Network Security News – Sunday, June 11, 2006 Events
Cisco PIX/ASA/FWSM WebSense URL Filter Bypass
Cisco PIX, ASA and FWSM products contain a flaw that may allow a malicious user to bypass Internet content filtering. The issue is triggered when a fragmented HTTP request is sent by the attacker, and the request is not forwarded to a Websense server for evaluation. It is possible that the flaw may allow circumvention of an access control resulting in a loss of integrity.. Read more at osvdb.org/25453
Absolute Live Support XE Register Page Multiple Field XSS
Absolute Live Support XE contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'Screen name\' and \'Session Topic\' fields upon submission to the register page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24131
Absolute Image Gallery XE gallery.asp shownew Variable XSS
Absolute Image Gallery XE contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'shownew\' variable upon submission to the gallery.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24214
Absolute Image Gallery XE Search Module text Variable XSS
Absolute Image Gallery XE contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'text\' variable upon submission to the search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21747
Particle Wiki Multiple Script XSS
Particle Wiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple unspecified variables upon submission to multiple unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26028
Particle Wiki index.php version Variable SQL Injection
Particle Wiki contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'version' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25976
Leave a Reply