Network Security News – Monday, September 04, 2006 Events
Cybozu Garoon schedule Facility Multiple Variable SQL Injection
Cybozu Garoon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the schedule Facility not properly sanitizing user-supplied input to the 'event' and 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28366
Cybozu Garoon memo Facility iid Variable SQL Injection
Cybozu Garron contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the memo Facility not properly sanitizing user-supplied input to the 'iid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28365
Cybozu Garoon phonemessage Facility uid Variable SQL Injection
Cybozu Garoon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the phonemessage Facility not properly sanitizing user-supplied input to the 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28364
Cybozu Garoon schedule Facility uid Variable SQL Injection
Cybozu Garoon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the schedule Facility not properly sanitizing user-supplied input to the 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28363
Cybozu Garoon todo Facility Multiple Variable SQL Injection
Cybozu contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the todo facility not properly sanitizing user-supplied input to the 'cid' and 'tid' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28361
GTetrinet pnum Multiple Array Indexing Remote Code Execution
GTetrinet contains multiple flaws related to out-of-bounds array indexing that may allow an attacker to execute arbitrary code. The flaw exists in tetrinet.c, where a remote attacker may specify a negative number of players, which is used as an array index.. Read more at osvdb.org/28269
Leave a Reply