• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Direct News Search Module SQL Injection

Network Security News – Friday, January 13, 2006 Events

Direct News Search Module SQL Injection

Direct News contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search module not properly sanitizing user-supplied input to unspecified variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22340

Advanced Guestbook comment.php gb_id Variable XSS

Advanced Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'gb_id' variable upon submission to the comment.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22188

Peel index.php rubid Variable SQL Injection

Peel contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'rubid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20818

phpWebThing download.php file Variable SQL Injection

phpWebThings contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the download.php script not properly sanitizing user-supplied input to the 'file' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20945

CaLogic New Event title Field XSS

CaLogic contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "title" variable upon submission to a new event creation. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22322

Multiple BSD exec Race Condition Process Debugger Privilege Escalation

Multiple BSD operating systems contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user causes a process to exec a setuid binary, while gaining ptrace control
over it by using a debugger. The control lasts only for a short period of time before the process is activated. During this window of time, the ptrace controller process can modify the address space of the controlled process and abuse its elevated privileges. This flaw may lead to a loss of integrity.. Read more at osvdb.org/19475

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software