HP OpenView Network Node Manager 6.41 and 7.5 running on Solaris 8 and possibly other versions suffer from an input sanitization vulnerability leading to command execution.
3e81f46fdcedfadbe17c7ee06e37ef2087c97af56053ad55459cd886e0a9cd78The ACPI 1.6 BIOS is susceptible to a denial of service attack due to a code logic error.
ed8d0c1b362501811eb00bac555b4f26fc66345b00304f9067d8d489e32bbd94Portcullis Security Advisory - The Emotion MediaPartner Web Server version 5.0 suffers from a classic directory traversal attack.
6be621a00b4ac12f30f5e4697e1024e0eab7f2133fbd8e721232b10ea90de2e7Portcullis Security Advisory - Portcullis consultants have discovered that by manipulating the values of certain variables used during report selection in the Bottomline Webseries Payment Application, it was possible to cause the application to download and execute arbitrary reports from any machine on the network capable of supporting Windows shares.
f009c2380fcd1cbba7d66f9f2ef31670954a3f2029a98ee9d84cca0d3ba4fb05Portcullis Security Advisory - The change password functionality in the Bottomline Webseries Payment Application does not require a user to enter their current password.
ac14e74b201c189bcc58ed1aee9a9b5cbb3fea5c50d6ced8f5457799f2b35a84Portcullis Security Advisory - The password policy that enforces the minimum length of passwords in the Bottomline Webseries Payment Application is implemented in the client browser using JavaScript which can be bypassed using any local proxy system.
916e830c66d6a47c2b5807ae33235c48e2ea7625fe80c6360a0cb542e2807e0dPortcullis Security Advisory - By manipulating the values of certain variables used during report selection it was possible enumerate the directory structure on the web server of the Bottomline Webseries Payment Application.
ea62a539bcf86d0e469c020637e6a639c321a7f55f2288b8085e3922eae483f3Portcullis Security Advisory - The Bottomline Webseries Payment Application system embeds full paths to files on the underlying filesystem in various HTTP variables. reference directories and files on the web server.
af4ded5365a3c80754f7a8a99c94d1aed1f24fd909030ccb31e074c1b5e27f37Portcullis Security Advisory - Emotion MediaPartner Web Server versions 5.0 and 5.1 have a flaw where the source of a bhtml file can be displayed with a period or plus sign are added to the request.
55943bc26b57178fe615eee1793659d16450a87ea92cf01ae4f68b6e1a996da6Portcullis Security Advisory - MediaPartner 5.0 has a logic flaw that allows the authentication mechanism to be bypassed.
05088e775c9bc1cab5b434d2c2c98482abcb4b89534f2d9f790543be62b33c1ePortcullis Security Advisory - Bottomline Webseries Payment Application system fails to authenticate user actions when direct URLs are accessed.
5a581420b27f4f143ed0c88ebb559d474bd8494bfaaec71645fbfc7df5cea0ee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed