Network Security News Monitor - Tuesday, April 18, 2006 Events

Web+Shop store.wml storeid Variable Path Disclosure

Web+Shop contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker submits a request to the store.wml script with an invalid value in the 'storeid' variable, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more.

RateIt rateit.php rateit_id Variable SQL Injection

RateIt contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the rateit.php script not properly sanitizing user-supplied input to the 'rateit_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Amaya textarea rows Attribute Value Overflow

A remote overflow exists in Amaya. The product fails to filter hostile input associated with the 'textarea rows' html attribute resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.

Amaya legend color Attribute Value Overflow

A remote overflow exists in Amaya. The product fails to filter hostile input associated with the 'color legend' html attribute resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.