Network Security News – Sunday, July 31, 2005 Events
Thomson NETg Web Skill Vantage Manager Login SQL Injection
Thomson NETg Web Skill Vantage Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.asp script not properly sanitizing user-supplied input to the 'svmPassword' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18330
Microsoft Windows CIS/RPC Over HTTP DoS
Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered due to the COM Internet Service (CIS) and RPC over HTTP Proxy components, which do not properly validate message input. With a specially crafted message, a remote attacker could cause the components to stop responding resulting in loss of availability.. Read more at osvdb.org/5246
Cisco IOS CDP Neighbor Announcement DoS
Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker floods a vulnerable device with CDP neighbor announcements with long device IDs, and will result in loss of availability for the platform.. Read more at osvdb.org/1969
Cisco IOS Crafted IPv6 Packet Remote Code Execution
Cisco IOS contains a flaw that may allow a malicious user to cause denial of service conditions or execute arbitrary code. The issue is triggered when a crafted IPv6 packet is sent to a router running a vulnerable version of IPv6 code. It is possible that the flaw may allow a denial of service or the execution of arbitrary code, resulting in a loss of integrity, and/or availability.. Read more at osvdb.org/18332