Network Security News – Saturday, August 19, 2006 Events
XMB IMG Element SRC Attribute XSS
XMB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate data posted in the forum. Especially the <IMG SRC> tag. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27920
Edonkey2000 Malformed Message Hash Saturation DoS
Edonkey2000 and overnet contain a flaw that may allow an attacker to consume all resources (CPU and memory). By sending a specially crafted request, the attacker can make the software open a new chat dialog window. By repeating this operation, the attacker can exhaust the resources of the targeted machine resulting in a loss of availability.. Read more at osvdb.org/14324