Network Security News – Sunday, December 18, 2005 Events
ECTOOLS Onlineshop cart.cgi Multiple Variable XSS
ECTOOLS Onlineshop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "product" "category" or "uid" variables upon submission to the carg.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21731
Multiple BSD Kernel Asynchronous I/O Facility Notification DoS
Certain BSD-derived kernels contain a flaw that may allow a local denial of service. The issue is triggered when a malicious user sends signals to arbitrary processes via certain ioctl and fcntl system calls to interrupt or kill processes, resulting in loss of availability for the service or platform.. Read more at osvdb.org/11062
Leave a Reply