Advisories
Please read our Vulnerability Disclosure Policy.
Full TextSophos RMS / TAO Component Denial of Service
Jan 16, 2009
The Remote Management System (RMS) router component of Sophos Anti-Virus utilises TAO, which is a third party developed message request broker that contains a vulnerability. This RMS component is used by a service in installations of Sophos software. By constructing a specially crafted packet it is possible to cause the service to terminate. This attack could be performed without authenticating to the remote system.
WebSphere MQ TCPReceive Heap Overflow
Jan 12, 2009
The WebSphere MQ service can be used to transfer messages between systems and applications. A signed check error and subsequent heap buffer overflow vulnerability has been identified in the TCPReceive function. The vulnerability is associated with the copying of data received in MQ packets on the heap. This could be used to terminate a core MQ process and although this would restart, this technique could still be used to perform a Denial of Service (DoS) attack. Given sufficient time and effort this issue could potentially result in the execution of arbitrary code. The vulnerable function can be reached in a number of ways and could be exploited by unauthenticated attackers.
WebSphere MQ xcsGetMem Heap Overflow
Jan 12, 2009
The WebSphere MQ service can be used to transfer messages between systems and applications. An integer overflow and subsequent heap overflow vulnerability has been identified in the packet parsing routines. This vulnerability is associated with the memory allocation code and can result in the overwriting of data on the heap. This vulnerability could be exploited to execute arbitrary code.
HP Quality Center Authentication Bypass
Oct 03, 2008
HP Quality Center versions 9.0 and 9.2 makes extensive use of ActiveX components and auxiliary client side DLL's. During use of the application, allot of client side processing takes place. By exploiting the weak trust boundary between the server and the client components, it is possible to bypass authentication for the HP Quality Center administrative pages.
PluggedOut CMS User Authentication Bypass Vulnerability
Jul 31, 2008
The PluggedOut Content Management System allows user’s to manage the content of their website through a web based administration portal. The administration is performed through a PHP script and allows authenticated users to manage the website and upload new PHP content. Using this vulnerability an attacker could gain access to the CMS system and would be able to upload new PHP content.