PHPKit imcenter.php im_receiver Variable SQL Injection

Network Security News – Tuesday, September 20, 2005 Events

PHPKit imcenter.php im_receiver Variable SQL Injection

PHPKit contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'imcenter.php' script not properly sanitizing user-supplied input to the 'im_receiver' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19092

PHPKit images.php Arbitrary File Upload/Execution

PHPKit contains a flaw that may allow a remote attacker to upload and/or execute arbitrary files. The issue is triggered when the 'images.php' script is used by an authenticated user. It is possible that the flaw may allow a remote attacker to upload and/or execute arbitrary PHP code resulting in a loss of integrity.. Read more at osvdb.org/18952

Land Down Under list.php Multiple Variable SQL Injection

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'list.php' script not properly sanitizing user-supplied input to the 'o', 'w', 's', 'p' and 'c' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19294

Land Down Under links.php w Variable SQL Injection

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'links.php' script not properly sanitizing user-supplied input to the 'w' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19292

Land Down Under journal.php m Variable SQL Injection

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'journal.php' script not properly sanitizing user-supplied input to the 'm' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19293

Land Down Under forums.php Multiple Variable SQL Injection

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forums.php' script not properly sanitizing user-supplied input to the 's', 'x', 'n' and 'm' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19296

Land Down Under index.php c Variable SQL Injection

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19299

Land Down Under events.php c Variable SQL Injection

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'events.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19300

DeluxeBB newpost.php fid Variable SQL Injection

DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'newpost.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19408

DeluxeBB pm.php uid Variable SQL Injection

DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'pm.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19407

Vuln: Veritas Storage Exec Multiple Remote DCOM Buffer Overflow Vulnerabilities

Veritas Storage Exec Multiple Remote DCOM Buffer Overflow Vulnerabilities. Read more at securityfocus.com/bid/14801

Vuln: Cisco IOS Multiple Unspecified EIGRP Vulnerabilities

Cisco IOS Multiple Unspecified EIGRP Vulnerabilities. Read more at securityfocus.com/bid/14877

Vuln: MX Shop Index.PHP Multiple SQL Injection Vulnerabilities

MX Shop Index.PHP Multiple SQL Injection Vulnerabilities

. Read more at securityfocus.com/bid/14876

Vuln: Sybari Antigen for Exchange/SMTP Attachment Rule Bypass Vulnerability

Sybari Antigen for Exchange/SMTP Attachment Rule Bypass Vulnerability. Read more at securityfocus.com/bid/14875

Re: [Full-disclosure] Cisco IOS hacked?

Re: [Full-disclosure] Cisco IOS hacked?. Read more at securityfocus.com/archive/1/411116

router worms and International Infrastructure [was: Re: IOS exploit]

router worms and International Infrastructure [was: Re: IOS exploit]. Read more at securityfocus.com/archive/1/411061

Antigen 8.0 for Exchange/SMTP Rule Vulnerability

Antigen 8.0 for Exchange/SMTP Rule Vulnerability

. Read more at securityfocus.com/archive/1/411062

Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability

Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability. Read more at securityfocus.com/archive/1/411072