papers - advisories - coded stuff - links - board


Advisory #26
18.05.2006 - cosmoshop
show alle files as admin, SQL-Injection

Advisory #25
20.02.2006 - Guestbox 0.6
Set comments as admin, XSS, HTML-Injection, look IPs

Advisory #24
17.02.2006 - D-Link DWL-G700AP
Web Interface Remote Denial of Service Vulnerability

Advisory #23
05.02.2006 - general
logging illegal users logins can harm system securtiy

Advisory #22
04.09.2005 - cosmoshop <= 8.10.78
sql injection in adminpanel

Advisory #21
27.06.2005 - mpich 1.2.7
possible symlink attack

Advisory #20
26.06.2005 - SysCP 1.2.9-1.2.10 & ProFTPd 1.2.10
FTP passwords work for every account of an customer

Advisory #19
23.06.2005 - Bacula 1.34.3 - 1.37.25 (beta)
possible symlink attack

Advisory #18
25.11.2004 - EZshopper
Directory Traversal

Advisory #17
24.10.2004 - dwc_articles CMS
sql injection

Advisory #16
07.10.2004 - MS Internet Explorer
problems with large images

Advisory #15
07.09.2004 - serverview
insecure file permissions

Advisory #14
01.09.2004 - Linux Openexchange 4
cleartext password (root inc.) in swap

Advisory #13
18.05.2004 - OS-Commerce 2.2
viewing systems files

Advisory #12
05.04.2004 - SuSE YOU (YaST Online Update)
possible symlink attack

Advisory #11
30.03.2004 - clamd antivirus
NEVER use the "%f" option in your VirusEvent action...

Advisory #10
09.02.2004 - eTrust Virus Protection 6.0 InoculateIT (linux)
symlink, sticky bit, and registry vulnerabilities

Advisory #09
20.01.2004 - fvwm-bug, wm-oldmenu2new, xf86debug, winpopup-send, lvmcreate_initrd
symlink vulnerabilities in several scripts

Advisory #08
19.01.2004 - Fujitsu Siemens NetWorker 6.0
symlink vulnerability

Advisory #07
13.01.2004 - Antivir Linux Version 2.0.9-9
symlink vulnerability

Advisory #06
12.01.2004 - SuSE 9.0
a normal user can create and overwrite every file on the system

Advisory #05
06.01.2004 - Lotus Notes Domino 6.0.2 (linux)
insecure file permission vulnerability

Advisory #03
30.10.2003 - Led-Forums
XSS and HTML-injection vulnerabilities

Advisory #02
05.12.2002 - APBoard 2.02
users can subscribe a thread in an internal forum

Advisory #01
12.11.2002 - APBoard 2.02, 2.03
post threads to protected forums and possibility to hijack internal passwords