excluded.org

papers - advisories - coded stuff - links - board

Advisory #26

18.05.2006 - cosmoshop

show alle files as admin, SQL-Injection

Advisory #25

20.02.2006 - Guestbox 0.6

Set comments as admin, XSS, HTML-Injection, look IPs

Advisory #24

17.02.2006 - D-Link DWL-G700AP

Web Interface Remote Denial of Service Vulnerability

Advisory #23

05.02.2006 - general

logging illegal users logins can harm system securtiy

Advisory #22

04.09.2005 - cosmoshop <= 8.10.78

sql injection in adminpanel

Advisory #21

27.06.2005 - mpich 1.2.7

possible symlink attack

Advisory #20

26.06.2005 - SysCP 1.2.9-1.2.10 & ProFTPd 1.2.10

FTP passwords work for every account of an customer

Advisory #19

23.06.2005 - Bacula 1.34.3 - 1.37.25 (beta)

possible symlink attack

Advisory #18

25.11.2004 - EZshopper

Directory Traversal

Advisory #17

24.10.2004 - dwc_articles CMS

sql injection

Advisory #16

07.10.2004 - MS Internet Explorer

problems with large images

Advisory #15

07.09.2004 - serverview

insecure file permissions

Advisory #14

01.09.2004 - Linux Openexchange 4

cleartext password (root inc.) in swap

Advisory #13

18.05.2004 - OS-Commerce 2.2

viewing systems files

Advisory #12

05.04.2004 - SuSE YOU (YaST Online Update)

possible symlink attack

Advisory #11

30.03.2004 - clamd antivirus

NEVER use the "%f" option in your VirusEvent action...

Advisory #10

09.02.2004 - eTrust Virus Protection 6.0 InoculateIT (linux)

symlink, sticky bit, and registry vulnerabilities

Advisory #09

20.01.2004 - fvwm-bug, wm-oldmenu2new, xf86debug, winpopup-send, lvmcreate_initrd

symlink vulnerabilities in several scripts

Advisory #08

19.01.2004 - Fujitsu Siemens NetWorker 6.0

symlink vulnerability

Advisory #07

13.01.2004 - Antivir Linux Version 2.0.9-9

symlink vulnerability

Advisory #06

12.01.2004 - SuSE 9.0

a normal user can create and overwrite every file on the system

Advisory #05

06.01.2004 - Lotus Notes Domino 6.0.2 (linux)

insecure file permission vulnerability

Advisory #03

30.10.2003 - Led-Forums

XSS and HTML-injection vulnerabilities

Advisory #02

05.12.2002 - APBoard 2.02

users can subscribe a thread in an internal forum

Advisory #01

12.11.2002 - APBoard 2.02, 2.03

post threads to protected forums and possibility to hijack internal passwords