Network Security News – Tuesday, December 06, 2005 Events
Widget Imprint create.php product_id Variable SQL Injection
Widget Imprint contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'create.php' script not properly sanitizing user-supplied input to the 'product_id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21435
Widget Property property.php lang Variable Path Disclosure
Widget Property contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker inserts arbitrary data into the 'lang' variable in the 'property.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21427
Widget Property property.php Multiple Variable SQL Injection
Widget Imprint contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'property.php' script not properly sanitizing user-supplied input to the 'property_id', 'zip_code', 'property_type_id', 'price', and 'city_id' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21426
LandShop ls.php lang Variable Path Disclosure
LandShop contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker inserts arbitrary data into the 'lang' variable in the 'ls.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21434
LandShop ls.php Multiple Variable SQL Injection
LandShop contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'ls.php' script not properly sanitizing user-supplied input to the 'search_order', 'search_type', 'keyword', and 'search_area' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21433
SiteBeater MP3 Catalog Search.asp XSS
SiteBeater MP3 Catalog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the 'Search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21424
SiteBeater News System Archive.asp sKeywords Variable XSS
SiteBeater News System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sKeywords' variable upon submission to the 'Archive.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21436
vTiger CRM index.php date Variable SQL Injection
vTiger CRM contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'date' variable. This may allow a logged-in attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21225
vTiger CRM Login username Field SQL Injection
vTiger CRM contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the username variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21226
vTiger CRM Leads Module record Variable XSS
vTiger CRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'record' variable upon submission to the 'index.php' script in the Leads module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21229
Vuln: Edgewall Software Trac Search Module SQL Injection Vulnerability
Edgewall Software Trac Search Module SQL Injection Vulnerability. Read more at securityfocus.com/bid/15720
Vuln: Web4Future Affiliate Manager PRO Functions.PHP SQL Injection Vulnerability
Web4Future Affiliate Manager PRO Functions.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15717
Vuln: Web4Future Portal Solutions Arhiva.PHP Directory Traversal Vulnerability
Web4Future Portal Solutions Arhiva.PHP Directory Traversal Vulnerability. Read more at securityfocus.com/bid/15718
Vuln: Web4Future Portal Solutions Comentarii.PHP SQL Injection Vulnerability
Web4Future Portal Solutions Comentarii.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15716
Blog System v1.2 Multiple SQL Injection Vulnerabilities
Blog System v1.2 Multiple SQL Injection Vulnerabilities. Read more at securityfocus.com/archive/1/418640
Outpost24 Public Security Note: Linux/Elxbot
Outpost24 Public Security Note: Linux/Elxbot. Read more at securityfocus.com/archive/1/418645
Buffer Overflow in MultiTech VoIP Implementations
Buffer Overflow in MultiTech VoIP Implementations. Read more at securityfocus.com/archive/1/418653
[security bulletin] HPSBUX01059 SSRT4704 Revised – HP-UX Running wu-ftpd Local Unauthorized Access
[security bulletin] HPSBUX01059 SSRT4704 Revised – HP-UX Running wu-ftpd Local Unauthorized Access. Read more at securityfocus.com/archive/1/418569
Leave a Reply