Network Security News Monitor - Thursday, December 22, 2005 Events

Microsoft IIS Crafted URL Remote DoS

Microsoft Internet Information Services (IIS) version contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted URL pointing to a folder with execute permission set to Scripts and Executables is sent, and will result in loss of availability for the service.. Read more.

Acidcat CMS default.asp ID Variable SQL Injection

Acidcat ASP CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'default.asp' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

pTools index.asp docID Variable SQL Injection

pTools contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "docID" variable upon submission to the index.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.