Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Clubpage index.php category Variable SQL Injection

Network Security News – Wednesday, June 28, 2006 Events

Clubpage index.php category Variable SQL Injection

Clubpage contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'category' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26690

IRIX netprint -n Arbitrary Command Privilege Escalation

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when netprint fails to validate input passed via the '-n' option at the command line. A malicious user may send an input string that will cause netprint to open a malicious shared library. In conjunction with the passwordless account 'lp', if enabled on the target system, this vulnerability may be exploited remotely. In either case, whether exploited locally or remotely, this vulnerability may lead to a root compromise and a loss of integrity.. Read more at osvdb.org/8571

CavoxCms index.php page Variable SQL Injection

CavoxCms contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'page' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26658

phpTRADER write_newad.php sectio Variable SQL Injection

phpTRADER contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the write_newad.php script not properly sanitizing user-supplied input to the 'sectio' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26701

phpTRADER showmemberads.php Multiple Variable SQL Injection

phpTRADER contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the showmemberads.php script not properly sanitizing user-supplied input to the 'sectio' and 'who' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26698

phpTRADER printad.php Multiple Variable SQL Injection

phpTRADER contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the printad.php script not properly sanitizing user-supplied input to the 'sectio' and 'an' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26696

phpTRADER note_ad.php Multiple Variable SQL Injection

phpTRADER contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the note_ad.php script not properly sanitizing user-supplied input to the 'sectio' and 'an' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26697

phpTRADER newad.php sectio Variable SQL Injection

phpTRADER contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the newad.php script not properly sanitizing user-supplied input to the 'sectio' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26702

phpTRADER login.php sectio Variable SQL Injection

phpTRADER contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'sectio' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26700

phpTRADER abuse.php sectio Variable SQL Injection

phpTRADER contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the abuse.php script not properly sanitizing user-supplied input to the 'sectio' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26705

Vuln: GnuPG Parse_User_ID Remote Buffer Overflow Vulnerability

GnuPG Parse_User_ID Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18554

Vuln: Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability

Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability. Read more at securityfocus.com/bid/18381

Vuln: Microsoft Windows Routing and Remote Access Remote Code Execution Vulnerability

Microsoft Windows Routing and Remote Access Remote Code Execution Vulnerability

. Read more at securityfocus.com/bid/18325

Vuln: MailEnable SMTP HELO Command Remote Denial of Service Vulnerability

MailEnable SMTP HELO Command Remote Denial of Service Vulnerability. Read more at securityfocus.com/bid/18630

Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / …)

Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / …). Read more at securityfocus.com/archive/1/438515

CAID 34325 – CA ITM, eAV, ePP scan job description field format string vulnerability

CAID 34325 – CA ITM, eAV, ePP scan job description field format string vulnerability

. Read more at securityfocus.com/archive/1/438503

[Kil13r-SA-20060628] Hanaro Search Cross-Site Scripting Vulnerability

[Kil13r-SA-20060628] Hanaro Search Cross-Site Scripting Vulnerability. Read more at securityfocus.com/archive/1/438522

Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 – Multiple XSS, Remote File Include and directory traversal vulnerabilities

Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 – Multiple XSS, Remote File Include and directory traversal vulnerabilities. Read more at securityfocus.com/archive/1/438475

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *