Advisories (2007)
Please read our Vulnerability Disclosure Policy.
Plogger SQL Injection
Dec 17, 2007
An SQL injection vulnerability was identified in Plogger, a popular open source PHP photo gallery. CPNI (The Centre for the Protection of National Infrastructure) have been informed of this vulnerability. The vendor has also been informed and has released a code fix which is available from change set 489. The vulnerability would enable an attacker to inject arbitrary SQL statements. SQL injection inference techniques were used to develop a proof of concept exploit that could be used to access any field from the Plogger database (and potentially any field of any database accessible by the database user Plogger is configured to use).
IBM Lotus Domino "If-Modified-Since" Stack Overflow
Oct 15, 2007
The IBM Lotus Domino Web Server service is vulnerable to a stack based buffer overflow which can be exploited remotely. Upon reporting this issue to IBM it was discovered that this was a known issue which had been resolved in a number of previous releases and Fix Packs. However, the previously reported issue did not correctly assess the impact of the vulnerability or provide a description that allowed the vulnerability of a given system to be accurately assessed.
Merak Webmail XSS
Sep 17, 2007
The Merak Mail Server provides a web based interface called IceWarp which allows users to send and retrieve emails using a web browser. However, email content is not sufficiently sanitised which can result in the execution of arbitrary scripts. On accessing the web interface of the application the user is assigned two session IDs. An attacker could harvest these sessions IDs by sending specially crafted emails to users. The session IDs would be transmitted to the attacker when the users opened the malicious emails. With this information the attacker would be able to gain access to the users accounts.
Elastic Path - Administrative Session Hijacking through Embedded XSS
Apr 26, 2007
Elastic Path has been identified to be vulnerable to an embedded Cross Site Scripting (XSS) attack that could potentially allow remote attackers to hijack a legitimate administrator’s session cookie. An attacker could exploit this vulnerability to gain unauthorised access to the Elastic Patch Commerce Manager and obtain administrative privileges.
Cache Sample Page XSS
Apr 04, 2007
The sample Cache Server pages shipped with the Cache database contain a number of Cross Site Scripting(XSS)vulnerabilities. These could enable an attacker to target users of a web application deployed on the same system.
Communigate XSS
Feb 27, 2007
The CommuniGate Pro application provides a web based application allowing users to retrieve emails using a web browser. However, email content is not sufficiently sanitised and can result in the execution of arbitrary scripts. On accessing the web interface of the application the user is assigned a session ID, by sending a specially crafted email an attacker would be able to trick the user into transmitting their session ID to the attacker.
Cisco IOS Invalid DLSw Handshake Denial of Service
Jan 10, 2007
Data Link Switching is primarily used for transporting SNA communications across an IP network. Support for this protocol is provided by Cisco networking devices as part of IOS although it is not enabled by default. In specific configurations an attacker could use the DLSw service to trigger a reload of the router’s configuration resulting in a Denial of Service condition.