• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Cisco IOS OSPF Neighbor Announcement Overflow

Network Security News – Tuesday, July 19, 2005 Events

Cisco IOS OSPF Neighbor Announcement Overflow

A remote overflow exists in Cisco IOS. The operating system fails to gracefully handle more than 255 Open Shortest Path First (OSPF) neighbors on an interface, resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service, command execution, or manipulate the router's configuration, resulting in a loss of integrity and/or availability.. Read more at osvdb.org/6455

wMailserver SMTP Service Remote Overflow DoS

wMailserver contains a flaw that may allow a remote denial of service. The issue is triggered when sending approximately 539 characters to the SMTP service, and will result in loss of availability for the service. Read more at osvdb.org/17883

Comersus comersus_backoffice_message.asp message Variable XSS

Comersus Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'comersus_backoffice_message.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17975

Comersus comersus_optReviewReadExec.asp idProduct Variable SQL Injection

Comersus Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'comersus_optReviewReadExec.asp' script not properly sanitizing user-supplied input to the 'idProduct' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17973

Comersus comersus_optAffiliateRegistrationExec.asp email Variable SQL Injection

Comersus Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'comersus_optAffiliateRegistrationExec.asp' script not properly sanitizing user-supplied input to the 'email' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17972

Comersus comersus_backoffice_listAssignedPricesToCustomer.asp name Variable XSS

Comersus Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'name' variables upon submission to the 'comersus_backoffice_listAssignedPricesToCustomer.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17974

CartWIZ viewSupportTickets.asp sortType Variable SQL Injection

CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewSupportTickets.asp' script not properly sanitizing user-supplied input to the 'sortType' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17977

CartWIZ updateCreditCards.asp id Variable SQL Injection

CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'updateCreditCards.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17978

CartWIZ tellAFriend.asp idProduct Variable SQL Injection

CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'tellAFriend.asp' script not properly sanitizing user-supplied input to the 'idProduct' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17976

CartWIZ login.asp message Variable XSS

CartWIZ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'login.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17980

Vuln: EKG Insecure Temporary File Creation Vulnerability

EKG Insecure Temporary File Creation Vulnerability. Read more at securityfocus.com/bid/14146

Vuln: EKG Insecure Temporary File Creation Vulnerability

EKG Insecure Temporary File Creation Vulnerability. Read more at securityfocus.com/bid/14307

Vuln: EKG Unspecified Command Execution Vulnerability

EKG Unspecified Command Execution Vulnerability

. Read more at securityfocus.com/bid/14308

Vuln: OSCommerce Update.PHP Information Disclosure Vulnerability

OSCommerce Update.PHP Information Disclosure Vulnerability. Read more at securityfocus.com/bid/14294

Re: On classifying attacks

Re: On classifying attacks. Read more at securityfocus.com/archive/1/405559

Broadcast format string and buffer-overflow in Race Driver 1.20

Broadcast format string and buffer-overflow in Race Driver 1.20. Read more at securityfocus.com/archive/1/405540

NTLM HTTP Authentication is insecure by design – a new writeup by Amit Klein

NTLM HTTP Authentication is insecure by design – a new writeup by Amit Klein

. Read more at securityfocus.com/archive/1/405541

[SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities

[SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities. Read more at securityfocus.com/archive/1/405533

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software