• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

My Little Forum search.php search Field SQL Injection

Network Security News – Wednesday, February 01, 2006 Events

My Little Forum search.php search Field SQL Injection

My Little Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19650

Mailgust Password Reminder email Field SQL Injection

Mailgust contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the password reminder page not properly sanitizing user-supplied input to the email field. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19679

RSyslog Syslog Message SQL Injection

RSyslog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing a syslog message before use in an SQL query. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19678

Nuked-KlaN Members Module letter Variable XSS

Nuked-klaN contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'letter' variable upon submission to the Members module (via index.php). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22805

CRE Loaded files.php Unauthenticated Arbitrary File Upload

CRE Loaded contains a flaw that may allow a malicious user to execute arbitrary commands. The '/admin/htmlarea/popups/file/files.php' script is accessible without authentication, allowing a remote attacker to use this script to upload malicious PHP files and execute arbitrary code on the system.. Read more at osvdb.org/22793

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software