Network Security

Network Security News Monitor - Sunday, May 14, 2006 Events

 

Creative Community Portal PollResults.php Multiple Variable SQL Injection

Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PollResults.php script not properly sanitizing user-supplied input to the 'AddVote' or 'answer_id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Creative Community Portal EventView.php event_id Variable SQL Injection

Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the EventView.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Creative Community Portal DiscView.php forum_id Variable SQL Injection

Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DiscView.php script not properly sanitizing user-supplied input to the 'forum_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Creative Community Portal Discussions.php forum_id Variable SQL Injection

Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Discussion.php script not properly sanitizing user-supplied input to the 'forum_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Creative Community Portal DiscReply.php mid Variable SQL Injection

Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DiscReply.php script not properly sanitizing user-supplied input to the 'mid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Creative Community Portal ArticleView.php article_id Variable SQL Injection

Creative Community Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ArticleView.php script not properly sanitizing user-supplied input to the 'article_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Claroline phpnuke.inc.php clarolineRepositorySys Variable Remote File Inclusion

Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/phpnuke.inc.php not properly sanitizing user input supplied to the 'clarolineRepositorySys' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Claroline moodle.inc.php clarolineRepositorySys Variable Remote File Inclusion

Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/moodle.inc.php not properly sanitizing user input supplied to the 'clarolineRepositorySys' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Claroline mambo.inc.php includePath Variable Remote File Inclusion

Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/mambo.inc.php not properly sanitizing user input supplied to the 'includePath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Claroline ldap.inc.php clarolineRepositorySys Variable Remote File Inclusion

Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/ldap.inc.php not properly sanitizing user input supplied to the 'clarolineRepositorySys' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Vuln: XPDF DCTStream Baseline Remote Heap Buffer Overflow Vulnerability

XPDF DCTStream Baseline Remote Heap Buffer Overflow Vulnerability. Read more.