• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

MyBulletinBoard (MyBB) moderation.php posts Variable SQL Injection

Network Security News – Tuesday, February 14, 2006 Events

MyBulletinBoard (MyBB) moderation.php posts Variable SQL Injection

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'moderation.php' script not properly sanitizing user-supplied input to the 'posts' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22957

vwdev index.php UID Variable SQL Injection

vwdev contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'UID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22991

Clever Copy mailarticle.php ID Variable SQL Injection

Clever Copy contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'mailarticle.php' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22984

Verity KeyView Viewer SDK kvarcve.dll Compressed File Preview Traversal Arbitrary File Deletion

Verity KeyView Viewer SDK contains a flaw that allows a remote attacker to delete arbitrary files. The issue is due to 'kvarcve.dll' not properly checking the filenames of compressed files in ZIP, UUE, and TAR archives for traversal style attacks (../../) when generating their previews.. Read more at osvdb.org/23066

Verity KeyView Viewer SDK htmsr.dll Link Processing Overflow

An overflow exists in the HTML speed reader component of the KeyView Viewer SDK. The software fails to properly validate file names passed to the 'htmsr.dll' library when a link is clicked, resulting in a buffer overflow. With a specially crafted long file name starting with a 'http', 'ftp' or '//' prefix, an attacker can execute arbitrary code, resulting in a loss of integrity.

Note that the vulnerable component is used by IBM Lotus Notes for viewing HTML files.. Read more at osvdb.org/23068

PAM-MySQL SQL Logging Facility Segfault DoS

PAM-MySAQL contains a flaw that may allow a remote denial of service. The issue is triggered when by an unspecified flaw resulting in a segmentation fault in the SQL logging facility occurs, and will result in loss of availability for the service.. Read more at osvdb.org/22994

Lotus Domino iNotes Attached File XSS

Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML attachments of emails upon displaying them to the user. In addition, Lotus Notes fails to properly sanitise the attachment's file name before displaying it to the user. Both these issues could allow an attacker to create a specially crafted HTML file or a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23077

Lotus Domino iNotes Email Subject XSS

Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the subject of an email upon displaying it to the user. This could allow an attacker to create a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23078

Lotus Domino iNotes javascript: Filter Bypass

Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does properly validate JavaScript content that contains a '
' character, bypassing the existing security filters. This could allow an attacker to create a specially crafted link that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23079

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software