Network Security News – Monday, June 12, 2006 Events
WebspotBlogging inc/adminheader.inc.php path Variable Remote File Inclusion
WebspotBlogging contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/adminheader.inc.php not properly sanitizing user input supplied to the 'path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25993
WebspotBlogging inc/global.php path Variable Remote File Inclusion
WebspotBlogging contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/global.php not properly sanitizing user input supplied to the 'path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25994
WebspotBlogging inc/logincheck.inc.php path Variable Remote File Inclusion
WebspotBlogging contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/logincheck.inc.php not properly sanitizing user input supplied to the 'path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25992
WebspotBlogging inc/mainheader.inc.php path Variable Remote File Inclusion
WebspotBlogging contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/mainheader.inc.php not properly sanitizing user input supplied to the 'path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25995
Enigma Haber edi_haber.asp id Variable SQL Injection
Enigma Haber contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the edi_haber.asp script not properly sanitizing user-supplied input to the \'id\' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26107
Enigma Haber e_mesaj_yas.asp id Variable SQL Injection
Enigma Haber contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the e_mesaj_yas.asp script not properly sanitizing user-supplied input to the \'id\' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26106
Enigma Haber arsiv.asp e Variable SQL Injection
Enigma Haber contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the arsiv.asp script not properly sanitizing user-supplied input to the \'e\' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26111
Enigma Haber admin/y_admin.asp yid Variable SQL Injection
Enigma Haber contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/y_admin.asp script not properly sanitizing user-supplied input to the \'yid\' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26112
Enigma Haber admin/reklam_detay.asp bid Variable SQL Injection
Enigma Haber contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/reklam_detay.asp script not properly sanitizing user-supplied input to the \'bid\' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26113
Enigma Haber admin/kategori_d.asp kid Variable SQL Injection
Enigma Haber contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/kategori_d.asp script not properly sanitizing user-supplied input to the \'kid\' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26116