Network Security News – Monday, September 19, 2005 Events
Ahnlab V3 Antivirus Archive Decompression Traversal Arbitrary File Write
Ahnlab V3 contains a flaw that allows a remote attacker to write files to arbitrary directories. The issue is due to an error in the archive decompression library and occurs when a malicious archive is scanned containing compressed files with directory traversal sequences in their filenames.. Read more at osvdb.org/19416
RunCMS newbb_plus Module reply.php forum Variable SQL Injection
RunCMS contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'reply.php' script not properly sanitizing user-supplied input to the 'forum' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18911
RunCMS Search Engine Multiple Variable SQL Injection
RunCMS contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'Search Engine' not properly sanitizing user-supplied input to the 'addquery' and 'subquery' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18908
RunCMS newbb_plus Module newtopic.php forum Variable SQL Injection
RunCMS contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'newtopic.php' script not properly sanitizing user-supplied input to the 'forum' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18909
RunCMS newbb_plus Module edit.php forum Variable SQL Injection
RunCMS contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'edit.php' script not properly sanitizing user-supplied input to the 'forum' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18910
RunCMS Messages Module print.php msg_id Variable SQL Injection
RunCMS contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'print.php' script not properly sanitizing user-supplied input to the 'msg_id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18912
Mall23 eCommerce infopagepopup.asp idPage Variable SQL Injection
Mall23 contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'infopagepopup.asp' script not properly sanitizing user-supplied input to the 'idPage' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19313
Mall23 eCommerce infopage.asp idPage Variable SQL Injection
Mall23 contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'infopage.asp' script not properly sanitizing user-supplied input to the 'idPage' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19312
DeluxeBB topic.php tid Variable SQL Injection
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'topic.php' script not properly sanitizing user-supplied input to the 'tid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19404
DeluxeBB misc.php uid Variable SQL Injection
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'misc.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19405
Leave a Reply