WKIT SECURITY AB
www.wkit.com
TITLE: Joe's Own Editor File Handling Error
ADVISORY ID:WSIR-01/02-02
REFERENCE: http://www.wkit.com/advisories
CVE:GENERIC-MAP-NOMATCH
CREDIT: Christer berg, Wkit Security AB
CONTACT:[EMAIL PROTECTED]
CLASS
mation and comments about this issue has been given by
Elias Levy of Security Focus (http://www.securityfocus.com) and moderator
of the Bugtraq mailing list.
Other advisories from Wkit Security AB can be obtained from:
http://www.wkit.com/advisories/
DISCLAMER
The contents of this advisory i
: www.atstake.com/research/advisories/2002/a041002-1.txt
Overview:
Microsoft's Internet Information Server (IIS) is a web server that
is part of the Windows NT 4.0 and Windows 2000 server operating
system.
In the default IIS installation, .htr functionality is enabled. .htr
files are used only for for web
Whitehouse ([EMAIL PROTECTED])
Vendor Status: Informed and patch available
CVE Candidate: CAN-2002-0663
Reference: www.atstake.com/research/advisories/2002/a071502-1.txt
Overview:
Symantec (http://www.symantec.com/) Norton Personal Internet
Firewall is a widely used desktop firewalling
that it will be useful. Information Risk Management Plc is
not responsible for any risks or occurrences caused by the application
of this information.
A copy of this advisory may be found at http://www.irmplc.com/advisories
The PGP key used to sign IRM advisories can be obtained from the above
URL
AdSubtract Proxy ACL Bypass Vulnerability
URL
http://www.lurhq.com/advisory20030604.html
Release Date
June 4, 2003
Author
Joe Stewart
About AdSubtract
AdSubtract is one of the leading products in the banner-ad blocking
software market. It is frequently bundled with modems from several
leading
Macromedia Flash Player Improper Memory Access Vulnerability
Release Date:
November 4, 2005
Date Reported:
June 27, 2005
Severity:
High
Vendor:
Macromedia
Systems Affected:
Macromedia Flash 6 (on all Windows platforms)
Macromedia Flash 7 (on all Windows platforms)
Overview:
eEye Digital
Windows Metafile SetPalette Entries Heap OVerflow Vulnerability
(Graphics Rendering Engine Vulnerability)
Release Date:
November 8, 2005
Date Reported:
September 1, 2005
Severity:
High (Code Execution)
Vendor:
Microsoft
Systems Affected:
Windows 2000
Windows XP SP0, SP1
Windows Server 2003
RealPlayer Data Packet Stack Overflow
Release Date:
November 10, 2005
Date Reported:
May 28, 2005
Severity:
High (Remote Code Execution)
Vendor:
RealNetworks
Systems Affected:
Windows:
RealPlayer 10.5 (6.0.12.1040-1235)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 8
RealPlayer
Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability
Release Date:
December 13, 2005
Date Reported:
May 23, 2005
External Refferences:
eEye ID# EEYEB-20050523
OSVDB ID# 18823
CVE # CAN-2005-2827
Microsoft # MS05-055
Severity:
Medium (Local Privilege Escalation to Kernel)
--
IRM Security Advisory No. 014
Sygate Protection Agent 5.0 vulnerability - A low privileged user can
disable the security agent
Vulnerablity Type / Importance: Security Protection Bypass / High
Problem discovered: November
--
IRM Security Advisory No. 013
Ultraapps Issue Manager is vulnerable to Privilege Escalation
Vulnerablity Type / Importance: Privilege Escalation / High
Problem discovered: November 25th 2005
Vendor contacted: November 25th
--
IRM Security Advisory No. 012
Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal
Attack
Vulnerablity Type / Importance: Information Leakage / High
Problem discovered: October 11th 2005
Vendor contacted:
Our apologies, the incorrect CVE information was provided with our Apple
advisories today. The correct CVE numbers are;
[EEYEB-20051220] Apple QuickTime QTIF Stack Overflow = CVE-2005-2340
[EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow =
CVE-2005-4092
[EEYEB-20051117A] Apple
EEYEB-20051031 Apple QuickTime Malformed GIF Heap Overflow
Release Date:
January 10, 2006
Date Reported:
October 31, 2005
Severity:
High (Code Execution)
Patch Development Time (In Days):
71 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
EEYEB-20051229 Apple QuickTime QTIF Stack Overflow
Release Date:
January 10, 2006
Date Reported:
December 29, 2005
Patch Development Time (In Days):
12 days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on Mac
EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow
Release Date:
January 10, 2006
Date Reported:
November 17, 2005
Patch Development Time (In Days):
54 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on
EEYEB-20051117A Apple QuickTime STSD Atom Heap Overflow
Release Date:
January 10, 2006
Date Reported:
November 17, 2005
Patch Development Time (In Days):
54 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on
EEYEB-20050801 Windows Embedded Open Type (EOT) Font Heap Overflow
Vulnerability
Release Date:
January 10, 2006
Date Reported:
July 31, 2005
Time to Patch:
163 Days
Severity:
High (Code Execution)
Systems Affected:
Windows ME
Windows 98
Windows NT
Windows 2000
Windows XP SP1 / SP2
Windows
--
IRM Security Advisory No. 015
File system path disclosure on TYPO3 Web Content Manager
Vulnerablity Type / Importance: Information Leakage / Medium
Problem discovered: January 13th 2006
Vendor contacted: January 13th 2006
--
IRM Security Advisory No. 017
Multiple Vulnerabilities in Infovista Portal SE
Vulnerability Type / Importance:Directory Traversal / High
Information Leakage / Low
IRM Security Advisory No. 018
Winamp 5.13 m3u Playlist Buffer Overflow
Vulnerability Type / Importance:Unauthorised Code Execution / High
Problem Discovered: February 17th 2006
Vendor Contacted: February 17th 2006
Advisory Published: February 24th 2006
Abstract:
Nullsoft Winamp is a
Notified, Fix Available
CVE Candidate: CVE-2006-2549
Reference:
http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description:
From the pdf-tools.com website[1]:
PDF Tools
-- Corsaire Security Advisory --
Title: VMware ESX Server Cross Site Scripting issue
Date: 14.11.05
Application: VMware ESX prior to 2.5.2 upgrade patch 2
VMware ESX prior to 2.1.2 upgrade patch 6
VMware ESX prior to 2.0.1 upgrade patch 6
Environment: VMware ESX
Author:
LS-20060908
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by an anonymous attacker in order to
execute arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Tape Engine
LS-20061001
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by an anonymous attacker in order to
execute arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Tape Engine
LS-20061102
LSsec has discovered a vulnerability in Business Objects Crystal Reports XI
Professional,
which could be exploited by an attacker in order to execute arbitrary code on
an affected system. Exploitation requires that the attacker coerce the target
user into opening a malicious .RPT
Computer Terrorism (UK) :: Incident Response Centre
www.computerterrorism.com
Security Advisory: CT09-01-2007
===
Microsoft Outlook Advanced Find - Remote Code Execution
===
Advisory
LS-20061002
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by an anonymous attacker in order to
execute arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Tape Engine
-- Corsaire Security Advisory --
Title: ChainKey Java Code Protection Bypass issue
Date: 06.11.06
Application: Java Code Protection
Environment: Java Virtual Machine
Author: Stephen de Vries [EMAIL PROTECTED]
Audience: General distribution
Reference: c061106-001
-- Scope --
The
://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt
AFFECTED: Cygwin setup.exe 2.573.2.2
PLATFORM: Intel / Windows
CLASSIFICATION: Insufficient Verification of Data Authenticity (CWE-345)
RESEARCHER: Derek Callaway
IMPACT: Client-side code execution
SEVERITY: Medium
DIFFICULTY
-- Corsaire Security Advisory --
Title: VMware ESX Server Password Cross Site Request Forgery issue
Date: 14.11.05
Application: VMware ESX prior to 2.5.3 upgrade patch 2
VMware ESX prior to 2.1.3 upgrade patch 1
VMware ESX prior to 2.0.2 upgrade patch 1
Environment:
-- Corsaire Security Advisory --
Title: VMware ESX Server Password Disclosure in Log issue
Date: 14.11.05
Application: VMware ESX prior to 2.5.3 upgrade patch 2
VMware ESX prior to 2.1.3 upgrade patch 1
VMware ESX prior to 2.0.2 upgrade patch 1
Environment: VMware ESX
-- Corsaire Security Advisory --
Title: VMware ESX Server Password Disclosure in Cookie issue
Date: 12.05.06
Application: VMware ESX prior to 2.5.2 patch 4
VMware ESX prior to 2.0.2
Environment: VMware ESX
Author: Martin O'Neal [EMAIL PROTECTED]
Audience: General distribution
RISE-2006001
X11R6 XKEYBOARD extension Strcmp() buffer overflow vulnerability
Released: September 07, 2006
Last updated: September 07, 2006
INTRODUCTION
There exists a vulnerability within a string manipulation function of the X11R6
(X11R6.4 and lower) X Window System library, which when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
RISE-2006002
FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability
Released: September 23, 2006
Last updated: September 23, 2006
INTRODUCTION
There exists a vulnerability within a architecture dependent function of the
FreeBSD kernel
) due to incorrect
handling of RPC requests on TCP port 6503. The interface is identified by
dc246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 45 specifies the vulnerable
operation within this interface.
Advisory:
http://www.lssec.com/advisories/LS-20060330.pdf
(casdscsvc.exe) due to
incorrect handling of requests on TCP port 41523.
Advisory:
http://www.lssec.com/advisories/LS-20060220.pdf
) due to incorrect
handling of RPC requests on TCP port 6503. The interface is identified by
dc246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 43 specifies the vulnerable
operation within this interface.
Advisory:
http://www.lssec.com/advisories/LS-20060313.pdf
LS-20061113
LSsec has discovered a vulnerability in
Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by
an anonymous attacker in order to execute
arbitrary code with SYSTEM privileges on
an affected system.
The flaw specifically exists within the
Tape Engine
LS-20061102
LSsec has discovered a vulnerability in
Business Objects Crystal Reports XI Professional,
which could be exploited by an attacker in order
to execute arbitrary code on an affected system.
Exploitation requires that the attacker coerce
the target user into opening a malicious .RPT
Note: This is a belated release to the mailing lists (though most of the
tracking services picked this up via the Citrix advisory)...
-- Corsaire Security Advisory --
Title: Citrix Access Gateway session ID disclosure issue
Date: 05.09.06
Application: Citrix Advanced Access Control 4.0
-- Corsaire Security Advisory --
Title: Sun J2RE DoS issue
Date: 05.09.06
Application: Sun JRE 5.0 prior to update 14
Environment: Sun JRE
Author: Martin O'Neal [EMAIL PROTECTED]
Audience: General distribution
Reference: c060905-002
-- Scope --
The aim of this document is to clearly define an
I agree completely with mz,
This is just how FireFox works, the data:text/html,base64;somestringinbase64==
is just pure functionality. The redirection parameters is not equal to a
vulnerability since as mz said, the attacker could just redirect to his own
site.
The best way to defend against
Hi MustLive,
I can confirm that this consumed most ressources in FireFox 3.5.2 as well.
I have the newest Google Chrome browser installed which might explain why.
Best regards, hopes, peace and love,
MaXe - Founder of InterN0T - Undergrou...
http://www.intern0t.net/
PS: The extra long
Hello MustLive,
Thanks for your immediate reply.
I have now tested what you said, cause I suspected that it was only happening
because Google Chrome was installed, due to FireFox isn't able to know what
``chromehtml:´´ is on its own. (it has to be associated with an application in
this
vBulletin - Cross Site Script Redirection
Versions Affected: 3.8.4 / 3.7.6 / 3.6.12
Patches Available: 3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1
Info: An XSS flaw within the user profile page has recently been discovered.
This could allow an attacker to carry out an action as a user or obtain
Yoast GA Plugin for WP - Cross Site Scripting Vulnerability
Version Affected: 3.2.4 (newest)
Info: The Google Analytics for WordPress plugin automatically tracks and
segments all outbound links from within posts, comment author links, links
within comments, blogroll links and downloads. It also
://forum.intern0t.net/intern0t-advisories/2528-vbulletin-3-8-4-pl2-insecure-custom-bbcode.html
All of the best,
MaXe
Versions Affected: 3.8.6 (Only!)
Info:
Content publishing, search, security, and morevBulletin has it all. Whether
its available features, support, or ease-of-use, vBulletin offers the most for
your money. Learn more about what makes vBulletin the choice for people
who are serious about
disclosed at InterN0T 24th July
- Bugtraq contacted (again) at: 28th July
References:
http://forum.intern0t.net/intern0t-advisories/2861-jira-enterprise-4-0-1-multiple-low-risk-vulnerabilities.html
All of the best,
MaXe
-db.com/finding-0days-in-web-applications/
http://www.youtube.com/watch?v=ni3inoHkOPc
http://forum.intern0t.net/intern0t-advisories/3329-search-engine-optimization-panel-2-1-0-critical-file-disclosure.html
November 2010
- Vendor (vBulletin Solutions / IB) contacted: 11th November
- Disclosed to Exploit-DB, Bugtraq and InterN0T: 14th November
References:
http://forum.intern0t.net/intern0t-advisories/3349-vbulletin-4-0-8-persistent-xss-profile-customization.html
http://www.vbulletin.com/forum/showthread.php
at: InterN0T, Full Disclosure, Bugtraq and Exploit: 20th November
References:
http://forum.intern0t.net/intern0t-advisories/3398-vbulletin-4-0-8-pl1-cross-site-scripting-filter-bypass-within-profile-customization.html
http://forum.intern0t.net/intern0t-advisories/3349-vbulletin-4-0-8-persistent-cross
=[]
=
Credits:
=
HighSecure.ir
Contact: advisories[aT]highsecure[dOt]ir
References:
http://www.highsecure.ir/research/20120822-paliz.txt
##
Scripting
Severity : Medium (3/5)
Advisory Reference : SOJOBO-ADV-13-01 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: Multiple vulnerabilities (SQL Injection and Reflected Cross Site
Scripting) was discovered during the testing of Sojobo, Static Analysis Tool.
II
(2/5)
Advisory Reference : SOJOBO-ADV-13-02 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: A Reflected Cross Site Scripting vulnerability was discovered
during the testing of Sojobo, Static Analysis Tool.
II. * Details *
===
A) Reflected Cross Site Scripting
/
http://wordpress.org/plugins/gallery-bank/
Vulnerability Type : Reflected Cross-Site Scripting
Severity : Medium (3/5)
Advisory Reference : SOJOBO-ADV-13-03 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: A Reflected Cross Site Scripting vulnerability was discovered
Vulnerability in Pydio/AjaXplorer = 5.0.3
Background:
Pydio allows you to instantly turn any server into a powerful file sharing
platform. Formerly known as AjaXplorer
Description of vulnerability
There is a path traversal vulnerability in the zoho plugin that is
Scripting
Severity : High (4/5)
Advisory Reference : SOJOBO-ADV-13-04 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: A File Inclusion and Reflected Cross Site Scripting vulnerability
was discovered during the testing of Sojobo, Static Analysis Tool.
II. * Details
Severity : Medium (3/5)
Advisory Reference : SOJOBO-ADV-13-05 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: A Reflected Cross Site Scripting vulnerability was discovered
during the testing of Sojobo, Static Analysis Tool.
II. * Details *
===
A) Reflected Cross
\BaseNamedObjects):
SophosALMonSessionInstance
Further details at:
http://www.portcullis-security.com/security-research-and-downloads/secur
ity-advisories/cve-2014-1213/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby
to any directory
specified by the attackers as the file upload function does not does not
verify file type or origin when processing the request.
Further details at:
http://www.portcullis-security.com/security-research-and-downloads/secur
ity-advisories/cve-2014-1214/
Copyright:
Copyright
Experts GmbH employee Eric Sesterhenn
Advisory URL: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
Advisory Status: Public
CVE-Number: CVE-2014-3875, CVE-2014-3876, CVE-2014-3877
Impact
==
It is possible to attack user sessions and to execute JavaScript in
another users browser. This might
Risk: high
Likelihood of Exploitation: low
Vendor: Perl
Vendor URL: http://www.perl.org
Credits: LSE Leading Security Experts GmbH employee Markus Vervier
Advisory URL: https://www.lsexperts.de/advisories/lse-2014-06-10.txt
Advisory Status: Public
CVE-Number: CVE-2014-4330
CVE URL: http
Mogwai Security Advisory MSA-2015-01
--
Title: WP Pixarbay Images Multiple Vulnerabilities
Product:Pixarbay Images (Wordpress Plugin)
Affected versions: 2.3
Impact: high
Remote:
Mogwai Security Advisory MSA-2015-03
--
Title: iPass Mobile Client service local privilege escalation
Product:Hewlett-Packard Universal CMDB (UCMDB)
Affected versions: iPass Mobile Client
ttps://www.lsexperts.de/advisories/lse-2015-10-14.txt
Advisory Status: Public
CVE-Number:
CVE URL: ---
Impact
==
Enables to read and modify the HumHub Mysql Database.
Issue Description
=
While conducting an internal software evaluation, LSE Leading
Security Experts GmbH discov
#
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#
#
# Product: ASP.NET Core
# Vendor:Microsoft https://www.microsoft.com
# CSNC ID:
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
#
# CSNC ID: CSNC-2017-004
# Product: Live Helper Chat [1]
# Vendor: Live Helper
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: PingID (MFA) [1]
# Vendor: Ping Identity Corporation
# CSNC ID: CSNC
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-030
# CVE ID
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-029
# CVE ID
##
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
##
#
# Product: iText PDF Library
# Vendor: iText Group
# CVE ID: CVE-2017
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
# Product: totemomail Encryption Gateway
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
# Product: totemomail Encryption Gateway
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Vert.x [1]
# CSNC ID: CSNC-2018-021
# Subject: HTTP Header
017-8802 for the issue
2017-12-12: Vendor released security fix & guidance to its customers
2018-01-10: Public disclosure
References:
---
[1] https://www.zimbra.com/
[2] https://www.synacor.com/
[3] https://www.compass-security.com/research/advisories/
[4] https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-027
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Atmosphere [1]
# Vendor:Async-IO.org
# CSNC ID: CSNC-2018-023
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: ownCloud iOS Application (owncloud.iosapp) [1]
# Vendor: ownCloud Gmbh
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: ownCloud Impersonate
# Vendor: ownCloud
# CSNC ID: CSNC-2018-015
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-026
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: SICAM A8000 Series
# Vendor: Siemens
# CSNC ID: CSNC-2019-002
# CVE
/advisories/cisco-webex-meetings-elevation-privilege-vulnerability
Date published: 2018-11-27
Date of last update: 2018-11-27
Vendors contacted: Cisco
Release mode: Coordinated release
*2. *Vulnerability Information**
Class: OS command injection [CWE-78]
Impact: Code execution
Remotely Exploitable
://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27
Vendors contacted: Cisco
Release mode: Coordinated release
2. *Vulnerability Information*
Class: OS command injection [CWE-78]
Impact: Code execution
SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/
Micro Focus Filr Multiple Vulnerabilities
1. *Advisory Information*
Title: Micro Focus Filr Multiple Vulnerabilities
Advisory ID: SAUTH-2019-0001
Advisory URL:
https://www.secureauth.com/labs/advisories/micro-focus-filr-multiple
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Apache Olingo OData 4.0
# Vendor: Apache Foundation
# CSNC ID: CSNC
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: VeloCloud
# Vendor: VMware
Mogwai Security Advisory MSA-2016-01
--
Title: PowerFolder Remote Code Execution Vulnerability
Product:PowerFolder Server
Affected versions: 10.4.321 (Linux/Windows) (Other version might be also
/* note for the moderator - this is a resend. If you have received the
previous copy, pls disregard this message; otherwise, pls remove this
comment before sending it to the list */
Fast Emergency AVET Response
SECURITY ADVISORY
PROTECTED]],
Andrew Danforth [[EMAIL PROTECTED]]
Vendor Status: Vendor has fixed version
CVE Candidate: CAN-2001-0329, CAN-2001-0330
Reference: www.atstake.com/research/advisories/2001/a043001-1.txt
Executive Summary:
Bugzilla is a web-based bug (and enhancement) tracking engine
users to log on, and grant certain
users privileged or administrator status, are most likely to be exploitable.
The current version of this document is available at
http://qDefense.com/Advisories/QDAV-2001-7-1.html.
Details: Many CGI's store data in a flat file database.
Note: A flat file
Interactive
Story to display the contents of any file.
The current version of this document is available at
http://qDefense.com/Advisories/QDAV-2001-7-3.html.
Details:
Interactive Story contains the following lines:
$nextfile = $story_dir/$in{'next'}.txt;
...
elsif ((-e $nextfile) ($in{'submit'} eq
the administrator
password check.
The current version of this document is available at
http://qDefense.com/Advisories/QDAV-2001-7-2.html.
Details:
In file AdLogin.pm, AdCycle uses the following SQL command to authenticate
a user signing in:
SELECT * FROM ad WHERE LOGIN='$account' AND PASSWORD
: www.atstake.com/research/advisories/2000/a081602-1.txt
Overview:
The NTFS filesystem supports hard links. A hard link is another
directory entry that points to the same physical file on disk. This
allows you to have multiple pathnames to the same file within
bulletin and patch
CVE Candidate: CAN-2002-0726
Reference: www.atstake.com/research/advisories/2002/a082802-1.txt
Overview:
Microsoft Terminal Server ActiveX client (http://www.microsoft.com
/windows2000/downloads/recommended/default.asp) is the ActiveX version
of the standard Windows Terminal
Cache 9.0.2.0.0
Platform: Windows NT/2000/XP
Severity: Remote anonymous DoS
Author: Andreas Junestam ([EMAIL PROTECTED])
Vendor Status: Oracle has released a bulletin
CVE Candidate: CAN-2002-0386
Reference: www.atstake.com/research/advisories/2002/a102802-1.txt
Overview
/advisories/2003/a010603-1.txt
Overview:
Multiple platform ethernet Network Interface Card (NIC) device
drivers incorrectly handle frame padding, allowing an attacker to
view slices of previously transmitted packets or portions of kernel
memory. This vulnerability is the result of incorrect
: TruBlueEnvironment
Platform: MacOS X (10.2.3 and below)
Severity: Local users can gain root privileges
Author: Dave G. [EMAIL PROTECTED]
Vendor Status: updated version of OS available
CVE Candidate: CAN-2003-0088
Reference: www.atstake.com/research/advisories/2003/a021403-1.txt
Overview
1 - 100 of 858 matches
Mail list logo