Thomson NETg Web Skill Vantage Manager Login SQL Injection

Network Security News – Sunday, July 31, 2005 Events

Thomson NETg Web Skill Vantage Manager Login SQL Injection

Thomson NETg Web Skill Vantage Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.asp script not properly sanitizing user-supplied input to the 'svmPassword' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18330

Microsoft Windows CIS/RPC Over HTTP DoS

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered due to the COM Internet Service (CIS) and RPC over HTTP Proxy components, which do not properly validate message input. With a specially crafted message, a remote attacker could cause the components to stop responding resulting in loss of availability.. Read more at osvdb.org/5246

Cisco IOS CDP Neighbor Announcement DoS

Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker floods a vulnerable device with CDP neighbor announcements with long device IDs, and will result in loss of availability for the platform.. Read more at osvdb.org/1969

Cisco IOS Crafted IPv6 Packet Remote Code Execution

Cisco IOS contains a flaw that may allow a malicious user to cause denial of service conditions or execute arbitrary code. The issue is triggered when a crafted IPv6 packet is sent to a router running a vulnerable version of IPv6 code. It is possible that the flaw may allow a denial of service or the execution of arbitrary code, resulting in a loss of integrity, and/or availability.. Read more at osvdb.org/18332