Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Cybozu Garoon schedule Facility Multiple Variable SQL Injection

Network Security News – Monday, September 04, 2006 Events

Cybozu Garoon schedule Facility Multiple Variable SQL Injection

Cybozu Garoon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the schedule Facility not properly sanitizing user-supplied input to the 'event' and 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28366

Cybozu Garoon memo Facility iid Variable SQL Injection

Cybozu Garron contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the memo Facility not properly sanitizing user-supplied input to the 'iid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28365

Cybozu Garoon phonemessage Facility uid Variable SQL Injection

Cybozu Garoon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the phonemessage Facility not properly sanitizing user-supplied input to the 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28364

Cybozu Garoon schedule Facility uid Variable SQL Injection

Cybozu Garoon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the schedule Facility not properly sanitizing user-supplied input to the 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28363

Cybozu Garoon todo Facility Multiple Variable SQL Injection

Cybozu contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the todo facility not properly sanitizing user-supplied input to the 'cid' and 'tid' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28361

GTetrinet pnum Multiple Array Indexing Remote Code Execution

GTetrinet contains multiple flaws related to out-of-bounds array indexing that may allow an attacker to execute arbitrary code. The flaw exists in tetrinet.c, where a remote attacker may specify a negative number of players, which is used as an array index.. Read more at osvdb.org/28269