• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Multiple Vendor Fragmented TCP/IP Packet DoS (Rose)

Network Security News – Sunday, January 01, 2006 Events

Multiple Vendor Fragmented TCP/IP Packet DoS (Rose)

The implementation of the TCP/IP stack of multiple vendors contains a flaw that may allow a remote denial of service. The issue is triggered when sending a specially crafted sequence of fragmented ICMP packets which will cause the system to consume all available CPU resources during the defragmentation process (a.k.a. the 'rose attack'), which will result in loss of availability for the platform.. Read more at osvdb.org/8431

OOApp Guestbook home.php page Variable XSS

OOApp Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22112

Advanced Guestbook admin.php Username Field SQL Injection

Advanced Guestbook contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'admin.php' script not properly sanitizing user-supplied input to the 'Username' field, which may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20952

Advanced Guestbook admin.php Password Field SQL Injection

Advanced Guestbook contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'admin.php' script not properly sanitizing user-supplied input to the 'Password' field, which may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/13734

Hitachi Cosminexus Collaboration Unspecified XSS

Hitachi Cosminexus Collaboration contains a flaw that allows a remote cross site scripting attack. No further details have been provided.. Read more at osvdb.org/22126

Hitachi Groupmax Collaboration Unspecified XSS

Hitachi Groupmax Collaboration contains a flaw that allows a remote cross site scripting attack. No further details have been provided.. Read more at osvdb.org/20969

IRIX netstat File Existance Disclosure

IRIX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user executes netstat to detect whether a file exists on the local system, even when the permissions and ownership of that file should not allow it, resulting in a loss of confidentiality.. Read more at osvdb.org/5318

Mantis File Size Upload Restriction Bypass DoS

Mantis contains a flaw that may allow a remote denial of service. The issue is triggered when a remote atacker passes a unusually large value to the 'max_file_size' variable which is not properly sanitized in the bug_file_add.php, bug_report.php, bug_report_advanced_page.php and proj_doc_add_page.php scripts allowing the uploaded file to fill the available disk space for the database and will result in loss of availability for the service.. Read more at osvdb.org/22056

SpireMedia CMS index.cfm cid Variable SQL Injection

SpireMedia CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cid' variable upon submission to the 'index.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22066

Speartek Search Module XSS

Speartek contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22068

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software