix Secure Console Server SCS820/SCS1620 Multiple Local Vulnerabilities

Lantronix Secure Console Server SCS820/SCS1620 Multiple Local Vulnerabilities

. Read more at securityfocus.com/bid/14486

Vuln: EMC Navisphere Manager Directory Traversal And Information Disclosure Vulnerabilities

EMC Navisphere Manager Directory Traversal And Information Disclosure Vulnerabilities. Read more at securityfocus.com/bid/14487

Defeating Citi-Bank Virtual Keyboard Protection

Defeating Citi-Bank Virtual Keyboard Protection. Read more at securityfocus.com/archive/1/407472

Silvernews 2.0.3 remote command execution exploit, proxy server support!

Silvernews 2.0.3 remote command execution exploit, proxy server support!. Read more at securityfocus.com/archive/1/407463

TSLSA-2005-0040 – multi

TSLSA-2005-0040 – multi

. Read more at securityfocus.com/archive/1/407467

Vulnerability in ePing and eTrace plugins of e107

Vulnerability in ePing and eTrace plugins of e107. Read more at securityfocus.com/archive/1/407475