manas tungare Site Membership login.asp Username Variable SQL Injection

Network Security News – Monday, March 13, 2006 Events

manas tungare Site Membership login.asp Username Variable SQL Injection

Site Membership Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.asp script not properly sanitizing user-supplied input to the 'Username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23755

manas tungare Site Membership login.asp Error Variable XSS

Site Membership Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Error' variable upon submission to the login.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23753

manas tungare Site Membership default.asp Error Variable XSS

Site Membership Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Error' variable upon submission to the default.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23754

PEAR Text_Password Random Number Generator Seeding Weakness

PEAR Text_Password contains a flaw that may cause passwords and CAPTCHA sequences to be generated from a small random seed pool. This could cause the possible password space to be considerably smaller than intended. Additionally, this would allow attackers to easily brute force CAPTCHA sequences, bypassing the protection offered.. Read more at osvdb.org/23825

thttpd htpasswd Arbitrary Privileged Command Execution

thttpd contains a flaw that may allow a malicious local user to execute privileged commands. The issue is triggered when a user calls the 'htpasswd' utility but supplies arbitrary commands along with a username to be added to a password file. It is possible that the flaw may allow the user to bypass the required authentication and execute arbitrary programs with privileged access.. Read more at osvdb.org/23828

VBZooM contact.php UserID Variable XSS

VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserID' variables upon submission to the contact.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23813

VBZooM comment.php UserID Variable XSS

VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserID' variables upon submission to the comment.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23812

RunCMS bigshow.php id Variable XSS

RunCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the bigshow.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23823

Joomla! unpublished Flag Unspecified Privileged Item Access

Joomla! contains a flaw related to the 'unpublished' flag that may allow an attacker to access various items such as Weblink, Polls, Newfeeds, Weblinks and Content. No further details have been provided.. Read more at osvdb.org/23821

Joomla! Syndication Component Malformed Filename Path Disclosure

Joomla! contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides a malformed filename to the 'feed' variable in the syndication component, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/23815

Vuln: Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities

Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities. Read more at securityfocus.com/bid/17074

Vuln: Peercast.org PeerCast Remote Buffer Overflow Vulnerability

Peercast.org PeerCast Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/17040

Vuln: txtForum Remote PHP Script Code Injection Vulnerability

txtForum Remote PHP Script Code Injection Vulnerability

. Read more at securityfocus.com/bid/17061

Vuln: Jiros Banner Experience Pro Addadmin.ASP Authorization Bypass Vulnerability

Jiros Banner Experience Pro Addadmin.ASP Authorization Bypass Vulnerability. Read more at securityfocus.com/bid/17060

SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit

SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit. Read more at securityfocus.com/archive/1/427409

XSS in vCard

XSS in vCard

. Read more at securityfocus.com/archive/1/427408

Jupiter CMS <= 1.1.5 multiple XSS attack vectors.

Jupiter CMS <= 1.1.5 multiple XSS attack vectors.. Read more at securityfocus.com/archive/1/427406

AntiVir PersonalEdition Classic: Local Privilige Escalation

AntiVir PersonalEdition Classic: Local Privilige Escalation. Read more at securityfocus.com/archive/1/427412