Network Security News – Tuesday, May 31, 2005 Events
Invision Power Board login.php SQL Injection
Invision Power Board contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. This flaw exists because the 'login.php' script does not validate user-supplied input in certain login methods and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16297
BirdBlog admincore.php Multiple Parameter SQL Injection
BirdBlog contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'userid' and 'userpw' parameters in the 'admincore.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/14934
ASPPortal login.asp password Field SQL Injection
ASPPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'password' field in the 'login.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16768
Advanced Guestbook index.php entry Variable SQL Injection
Advanced Guestbook contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'entry' variable in the 'index.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16572
MX Shop Category Module id_ctg Parameter SQL Injection
MX Shop contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'id_ctg' parameter in the 'Category' module not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15168
MX Kart Pages Module idp Parameter SQL Injection
MX Kart contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'idp' parameter in the 'Pages' module not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15167
ZPanel index.php uname Parameter SQL Injection
ZPanel contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'uname' parameter in the 'index.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/14803
Zen Cart application_top.php products_id Variable SQL Injection
Zen Cart contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'products_id' variable in the 'application_top.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16892
WordPress template-functions-category.php cat_ID SQL Injection
WordPress contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'cat_ID' variable in the 'template-functions-category.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16905
ActivePerl for Win32 System Function Long Argument Local DoS
A local overflow exists in ActivePerl for Win32. The interpreter fails to do proper bounds checking on input to the system()function resulting in a buffer overflow. With a specially crafted request, an attacker can cause an interpreter crash resulting in a loss of availability. It may be possible to manipulate the input so as to cause execution of arbitrary code resulting in a loss of confidentiality.. Read more at osvdb.org/16903
MyBB Website Field HTML Injection Vulnerability
MyBB is Web forum software implemented in PHP utilizing a MySQL backend.MyBB is prone to an HTML injection vulnerability. This issue is due to a failure in the applica…. Read more at securityfocus.com/bid/13819?ref=rss
Qualiteam X-Cart SQL Injection and Cross-Site Scripting Vulnerabilities
X-Cart is a web based shopping card application implemented in PHP and integrated with a MySQL database backend. X-Cart is prone to SQL injection and cross-site scripti…. Read more at securityfocus.com/bid/13817?ref=rss
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability
Microsoft Windows uses the Remote Desktop Protocol (RDP) for communications between Terminal Services clients and servers. RDP is capable of using three different encrypt…. Read more at securityfocus.com/bid/13818?ref=rss
GDB Multiple Vulnerabilities
GDB is the GNU debugger.GDB is reportedly affected by multiple vulnerabilities. These issues can allow an attacker to execute arbitrary code and commands on an affecte…
. Read more at securityfocus.com/bid/13697?ref=rss
Hosting Controller User Profile Unauthorized Access Vulnerability
Hosting Controller is an application that consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems.Hosting Cont…. Read more at securityfocus.com/bid/13816?ref=rss
NewLife Blogger Multiple Unspecified SQL Injection Vulnerabilities
NewLife Blogger is Web blog software implemented in PHP.NewLife Blogger is prone to multiple unspecified SQL injection vulnerabilities. These issues are due to a failu…. Read more at securityfocus.com/bid/13815?ref=rss
Multiple vulnerabilities in x-cart Gold
Sender: CENSORED [censored at mail dot ru]
. Read more at securityfocus.com/archive/1/399329?ref=rss
MDKSA-2005:095 – Updated gdb packages fix vulnerabilities
Sender: Mandriva Security Team [security at mandriva dot com]. Read more at securityfocus.com/archive/1/399330?ref=rss
MyBB 1.0 RC4 XSS Bug
Sender: August Christopher [syini666 at gmail dot com]. Read more at securityfocus.com/archive/1/399328?ref=rss
Crash in Stronghold 2 1.2
Sender: Luigi Auriemma [aluigi at autistici dot org]
. Read more at securityfocus.com/archive/1/399323?ref=rss
Leave a Reply