• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Widget Imprint create.php product_id Variable SQL Injection

Network Security News – Tuesday, December 06, 2005 Events

Widget Imprint create.php product_id Variable SQL Injection

Widget Imprint contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'create.php' script not properly sanitizing user-supplied input to the 'product_id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21435

Widget Property property.php lang Variable Path Disclosure

Widget Property contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker inserts arbitrary data into the 'lang' variable in the 'property.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21427

Widget Property property.php Multiple Variable SQL Injection

Widget Imprint contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'property.php' script not properly sanitizing user-supplied input to the 'property_id', 'zip_code', 'property_type_id', 'price', and 'city_id' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21426

LandShop ls.php lang Variable Path Disclosure

LandShop contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker inserts arbitrary data into the 'lang' variable in the 'ls.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21434

LandShop ls.php Multiple Variable SQL Injection

LandShop contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'ls.php' script not properly sanitizing user-supplied input to the 'search_order', 'search_type', 'keyword', and 'search_area' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21433

SiteBeater MP3 Catalog Search.asp XSS

SiteBeater MP3 Catalog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the 'Search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21424

SiteBeater News System Archive.asp sKeywords Variable XSS

SiteBeater News System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sKeywords' variable upon submission to the 'Archive.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21436

vTiger CRM index.php date Variable SQL Injection

vTiger CRM contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'date' variable. This may allow a logged-in attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21225

vTiger CRM Login username Field SQL Injection

vTiger CRM contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the username variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21226

vTiger CRM Leads Module record Variable XSS

vTiger CRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'record' variable upon submission to the 'index.php' script in the Leads module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21229

Vuln: Edgewall Software Trac Search Module SQL Injection Vulnerability

Edgewall Software Trac Search Module SQL Injection Vulnerability. Read more at securityfocus.com/bid/15720

Vuln: Web4Future Affiliate Manager PRO Functions.PHP SQL Injection Vulnerability

Web4Future Affiliate Manager PRO Functions.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15717

Vuln: Web4Future Portal Solutions Arhiva.PHP Directory Traversal Vulnerability

Web4Future Portal Solutions Arhiva.PHP Directory Traversal Vulnerability. Read more at securityfocus.com/bid/15718

Vuln: Web4Future Portal Solutions Comentarii.PHP SQL Injection Vulnerability

Web4Future Portal Solutions Comentarii.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15716

Blog System v1.2 Multiple SQL Injection Vulnerabilities

Blog System v1.2 Multiple SQL Injection Vulnerabilities. Read more at securityfocus.com/archive/1/418640

Outpost24 Public Security Note: Linux/Elxbot

Outpost24 Public Security Note: Linux/Elxbot. Read more at securityfocus.com/archive/1/418645

Buffer Overflow in MultiTech VoIP Implementations

Buffer Overflow in MultiTech VoIP Implementations. Read more at securityfocus.com/archive/1/418653

[security bulletin] HPSBUX01059 SSRT4704 Revised – HP-UX Running wu-ftpd Local Unauthorized Access

[security bulletin] HPSBUX01059 SSRT4704 Revised – HP-UX Running wu-ftpd Local Unauthorized Access. Read more at securityfocus.com/archive/1/418569

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software