[04.12.07] SonicWALL Global VPN Client Format String Vulnerability

A format string vulnerability in exists in SonicWALL Global VPN Client. The vulnerability can be triggered by importing a specially crafted configuration file.

[HTML | TEXT]

[01.11.07] Multiple Vulnerabilities in SonicWALL SSL-VPN Client

Multiple critical vulnerabilities have been found in the ActiveX components of SonicWALL SSL-VPN client. These vulnerabilities allow deletion of arbitrary files as well as arbitrary code execution on the client.

[HTML | TEXT]

[31.10.07] Perdition IMAP Proxy Format String Vulnerability

Perdition IMAP proxy is susceptible to a format string vulnerability. By exploiting this flaw, an attacker could execute arbitrary code on the affected system.

[HTML | TEXT]

[12.10.07] Madwifi xrates element remote DOS

Madwifi, the popular Atheros wireless device driver for linux, is vulnerable to a denial of service attack. An attacker could crash client machines that are listening for beacon frames using a fake access point.

[HTML | TEXT]

[07.07.22] Remote command execution in Joomla! CMS

The search component of Joomla! v1.5 beta2 allows an attacker to execute arbitrary PHP commands. It is e.g. possible to execute OS commands via system() calls. An attacker does not need to be authenticated to perform this attack!

[HTML | TEXT]

[07.06.01] PHP chunk_split() integer overflow

Due to missing input validation in the chunk_split function, the wrong size for a buffer is calculated. This can result in the allocation of a too small memory which leads to a buffer overflow.

[HTML | TEXT]

[2007.05.09] Multiple vulnerabilites in Nokia Intellisync Mobile Suite

Nokia Intellisync Mobile Suite v6 suffers from multiple vulnerabilities,

such as information/source code disclosure, cross site scripting and

denial of service.

[HTML | TEXT]

[2007.03.14] Apache HTTP Server / Tomcat directory traversal

If the Apache HTTP Server and Tomcat are configured to interoperate

with the common proxy modules (mod_proxy, mod_rewrite, mod_jk), an

attacker might be able to break out of the intended destination

path up to the webroot in Tomcat.

[HTML | TEXT]

[2007.03.09] MySQL 5 Single Row Subselect Denial of Service

MySQL 5 can be crashed by issuing specially crafted sql queries.

[HTML | TEXT]

[2007.02.26] File Disclosure in Pagesetter for PostNuke

The 3rd party module Pagesetter - up to its latest version (6.3.0

beta 5) - for PostNuke allows to read arbitrary files. An attacker

does not need to be logged in but has to know the filename.

[HTML | TEXT]

[2006.12.20] TYPO3 Remote Command Execution Vulnerability

The open source CMS TYPO3 is vulnerable to a remote command execution vulnerability. It can be exploited without logging into the backend and allows to completely compromise the web server where TYPO3 is installed.

[HTML | TEXT]

[28.06.06] Microsoft Outlook Web Access Cross Site Scripting Vulnerability - Vulnerability Details

Microsoft Exchange Server 2000 and 2003 which contain Outlook Web Access are vulnerable to cross site scripting attacks, alowing an attacker to steal session information using manipulated emails. An attacker can use this vulnerability to gain access to other people's emails.

[HTML | TEXT]

[13.06.06] Microsoft Outlook Web Access Cross Site Scripting Vulnerability

Microsoft Exchange Server 2000 and 2003 which contain Outlook Web Access are vulnerable to cross site scripting attacks, alowing an attacker to steal session information using manipulated emails. An attacker can use this vulnerability to gain access to other people's emails.

[HTML | TEXT]

[12.05.06] Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure

Enterprise FW leaks internal IPs of natted machines in response to certain HTTP requests.

[HTML | TEXT]

[13.04.06] Opera Browser CSS Attribute Integer Wrap / Buffer Overflow

A buffer overflow can be triggered in Opera Browser due to a signedness error in the processing of CSS tags.

[HTML | TEXT]

[23.12.05] File Disclosure using df_next_page parameter in OracleAS Discussion Forum Portlet

OracleAS Discussion forum is prone to a file disclosure vulnerability. By leveraging this flaw, the attacker can read arbitrary files on the webserver.

[HTML | TEXT]

[23.12.05] Multiple Cross Site Scripting Vulnerabilities in OracleAS Discussion Forum Portlet

Multiple XSS Vulnerablities in Oracle AS Discussion Forum allow for Session Theft and Relogin Trojan Attacks.

[HTML | TEXT]

[12.12.05] Nortel SSL VPN Cross Site Scripting/Command Execution

Nortels SSL VPN Web Client is vulnerable to cross site scripting/command execution. By supplying a malicious Link, an attacker can execute commands on the system of the vpn client.

[HTML | TEXT]

[11.12.05] Horde Framework XSS Bugs

Multiple Applications from the Horde Framework are vulnerable to cross site scripting attacks, thus allowing highjacking of session information.

[HTML | TEXT]

[02.12.05] Webmail Security and Browser related XSS Bugs

In this security information, we address serveral fixed and unfixed Cross Site

Scripting flaws of large scale webmail providers.

[HTML | TEXT]

[02.12.05] XSS in GMX Webmail

GMX Webmail is prone to Cross Site Scripting Attacks. Attackers could exploit this flaw to steal session credentials of valid users.

[HTML | TEXT]

[25.11.05] Multiple Vulnerabilities in vTiger CRM

vTiger CRM is vulnerable to multiple security flaws that allow an attacker to gain administrativ privilediges on the CRM and execute arbitrary commands on the system.

[HTML | TEXT]

[07.11.05] Macromedia Flash Player ActionDefineFunction Memory Corruption

Loading a specially crafted SWF leads to an improper memory access condition which can be used to crash flash player or may be exploited as a vector for code execution.

[HTML | TEXT]

[07.11.05] toendaCMS multiple vulnerabilites

ToendaCMS contains various security flaws. These include theft of CMS usernames and passwords, session theft, directory traversal / reading of arbitrary files and arbitrary file uploads.

[HTML | TEXT]

[25.10.05] RSA ACE Web Agent XSS

Due to inadequate input validation, RSA Authentication Agent is vulnerable to a Cross Site Scripting attack.

[HTML | TEXT]

[25.10.05] Snoopy Remote Code Execution

Whenever an SSL protected webpage is requested with one of the many Snoopy API calls, it calls the function _httpsrequest which takes the URL as argument. Using a specially crafted URL, an attacker can supply arbitrary commands that are executed on the web server with privileges of the web user.

[HTML | TEXT]

[21.10.05] Yahoo / IE6 XSS

Since April 2005, SEC Consult has identified multiple Cross Site Scripting vulnerabilities in Yahoo Webmail. While all vulnerabilities have been fixed in the production environment, we think that the HTML blacklisting approach does not fully protect against XSS threats.

[HTML | TEXT]

[29.06.05] IE6 javaprxy.dll COM instantiation heap corruption

Loading HTML documents with certain embedded CLSIDs results in null-pointer exceptions or memory corruption. in one case, we could leverage this bug to overwrite a function pointer in the data segment. it *may* be possible to exploit this issue to execute arbitrary code in the context of IE.

[HTML | TEXT]

[17.06.05] Source Code Disclosure in Yaws Webserver

If a null byte is appended to the filename of a yaws script, the yaws webserver returns a page containing the source code of the according script. This flaw allows a malicious attacker to analyse the source code of the entire web application, which might result in the attacker gaining sensitiv information like passwords.

[HTML | TEXT]

[02.06.05] Arbitrary File Inclusion in phpCMS 1.2.x

Due to insufficient input validation, arbitrary files can be read using phpCMS 1.2.x.

[HTML | TEXT]

[02.06.05] Exhibit Blind SQL Injection

Using blind SQL injection, data from Exhibit Engine's database can be read.

[HTML | TEXT]

[22.05.05] Yahoo Webmail Cookie Theft

Yahoos blacklists fail to detect script-tags in combination with special characters like NULL-bytes. This leavas Webmail users using MSIE vulnerable to typical XSS / Relogin-trojan / Phishing / Pharming attacks.

[more...]

[16.12.04] PHP Input Validation Vulnerabilities

PHP contains a vulnerability that allows an attacker to use NULL bytes to disclose local files. A second vulnerability exists that makes it possible to perform directory traversal for uploaded files.

[more...]

[13.12.04] Multiple Vulnerabilities in SugarSales
Multiple Vulnerabilities have been found in the open source customer relationship management software SugarSales. These vulnerabilities are: Full Path Disclosure, Install Script, File Inclusion/Remote Command Execution, SQL Injection. Some of the vulnerabilities described in this advisory can only be exploited while logged into SugarSales, however there are also numerious flaws that can be exploited by a bypasser without the knowledge of a username or password.
[mehr...]

[29.11.04] Password Disclosure for SMB Shares in KDE's Konqueror
The KDE program Konquerer allows for browsing SMB shares comfortably through the GUI. By placing a shortcut to an SMB share on KDE's desktop, an attacker can disclose his victim's password in plaintext.
[mehr...]

[23.09.2004] Motorola Wireless Router WR850G Authentication Circumvention
Motorola's Wireless Router WR850G contains a vulnerability that allows an attacker to log into the system without knowing username or password. Additionally hidden pages exist in the web interface that disclose username and password of the administrator.

[more...]

[06.06.2004] PHP escapeshellarg Windows Vulnerability

Because of a input validation flaw in PHP, an attacker can execute shell commands even tough the function escapeshellarg was used.
[more...]

[30.03.2004] Multiple Vulnerabilities in LinBox

Multiple security flaws in LinBox allow an attacker to change system settings, read user passwords in plaintext and execute commands over SSH on the system.

[more...]

[01.09.2003] Internet Transaction Server Multiple Vulnerabilities

Multiple vulnerabilities in SAP Internet Transcation Server allow an attacker to read hidden information or perform Cross Site Scripting attacks.

[more...]

[24.07.2003] paFileDB 3.1 OS-Cmd execution

Two security flaws in paFileDB 3.1 allow an attacker to execute arbitrary commands on the system. Additionally an attacker can upload arbitrary files to the server.

[more...]

[14.07.2003] W-Angora Multiple Vulnerabilities

W-Angora 4.1.5 features multiple security flaws that can lead to compromittation of the system. The flaws include: Information/Path Disclosure, Arbitrary File Upload, OS Command Execution, Cross Site Scripting
[more...]

[11.07.2003] Invision Powerboard V.1.1.2 Multiple Vulnerabilities

Invision Powerboard is vulnerable agains Cross Site Scripting and SQL Injection attacks. The attacker might be able to use the flaws to gain control over the system.

[more...]

[28.02.03] Axis Webcam DOS

The web administration interface of Axis 2400 webcams contains two security flaws that allow an attacker to perform denial of service by shutting down the camera.
[more...]

[28.02.03] Typo3 3.5b5 Security Check Results

During a security check of Typo3 3.5b5 multiple serious vulnerabilities have been discovered. Those are: Path Disclosure, Arbitrary File Retrieval/Command Execution and Cross Site Scripting.
[more...]