Network Security News – Thursday, February 02, 2006 Events
Trillian RTF Character Remote DoS
Trillian contains a flaw that may allow a remote denial of service. The issue is triggered when an AIM message is received with certain Mac encoded RTF character codes. The codes are: \'d1 \'d2 \'d3 \'d4 \'d5, and can be accidentally sent by by copying text from an OSX application and pasting it to the victim. The victim's client will close immediately upon receiving such characters.. Read more at osvdb.org/22877
Land Down Under Referer HTTP Header SQL Injection
Land Down Under contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to unspecified scripts not properly sanitizing user-supplied input to the 'Referer' HTTP header. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19585
Mall23 eCommerce AddItem.asp idOption_Dropdown_2 Variable SQL Injection
Mall23 eCommerence contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the AddItem.asp script not properly sanitizing user-supplied input to the 'idOption_Dropdown_2' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19595
SEO-Board admin.php user_pass_sha1 Cookie Parameter SQL Injection
SEO-Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.php script not properly sanitizing user-supplied input to the 'user_pass_sha1' variable via a cookie. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19681
Beehive Forum index.php user_sess Variable SQL Injection
Beehive Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'user_sess' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21955
SAPID CMS Multiple Script Direct Request Authentication Bypass
SAPID CMS contains a flaw that may allow an attacker to gain access to resources without authenticating. The issue occurs when a remote attacker makes a direct request to any one of a number of scripts. Such a request will bypass the built-in authentication routine, allowing unrestricted access to the CMS.. Read more at osvdb.org/22862
BEA WebLogic Security Provider Activiation Weakness
BEA WebLogic contains a flaw that may lead to an administrator believing that a new security provider has been activated even though it is not active yet. This is because WebLogic does not activate a security provider before the system is rebooted. This may lead to a loss of integrity.. Read more at osvdb.org/22773
FreeBSD TCP/IP SACK Infinite Loop DoS
FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when system memory is insufficient to permit the SACK (Selective Acknowledgement) extension to the TCP/IP protocol to properly handle an incoming selective acknowledgement. A malicious attacker can send a series of specially crafted packets to trigger this condition, resulting in a loss of availability for the platform.. Read more at osvdb.org/22861
Leave a Reply