Microsoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.
67114ae0520ebab576e477197853235affe77007a602ac27dc47708e61cc7c11The SunONE application server on Windows 2000 suffers from multiple vulnerabilities. The server allows a remote attacker to view the source code of JSPs, only logs the first 4042 characters of a request URI which allows an attacker to hide their attempts in the last 54 characters, has a cross site scripting issue, and has the username and password to the administrative server kept in clear text in a world readable file.
8e810afd7ea6e1de914b7fc988eb5076641d865e4b488deebe6df42e66995334SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping illegal characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection as well as make clear the correct mechanisms that should be put in place to protect against SQL injection, as well as input validations problems in general.
4fadfe48fd899c3d72fade7da539f8b403dad3e2b794ac2b7646dc57fb549517
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed