Network Security

Network Security News Monitor - Tuesday, February 28, 2006 Events

 

Mambo mambo.php Multiple Variable SQL Injection

Mambo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the mambo.php script not properly sanitizing user-supplied input to the 'username' and 'task' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Mambo mambo.php 'mos_change_template' Variable Local File Inclusion

Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mambo.php not properly sanitizing user input supplied to the 'mos_change_template' variable. This may allow an attacker to read arbitrary local files or include local files which contain arbitrary commands which will be executed by the vulnerable script.. Read more.

Mambo content.php 'filter' Variable SQL Injection

Mambo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the content.php script not properly sanitizing user-supplied input to the 'filter' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Issue Dealer Local Weblog Publisher Unspecified Issue

Issue Dealer contains a flaw related to the local weblog publisher that may allow an attacker to perform unspecified actions. No further details have been provided.. Read more.

Fast Lexical Analyzer Generator (Flex) Multiple Unspecified Issues

flex contains multiple unspecified security issues. No further details have been provided.. Read more.

PHPLIB Unspecified Remote Code Execution

PHPLib contains a flaw related to the phplib library that may allow an attacker to execute arbitrary code. No further details have been provided.. Read more.

Calcium New Event EventText Field XSS

Calcium contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'EventText' variable upon submission to the 'Calcium' script during the creation of a new event. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.