Network Security

Network Security News Monitor - Thursday, May 18, 2006 Events

 

ezUserManager ezusermanager_core.inc.php ezUserManager_Path Variable Remote File Inclusion

ezUserManager contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to ezusermanager_core.inc.php not properly sanitizing user input supplied to the "ezUserManager_Path" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Confixx Pro ftplogin/ login Variable XSS

Confixx Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "login" variable upon submission to the ftplogin/ script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

DeluxeBB misc.php name Variable SQL Injection

DeluxeBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the misc.php script not properly sanitizing user-supplied input to the "name" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Azboard admin_ok.asp Multiple Variable SQL Injection

Azboard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin_ok.asp script not properly sanitizing user-supplied input to the "id" and "cate" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Azboard list.asp Multiple Variable SQL Injection

Azboard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the list.asp script not properly sanitizing user-supplied input to the "searchstring" and "cate" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.