Network Security News – Tuesday, July 19, 2005 Events
Cisco IOS OSPF Neighbor Announcement Overflow
A remote overflow exists in Cisco IOS. The operating system fails to gracefully handle more than 255 Open Shortest Path First (OSPF) neighbors on an interface, resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service, command execution, or manipulate the router's configuration, resulting in a loss of integrity and/or availability.. Read more at osvdb.org/6455
wMailserver SMTP Service Remote Overflow DoS
wMailserver contains a flaw that may allow a remote denial of service. The issue is triggered when sending approximately 539 characters to the SMTP service, and will result in loss of availability for the service. Read more at osvdb.org/17883
Comersus comersus_backoffice_message.asp message Variable XSS
Comersus Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'comersus_backoffice_message.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17975
Comersus comersus_optReviewReadExec.asp idProduct Variable SQL Injection
Comersus Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'comersus_optReviewReadExec.asp' script not properly sanitizing user-supplied input to the 'idProduct' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17973
Comersus comersus_optAffiliateRegistrationExec.asp email Variable SQL Injection
Comersus Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'comersus_optAffiliateRegistrationExec.asp' script not properly sanitizing user-supplied input to the 'email' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17972
Comersus comersus_backoffice_listAssignedPricesToCustomer.asp name Variable XSS
Comersus Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'name' variables upon submission to the 'comersus_backoffice_listAssignedPricesToCustomer.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17974
CartWIZ viewSupportTickets.asp sortType Variable SQL Injection
CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewSupportTickets.asp' script not properly sanitizing user-supplied input to the 'sortType' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17977
CartWIZ updateCreditCards.asp id Variable SQL Injection
CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'updateCreditCards.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17978
CartWIZ tellAFriend.asp idProduct Variable SQL Injection
CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'tellAFriend.asp' script not properly sanitizing user-supplied input to the 'idProduct' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17976
CartWIZ login.asp message Variable XSS
CartWIZ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'login.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17980
Vuln: EKG Insecure Temporary File Creation Vulnerability
EKG Insecure Temporary File Creation Vulnerability. Read more at securityfocus.com/bid/14146
Vuln: EKG Insecure Temporary File Creation Vulnerability
EKG Insecure Temporary File Creation Vulnerability. Read more at securityfocus.com/bid/14307
Vuln: EKG Unspecified Command Execution Vulnerability
EKG Unspecified Command Execution Vulnerability
. Read more at securityfocus.com/bid/14308
Vuln: OSCommerce Update.PHP Information Disclosure Vulnerability
OSCommerce Update.PHP Information Disclosure Vulnerability. Read more at securityfocus.com/bid/14294
Re: On classifying attacks
Re: On classifying attacks. Read more at securityfocus.com/archive/1/405559
Broadcast format string and buffer-overflow in Race Driver 1.20
Broadcast format string and buffer-overflow in Race Driver 1.20. Read more at securityfocus.com/archive/1/405540
NTLM HTTP Authentication is insecure by design – a new writeup by Amit Klein
NTLM HTTP Authentication is insecure by design – a new writeup by Amit Klein
. Read more at securityfocus.com/archive/1/405541
[SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities
[SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities. Read more at securityfocus.com/archive/1/405533
Leave a Reply