Network Security

Network Security News Monitor - Monday, April 10, 2006 Events

 

wpBlog index.php postid Variable SQL Injection

wpBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'postid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

WEBalbum Cookie skin2 Parameter Traversal Local File Inclusion

WEBalbum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to start.php not properly sanitizing user input supplied to the 'skin2' cookie parameter. This may allow an attacker to include arbitrary code or execute commands by injecting code into local log files via GET commands, and then accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.. Read more.

Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass

Commerce Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the sample files within the "AuthFiles" directory which can be exploited to bypass authentication and logon as a valid user without knowing the password. This flaw may lead to a loss of integrity.. Read more.

MD News admin.php id Variable SQL Injection

MD News contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

SiteMan admin_login.asp txtpassword Variable SQL Injection

SiteMan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin_login.asp script not properly sanitizing user-supplied input to the 'txtpassword' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Interact login.php Error Message Username Enumeration

Interact contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when login.php returns different error messages depending on if a valid username was supplied. This can be exploited to help enumerate valid usernames resulting in a loss of confidentiality.. Read more.

Interact login.php user_name Variable SQL Injection

Interact contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'user_name' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Crafty Syntax Image Gallery Crafted HTTP POST Request Arbitrary PHP Code Execution

Crafty Syntax Image Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to a flaw in the newimage.php script which does not properly validate uploaded images. This may allow an attacker to upload arbitrary PHP scripts using manipulated HTTP POST data that contains arbitrary commands which will be executed with the privileges of the web server.. Read more.

Crafty Syntax Image Gallery slides.php limitquery_s Variable SQL Injection

Crafty Syntax Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the slides.php script not properly sanitizing user-supplied input to the 'limitquery_s' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.