Network Security News Monitor - Sunday, March 12, 2006 Events

PEAR HTML_QuickForm_Controller URL Session ID Disclosure

PEAR HTML_QuickForm_Controller contains a flaw that may lead to an unauthorized information disclosure. The Next action adds the SID to the URL when
session.use_only_cookies is configured, resulting in a loss of confidentiality.. Read more.

Hosting Controller search.asp search Variable SQL Injection

Hosting Controller contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.asp script not properly sanitizing user-supplied input to the 'search' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.