SIG^2 Vulnerability Research Advisory - The DeskNow Mail and Collaboration Server suffers from multiple directory traversal vulnerabilities that allow for upload and deletion of arbitrary files.
e5cc733880d83bc8359f3372d9f85d1aacc030a576bf6551baddfeb8bdadb9e5Multiple vulnerabilities were found in Magic Winmail's Webmail, IMAP, and FTP services. Arbitrary file upload/download, cross site scripting, and directory traversal flaws all exist, along with the ability to access other user's mail. It really IS magic.
6cdd0f75b8a65fb62d8a4639fd3d414b32de01bbd3ab23bb7757fb4fa79da5d6NodeManager Professional 2.00 buffer overflow exploit that binds a shell to port 2001.
d2760218e3f15342798e63cffabc4d5d0a5db7643df4ce807004ab02371da3e8NodeManager Professional 2.00 has a stack overflow vulnerability that can be exploited by sending a specially crafted SNMPv1 trap.
2f7c4455305f9277c5d6931bd82f3660f702734db4e9275b16d3c83827dfb989Multiple vulnerabilies have been found in the Singapore Image Gallery Web Application version 0.9.10 including arbitrary file download, directory deletion, and cross site scripting flaws.
22cccd84c8257bb8aec34a71801c52d8b3d7958998bb930ff8723bb8f663f436Multiple vulnerabilities were found in CMailServer's Web Mail service including buffer overflow, SQL Injection and Cross-Site Scripting (XSS) flaws. CMailServer version 5.2 on English Win2K IIS 5.0 was tested.
84acf4cfdf663c21738923ba8986aefd2a8b5f25680f5eee678407da36243638Prevx Home's registry and buffer overflow protection features are implemented by hooking several native APIs in kernel-space by modifying entries within the SDT ServiceTable. This means that a malicious program with Administrator privilege can disable these features by restoring the running kernel's SDT ServiceTable with direct writes to \device\physicalmemory. Verified against Prevx Home Version 1.0 Build 2.1.0.0 on WinXP SP0, SP2.
cdbe8aa011cc24d5f6c3a5f694ae3235e1744f064bd8ed4e13f8f9f7a62e832fDocumentation on three vulnerabilities that were found in version 1.42 of 04WebServer. It includes a XSS vulnerability, lack of character filtering when writing to log file, and potential server restart problems after requesting a DOS device in the URL.
9e30e3662081d2b140cfec3c5c3ba0d3fb33894ffdf8a8d49135d7fe6b9219caA directory traversal vulnerability exists in several FTP commands of TwinFTP that may be exploited by a malicious user to access files outside the FTP directory. The problem lies with the incorrect filtering of directory name supplied to CWD, STOR and RETR commands. Versions tested: TwinFTP Server Standard 1.0.3 R2 (Win32) on English WinXP SP1, TwinFTP Server Enterprise 1.0.3 R2 (Win32) on English Win2K SP2.
d6f72bc7fab9132f3f56758b94be272eefba30b76a4c1dabb51e82a11d482c15Kerio Personal Firewall's Application Launch Protection can be disabled by Direct Service Table Restoration. Tested against Kerio Personal Firewall 4.0.16 on Win2K SP4, WinXP SP1, SP2.
67d4011d11c36f885399b20a133ddbac999ca016d4951bde14a9c135a00a1d66Exploit that simulates POP3 server which sends a specially crafted email to a vulnerable Gaucho email client, triggering an overflow and binding a shell on port 2001. Version 1.4 build 145 is susceptible.
c8e97e6293220ffcd697f03cd1b7f766ea7557076534f67514f931b5f9a45e9fGaucho version 1.4 Build 145 is vulnerable to a buffer overflow when receiving malformed emails from a POP3 server. This vulnerability is triggered if Gaucho receives from the POP3 server, a specially crafted email that has an abnormally long string in the Content-Type field of the email header. This string will overwrite EIP via SEH, and can be exploited to execute arbitrary code.
bad2f2ceea309c37340f7b2126c6ee4bfceb4e9ad6e52b92245fda99089f03fcSygate Personal Firewall Pro version 5.x is susceptible to a denial of service attack by being crashed via unprivileged applications sending specially crafted messages to the ListView control in the GUI.
c4b523beea4596ecf960bcae931886280975333d872f47098e91d7d4f0b32445
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed