• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

wpBlog index.php postid Variable SQL Injection

Network Security News – Monday, April 10, 2006 Events

wpBlog index.php postid Variable SQL Injection

wpBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'postid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24385

WEBalbum Cookie skin2 Parameter Traversal Local File Inclusion

WEBalbum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to start.php not properly sanitizing user input supplied to the 'skin2' cookie parameter. This may allow an attacker to include arbitrary code or execute commands by injecting code into local log files via GET commands, and then accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.. Read more at osvdb.org/24160

Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass

Commerce Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the sample files within the "AuthFiles" directory which can be exploited to bypass authentication and logon as a valid user without knowing the password. This flaw may lead to a loss of integrity.. Read more at osvdb.org/24121

MD News admin.php id Variable SQL Injection

MD News contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24454

SiteMan admin_login.asp txtpassword Variable SQL Injection

SiteMan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin_login.asp script not properly sanitizing user-supplied input to the 'txtpassword' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24362

Interact login.php Error Message Username Enumeration

Interact contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when login.php returns different error messages depending on if a valid username was supplied. This can be exploited to help enumerate valid usernames resulting in a loss of confidentiality.. Read more at osvdb.org/24388

Interact login.php user_name Variable SQL Injection

Interact contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'user_name' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24390

Crafty Syntax Image Gallery Crafted HTTP POST Request Arbitrary PHP Code Execution

Crafty Syntax Image Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to a flaw in the newimage.php script which does not properly validate uploaded images. This may allow an attacker to upload arbitrary PHP scripts using manipulated HTTP POST data that contains arbitrary commands which will be executed with the privileges of the web server.. Read more at osvdb.org/24387

Crafty Syntax Image Gallery slides.php limitquery_s Variable SQL Injection

Crafty Syntax Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the slides.php script not properly sanitizing user-supplied input to the 'limitquery_s' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24386

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software