Our Security Advisories

8/2006 Multiple RSS Readers Vulnerable I gave a presentation at 2006 Blackhat Vegas about RSS and Atom Vulnerabilities. At this talk I released a list of vulnerable readers along with a whitepaper.

Link: SharpReader Atom Feed Script HTML Injection Vulnerability
Link: RSSReader RSS Feeds Atom Feed Multiple HTML Injection Vulnerabilities
Link: RSSOwl Atom Feed Script HTML Injection Vulnerability
Link: NewsGator FeedDemon Active Script Code-Execution Vulnerability


04/13/2005 IBM WebSphere Widespread configuration JSP disclosure I found a widespread misconfiguration issue in WebSphere allowing for JSP sourcecode disclosure while at my previous employer.
Link: IBM WebSphere Widespread configuration JSP disclosure

5/2003 Internet Information Services 5.0 Denial of service I found a denial of service in IIS while at my previous employer.
Link: Internet Information Services 5.0 Denial of service

 

5/2003 Multiple Issues in Sun One Application Server I found several issues in Sun One while at my previous employer.
Advisory Link: Multiple Vulnerabilities in Sun-One Application Server



4/10/02 Cgisecurity.com Advisory #9
I recently found two Cross Site Scripting holes while helping a friend with a pen test. One in Novell's Websearch product, and the other in Microsoft's IIS 4.0 and 5.0.

Advisory #9
Cert Advisory
Japanese translation


6/10/01 Cgisecurity.com Advisory #8

During the writup of my header manipulation paper I found a hole in w3perl stats software. I have decided not to writup a full advisory on it but instead link to the securityfocus mention of my findings. I originally sent out the semi advisory with the paper to show its possibilities.

W3perl Advisory Held at securityfocus.com


6/10/01 Cgisecurity.com Advisory #7
We found that mailman a popular email archiving software is affected by a cross site scripting bug. This is a very popular software package and it is recommended to upgrade to version 2.0.8 to fix this problem.

Advisory #7
Japanese translation
Cert Advisory on Cross site scripting
Debian Advisory
Connectiva Advisory
RedHat Advisory #1
Redhat Advisory #2

Patch Information included in advisory


6/10/01 Cgisecurity.com Advisory #6

We found that thttpsd and mini_httpsd are affected by the same hole. This hole allows reading of htpasswd files and possibly other protected files if an attacker has the correct filename.

Advisory 6
Japanese translation

Patch information is included in the advisory.

6/10/01 Cgisecurity.com Advisory #5 We have found a hole in VirtualCatalog Manager that will allow a attacker to execute commands on a remote system. The vendor has been informed of this problem and upgrading should fix the problem.

Advisory 5
Japanese translation

(We originally posted this advisory and made a slight error in the product name which has been both corrected publicly but also within this site.)


3/09/01 Cgisecurity.com Advisory #4
The staff at cgisecurity.com have found a security issue in "The Free On-line Dictionary of Computing" which is used on quite a few sites. It allowed LIMITED command execution and allows remote file reading.

It can be located here
Japanese translation

Note: Patch included from vendor. It will on the otherhand still allow reading of any file in the present dir which means that if you have any important files with passwords in this directory you have been warned.

This script needs to be able to read various file types and the vendor decided not to limit it to certain file types only. While this may normally be a good idea to incorporate this script lies within its own directory of "foldoc". This means only files within "Foldoc" could be read.

1/08/01 Cgisecurity.com Advisory #3
The staff at cgisecurity.com have found a security issue in bbs_forum.cgi. Every version we have tested allowed command execution and allowed remote file viewing. The vendor has told us that not every version is effected but a great majority are.

It can be read about Here
Japanese translation


11/??/00 Cgisecurity.com Advisory #2

This advisory shows how dcforum.cgi can be used to read remote files otherwise not allowable by the world. There is also a serious side effect of this script which is contained inside.

It can be read about Here
Japanese translation


10/??/00 Cgisecurity.com Advisory #1

This advisory shows how quikstore.cgi can be used to read remote files otherwise not allowable by the world.

It can be read about Here
Japanese translation
The full vendor patch can be located Here

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!


Post a comment







Remember personal info?