• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

PortailPHP mod_forum/read_message.php id Variable SQL Injection

Network Security News – Sunday, August 14, 2005 Events

PortailPHP mod_forum/read_message.php id Variable SQL Injection

PortailPHP contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'read_message.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18685

SysCP phpmyadmin Arbitrary Database Creation

SysCP contains a flaw that may allow a remote attacker to arbitrarily create databases. The issue is triggered due to the application not sanitizing user-supplied input. By using an underscore ('_') as a SQL prefix, it is possible for a remote attacker to arbitrarily create databases with phpmyadmin resulting in a loss of integrity.. Read more at osvdb.org/18564

Business Objects Enterprise/Crystal Reports Crafted Request crystalras.exe DoS

Business Objects Enterprise XI/Crystal Reports XI contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted request is submitted causing a crash in the crystalras.exe module, and will result in loss of availability for the reporting service.. Read more at osvdb.org/18473

FreeBSD IPsec AES-XCBC-MAC Persistant Key Use

FreeBSD contains a programming error in the implementation of the AES-XCBC-MAC algorithm which may result in the constant key being used. If identity of the source system protects access to sensitive information or systems,
this may result in information disclosure or privilege escalation.. Read more at osvdb.org/18297

Linux Kernel Keyring Management KEYCTL_JOIN_SESSION_KEYRING DoS

Linux contains a flaw that may allow a local denial of service. The issue is triggered when a user causes the system to attempt to allocate a new session keyring after either the user's key quota has been reached, or if the new keyring name is blank or is too long, and will result in loss of availability for the keyring management service.. Read more at osvdb.org/18652

Linux Kernel Malformed Keyring Addition DoS

Linux contains a flaw that may allow a local denial of service. The issue is triggered when a user attempts to add a keyring with anything other than an empty description payload. Creation of the keyring will fail, and when the system attempts to remove the keyring from the name list, a kernel crash will occur, and will result in loss of availability for the operating system.. Read more at osvdb.org/18651

WordPress Cookie cache_lastpostdate Variable Arbitrary PHP Code Execution

WordPress contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to functions.php not properly sanitizing user input supplied in the cache_lastpostdate cookie. This may allow an attacker to include PHP code that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/18672

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software