« Brief: Rogue trader simply sidestepped defenses
Trend Micro Sues Barracuda Over Open Source Anti-Virus »

Vuln: tinyBB Multiple Input Validation Vulnerabilities

tinyBB Multiple Input Validation Vulnerabilities


Related Files:

  • http://packetstormsecurity.com/0605-advisories/tinyBB-0.3.txt

    tinyBB versions less than or equal to 0.3 suffer from remote include vulnerabilities, SQL injection and XSS.  Homepage: http://www.nukedx.com/.

  • http://packetstormsecurity.com/0607-exploits/FLVPlayer8.txt

    FLV Players 8 suffers from multiple input validation vulnerabilities including cross site scripting. Authored By Moroccan Security Research Team

  • http://packetstormsecurity.com/0503-advisories/03.14.05.txt

    iDEFENSE Security Advisory 03.14.05 - A number of remotely exploitable input validation errors have been found to exist in MySQL MaxDB and SAP DB Web Agent products. The vulnerabilities specifically exist due to insufficient validation of user input data. Confirmed in MySQL MaxDB 7.5.00. Related CVE Number: CAN-2005-0083.  Homepage: http://www.idefense.com/.

  • http://packetstormsecurity.com/0610-exploits/Wili-CMS.txt

    Wili-CMS suffers from multiple input validation vulnerabilities  Homepage: http://www.soqor.net.

  • http://packetstormsecurity.com/0511-advisories/mybbFlaws.txt

    MyBB is susceptible to multiple user input validation flaws. Authored By syini666

  • http://packetstormsecurity.com/0610-advisories/PHP-Post.txt

    PHP-Post suffers from multiple input validation vulnerabilities.  Homepage: http://www.soqor.net. Authored By HACKERS PAL

  • http://packetstormsecurity.com/0412-advisories/junkie.txt

    Multiple input validation errors exist in Junkie version 0.3.1 that allow for command execution and directory traversal attacks. Authored By Yosef Klein

  • http://packetstormsecurity.com/0710-advisories/lotusnotes702-en.txt

    Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes.  Homepage: http://vuln.sg/. Authored By Tan Chew Keong

  • http://packetstormsecurity.com/0709-advisories/CAID-hsmcmv.txt

    Multiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking in multiple CsAgent service commands. The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values in multiple CsAgent service commands, which can lead to buffer overflow. The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands. Related CVE Numbers: CVE-2007-5082,CVE-2007-5083,CVE-2007-5084.  Homepage: http://www3.ca.com/. Authored By Ken Williams

  • http://packetstormsecurity.com/0504-advisories/glsa-200504-17.txt

    Gentoo Linux Security Advisory GLSA 200504-17 - Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS (Planetary Data System) image decoder, format string vulnerabilities in the TIFF and PDS decoders, and insufficient protection from shell meta-characters in malformed filenames. Versions less than 3.10a-r11 are affected.  Homepage: http://security.gentoo.org

    • This entry was posted on Wednesday, January 30th, 2008 at 8:00 am and is filed under Cross Site Scripting (XSS), Denial of Service, Linux, SQL Injection, Vulnerabilities, Web Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    Leave a Reply

    You must be logged in to post a comment.