Network Security News – Tuesday, April 19, 2005 Events
Full Revolution aspWebAlbum album.asp SQL Injection
aspWebAlbum contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that multiple variables in the 'album.asp' script are not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/10335
Multiple Vendor ICMP Implementation Host-generated ICMP Error Message Authentication Weakness
Multiple ICMP implementations contains a flaw that may allow a remote attacker to forge ICMP error messages. The problem is that host-generated ICMP error messages do not require authentication, which may allow a remote attacker to forge ICMP error messages resulting in a loss of integrity.. Read more at osvdb.org/15623
OneWorldStore DisplayResults.asp sIDSearch Variable SQL Injection
OneWorldStore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'sIDSearch' variable in the DisplayResults.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15660
OneWorldStore DisplayResults.asp sIDSearch Variable XSS
OneWorldStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sIDSearch' variable upon submission to the DisplayResults.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15659
Leave a Reply