VESARiA Network Security Specialists
About Vesaria Services Consulting Partners Research Customers Contact Us
 
   

Advisories

Note: Until March 31, 2003, VESARiA Network Security Specialists was known as qDefense.

 
 
Advisory: QDAV-2001-11-1 v1.1
Name: Hypermail SSI Vulnerability
Release: 11.19.2001
Product: Hypermail
Vendor: Hypermail Development (http://www.hypermail.org)
Release: 11.19.2001
Severity: Remote. Attacker may be able to execute arbitrary commands on servers that run Hypermail and SSI.
Overview: Hypermail can be used to create arbitrary files, with arbitrary extensions, on the server, which may then possibly be used to execute SSI commands.

Full Details

 
 
Advisory: QDAV-2001-7-2 v1.1
Name: AdCycle SQL Command Insertion Vulnerability
Release: 07.16.2001
Product: AdCycle
Vendor: AdCyle (http://adcycle.com)
Release: 07.16.2001
Severity: Remote. Attacker may gain AdCycle administrator status.
Overview: AdCycle does not propely validate the user input. This input is used to form SQL commands, which are passed to a MySQL database. By submitting cleverly crafted input, an attacker can bypass the administrator password check.

Full Details


Citations:

Cited in Writing Secure Code, Microsoft Press, 2001.
 
 
Advisory: QDAV-2001-7-1 v1.2
Name: Multiple CGI Flat File Database Manipulation Vulnerability
Release: 07.12.2001
Product: Numerous CGI's
Vendor: Multiple
Release: 07.12.2001
Severity: Remote. Severity varies, but can often be used to attain CGI administrator status, which can result in read/write/execute privileges.
Overview: Numerous CGI's store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker may be able to manipulate these databases. While many types of CGI's may be vulnerable, CGI's which allow multiple users to log on, and grant certain users privileged or administrator status, are most likely to be exploitable.

Full Details

 
 
   next >>   

© 2000 - 2017 VESARiA Network Security Specialists.  The advisories presented here may be reproduced, in whole or in part, provided that they are not modified and that proper credit is given.  In addition, if one is made accessible via hypertext, a hyperlink to VESARiA Network Security Specialists (http://www.vesaria.com) must be included.

Vesaria, LLC

 
© 2000 - 2017 Vesaria Network Security Specialists        
   About Vesaria   |   Legal   |   Privacy   |   Contact