Network Security News Monitor - Friday, March 24, 2006 Events

TuxBank manage_account.php id Variable SQL Injection

TuxBank contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the manage_account.php script not properly sanitizing user-supplied input to the 'id' variable, called via index.php. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Apple Safari ZIP Archive File Extension Mismatch Arbitrary File Execution

Safari contains a flaw that may allow arbitrary commands execution when user opens malicious Web page or HTML email attachment. The issue is triggered due to an error in the processing of file association meta data in ZIP archives (stored in the "__MACOSX" folder) and mail messages (defined via the AppleDouble MIME format). It is possible that the flaw may result in a loss of integrity.. Read more.

Orion Application Server Crafted Filename Extension JSP Source Disclosure

Orion Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is due to a validation error of the filename extension supplied by the user in the URL, which will disclose the source code of JSP files via a specially crafted request containing dot and space characters resulting in a loss of confidentiality.. Read more.

AdMan editCampaign.php Malformed campaignId Variable Path Disclosure

Adman contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker assigns an empty or invalid value in the campaignId variable in a request to the editCampaign.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more.

AdMan viewPricingScheme.php Malformed schemeId Variable Path Disclosure

AdMan contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker assigns an empty or invalid value to the schemeId variable in a request to the viewPricingScheme.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more.

AdMan viewStatement.php transactions_offset Variable SQL Injection

AdMan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewStatement.php script not properly sanitizing user-supplied input to the transactions_offset variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.