| |
|
|
|
Advisories
Note: Until March 31, 2003, VESARiA Network Security Specialists was known as qDefense.
 |
|
|
| |
| |
|
Advisory:
|
QDAV-2001-11-1 v1.1
|
|
Name:
|
Hypermail SSI Vulnerability
|
|
Release:
|
11.19.2001
|
|
Product:
|
Hypermail
|
|
Vendor:
|
Hypermail Development (http://www.hypermail.org)
|
|
Release:
|
11.19.2001
|
|
Severity:
|
Remote. Attacker may be able to execute arbitrary commands on servers that run Hypermail and SSI.
|
|
Overview:
|
Hypermail can be used to create arbitrary files, with arbitrary extensions, on the server, which may then possibly be used to execute SSI commands.
Full Details
|
| |
| |
|
Advisory:
|
QDAV-2001-7-2 v1.1
|
|
Name:
|
AdCycle SQL Command Insertion Vulnerability
|
|
Release:
|
07.16.2001
|
|
Product:
|
AdCycle
|
|
Vendor:
|
AdCyle (http://adcycle.com)
|
|
Release:
|
07.16.2001
|
|
Severity:
|
Remote. Attacker may gain AdCycle administrator status.
|
|
Overview:
|
AdCycle does not propely validate the user input. This input is used to form SQL commands, which are passed to a MySQL database. By submitting cleverly crafted input, an attacker can bypass the administrator password check.
Full Details
|
Citations:
|
Cited in Writing Secure Code, Microsoft Press, 2001.
|
| |
| |
|
Advisory:
|
QDAV-2001-7-1 v1.2
|
|
Name:
|
Multiple CGI Flat File Database Manipulation Vulnerability
|
|
Release:
|
07.12.2001
|
|
Product:
|
Numerous CGI's
|
|
Vendor:
|
Multiple
|
|
Release:
|
07.12.2001
|
|
Severity:
|
Remote. Severity varies, but can often be used to attain CGI administrator status, which can result in read/write/execute privileges.
|
|
Overview:
|
Numerous CGI's store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker may be able to manipulate these databases. While many types of CGI's may be vulnerable, CGI's which allow multiple users to log on, and grant certain users privileged or administrator status, are most likely to be exploitable.
Full Details
|
| |
| |
| | next >> |
© 2000 - 2012 VESARiA Network Security Specialists.
The advisories presented here may be reproduced, in whole or in part, provided that they are not modified
and that proper credit is given. In addition, if one is made accessible
via hypertext, a hyperlink to VESARiA
Network Security Specialists (http://www.vesaria.com) must be
included.
|
|
Vesaria, LLC
443.501.4044
NEW JERSEY:
708 Lakeview Drive
Lakewood, NJ 08701
MARYLAND:
722 Dulaney Valley Road, Suite 192
Towson, MD 21204
|
