Softbiz Image Gallery image_desc.php Multiple Variable SQL Injection

Network Security News – Thursday, April 06, 2006 Events

Softbiz Image Gallery image_desc.php Multiple Variable SQL Injection

Softbiz Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the image_desc.php script not properly sanitizing user-supplied input to the 'id' or 'msg' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24368

CzarNews news.php s Variable SQL Injection

CzarNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the news.php script not properly sanitizing user-supplied input to the 's' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24383

CzarNews news.php email Variable XSS

CzarNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email' variable upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24381

CzarNews dpost.php a Variable SQL Injection

CzarNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dpost.php script not properly sanitizing user-supplied input to the 'a' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24384

CzarNews cn_auth.php Multiple Variable SQL Injection

CzarNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the cn_auth.php script not properly sanitizing user-supplied input to the 'usern' or 'passw' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24382

Softbiz Image Gallery template.php provided Variable SQL Injection

Softbiz Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the template.php script not properly sanitizing user-supplied input to the 'provided' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24369

Softbiz Image Gallery suggest_image.php cid Variable SQL Injection

Softbiz Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the suggest_image.php script not properly sanitizing user-supplied input to the 'cid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24370

Softbiz Image Gallery insert_rating.php img_id Variable SQL Injection

Softbiz Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the insert_rating.php script not properly sanitizing user-supplied input to the 'img_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24371

Softbiz Image Gallery images.php cid Variable SQL Injection

Softbiz Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the images.php script not properly sanitizing user-supplied input to the 'cid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24372

Archangel Weblog Cookie ba_admin Variable Admin Authentication Bypass

Archangel Weblog contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker includes a cookie with the value 'ba_admin=1' within the HTTP headers while requesting /admin/index.php. This flaw may lead to a loss of integrity.. Read more at osvdb.org/23620

Vuln: Cisco 11500 Content Services Switch HTTP Compression Remote Denial of Service Vulnerability

Cisco 11500 Content Services Switch HTTP Compression Remote Denial of Service Vulnerability. Read more at securityfocus.com/bid/17383

Vuln: Linux Kernel Multiple Vulnerabilities

Linux Kernel Multiple Vulnerabilities. Read more at securityfocus.com/bid/12598

Vuln: Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities

Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities

. Read more at securityfocus.com/bid/12636

Vuln: Linux Kernel Process Spawning Race Condition Environment Variable Disclosure Vulnerability

Linux Kernel Process Spawning Race Condition Environment Variable Disclosure Vulnerability. Read more at securityfocus.com/bid/11052