• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Nuked-Klan Forum Module Multiple Variable SQL Injection

Network Security News – Sunday, January 22, 2006 Events

Nuked-Klan Forum Module Multiple Variable SQL Injection

Nuked-Klan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Forum Module not properly sanitizing user-supplied input to the 'forum_id', 'thread_id' and 'link_id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20338

Nuked-Klan Links Module link_id Variable SQL Injection

Nuked-Klan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Links Module not properly sanitizing user-supplied input to the 'link_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20337

Nuked-Klan Sections Module artid Variable SQL Injection

Nuked-Klan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Sections Module not properly sanitizing user-supplied input to the 'artid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20339

My Amazon Store Manager search.php q Variable XSS

My Amazon Store Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22626

NavBoard post.php BBcode XSS

NavBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate BBcode upon submission to the 'post.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22277

Netbula Anyboard anyboard.cgi tK Variable XSS

Netbula Anyboard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tK' variable upon submission to the 'anyboard.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22461

427BB posts.php Message Body XSS

427BB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Message Body upon submission to the 'posts.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22276

ezDatabase index.php p Variable XSS

ezDatabase contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'p' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22684

Hitachi HITSENSER Data Mart Server Unspecified SQL Injection

HITSENSER Data Mart Server contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22669

Nuked-Klan Download Module dl_id Variable SQL Injection

Nuked-Klan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Download Module not properly sanitizing user-supplied input to the 'dl_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20340

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software