Network Security

Network Security News Monitor - Sunday, June 11, 2006 Events

 

Cisco PIX/ASA/FWSM WebSense URL Filter Bypass

Cisco PIX, ASA and FWSM products contain a flaw that may allow a malicious user to bypass Internet content filtering. The issue is triggered when a fragmented HTTP request is sent by the attacker, and the request is not forwarded to a Websense server for evaluation. It is possible that the flaw may allow circumvention of an access control resulting in a loss of integrity.. Read more.

Absolute Live Support XE Register Page Multiple Field XSS

Absolute Live Support XE contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'Screen name\' and \'Session Topic\' fields upon submission to the register page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Absolute Image Gallery XE gallery.asp shownew Variable XSS

Absolute Image Gallery XE contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'shownew\' variable upon submission to the gallery.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Absolute Image Gallery XE Search Module text Variable XSS

Absolute Image Gallery XE contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'text\' variable upon submission to the search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\\\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Particle Wiki Multiple Script XSS

Particle Wiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple unspecified variables upon submission to multiple unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Particle Wiki index.php version Variable SQL Injection

Particle Wiki contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'version' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.