Network Security News – Sunday, March 12, 2006 Events
PEAR HTML_QuickForm_Controller URL Session ID Disclosure
PEAR HTML_QuickForm_Controller contains a flaw that may lead to an unauthorized information disclosure. The Next action adds the SID to the URL when
session.use_only_cookies is configured, resulting in a loss of confidentiality.. Read more at osvdb.org/23766
Hosting Controller search.asp search Variable SQL Injection
Hosting Controller contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.asp script not properly sanitizing user-supplied input to the 'search' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23802