Contenuto

Advisory

ToutVirtual VirtualIQ Pro Multiple Vulnerabilities

  • 2009-11

ToutVirtual's VirtualIQ Pro is specifically designed for IT administrators responsible for managing virtual platforms. VirtualIQ Pro provides Visibility, Analytics and policy-based Optimization - all from one single console. VirtualIQ Pro is hypervisor-agnostic supporting both Type I and Type II hypervisors. VirtualIQ Pro can be used to visualize, analyze and optimize your choice of virtualization platform - Citrix, Microsoft,Novell, Oracle and/or VMware. Multiple vulnerabilities have been found which a allow an attacker to conduct variuos XSS and CSRF attack, and other attacks due to the use of an old an not hardened version of the web server.

VMware Studio 2.0 Beta directory traversal

  • 2009-09

VMware Studio provides mechanisms for authoring, on-site management,distributing and deployment of production-ready virtual appliances. An arbitrary file upload vulnerability, due to a path traversal in a file upload script, has been identified.

Citrix XenCenterWeb Multiple Vulnerabilities

  • 2009-01

Citrix XenCenterWeb is a web interface for Citrix XenServer environment management. Users of XenCenterWeb will be able to see a list of Virtual Machines in the Resource Pool, perform life-cycle actions (start, shutdown, restart, etc.), get basic information about the hosts in the Resource Pools, information about the VMs and also connect to the console of the VMs. Because of poor validation of some user controlled inputs, a variety of attacks against the application and the underlying server are possible. Cross-site scripting, cross-site request forgery, SQL injection and remote command execution attack vectors were identified as well. XSS and CSRF attacks can be performed on the virtual appliance itself, while the others require the PHP parameter "magic quotes gpc" to be off on the web server.

Plunet BusinessManager

  • 2008-12

Plunet BusinessManager is a powerful software for traslation companies. Plunet BusinessManager suffers of incorrect validation of some input forms, Stored Cross Site Scripting attacks are allowed. Moreover customers and traslators can access data and file not related to them.

Genesys Voice Portal Manager XSS

  • 2008-07

.Voice Portal Manager is part of Genesys Voice Platform, a software, standards-based platform that enables businesses to provide cost-effective customer interactions. Secure Network discovered an input validation error which leads to an XSS vulnerability in Voice Portal Manager's web console.

Ruby rb_ary_fill() Denial Of Service

  • 2008-06

Ruby is an interpreted language, used in a wide range of applications. The specific issue is a Denial of Services vulnerability, caused by an integer overflow. However it doesn't allow arbitrary code execution.

Philips VOIP841 Multiple Vulnerabilities

  • 2008-01

VOIP841 is one of the first DECT cordless phones with an embedded Skype client. Without a computer, it is possible to call directly other Skype users or international numbers using SkypeOut as well as the regular PSTN line. Multiple vulnerabilities have been found in the latest version of this VOIP phone, ranging from an hidden administration account to XSS and directory traversal. Various consequences are associated with these issues, such as theft of Skype authentication credentials stored in the phone and information disclosure.

SimplePHPBlog Multiple Vulnerabilities

  • 2007-03

SimplePHPBlog is a blogging application that was written with simplicity of installation and maintenance in mind. Multiple vulnerabilities have been reported in the latest version of this web application; probably all previous versions are affected to the same issues. The specific issues include multiple cross-site scripting flaws and an arbitrary file upload vulnerability. Various consequences are associated with these issues, such as theft of cookie-based authentication credentials and arbitrary remote code execution.

Boa (with Intersil Extensions) HTTP Auth Bypass

  • 2007-02

Boa is a single-tasking HTTP server. Boa is very low on hardware usage and is therefore used on many embedded systems, including routers, wireless access points and portable devices. It is possible to overwrite the "admin" password in memory, thus allowing an attacker to gain access to the web interface and alter configuration parameters.

GCALDaemon Remote DoS

  • 2007-01

GCALDaemon is an OS-independent Java program that offers two-way synchronization between Google Calendar and various iCalendar compatible calendar applications. An input validation flaw permits to craft an HTTP request with an abnormal content-length value; this malformed request could trigger a denial of service that arises from a Java out of memory fatal error.

Multiple Vulnerabilities in Hummingbird Collaboration

  • 2006-01

Hummingbird Collaboration is a Web-based collaborative groupware. A number of remotely exploitable vulnerabilities exist, ranging from Cross-Site Scripting (XSS), to improper file handling and information disclosure.

Siemens SANTIS 50 Authentication Vulnerability

  • 2005-01

The Siemens Santis 50 Wireless router is a wi-fi (802.11b) ADSL router. This bug provides access to the management CLI, without authentication,after a DOS attack to a specific service port.

Downloads

Events

Technologies

  • SecureFirewall

    Check that your firewall is doing its job properly (in 90% of cases it...

  • SecureMail

    The integrated hardware/software appliance is extremely simple to set ...

  • OpenSource

    Access to the source code would allow anyone with sufficient technical...

  • More technologies»