Corsaire Security Advisory - The Sun JRE product has a denial of service issue that may cause Internet Explorer to fail. Versions 5.0 prior to update 14 are affected.
16cb9b32ed76820b79ddb5155fcf3b33df66267c05af0ea1421bb733c1515110
The Citrix Access Gateway product suffers from a flaw that allows an attacker to gain access to an authenticated user's session ID.
01037c80d3fc5f9b8cef26ca90fb92ab47bbd0fb82f264f1211453f55312eb38
Corsaire Security Advisory - The aim of this document is to clearly define a vulnerability in the HP Ignite-UX product, as supplied by HP Inc., that would allow unauthenticated write access to the host filesystem, both remotely and locally.
bd7fc27a50d40ede02ba72bc8f8469bd365c3aa828f2f6c856f3e5b6b6c4fa87
Corsaire Security Advisory - The aim of this document is to clearly define a vulnerability in the HP Ignite-UX product, as supplied by HP Inc., that would allow unauthenticated access to a copy of the /etc/passwd file.
795d1dc86a63b7e0c62cc4672e2505d6773a262bd53570e6651222f8b8c385cf
Corsaire Security Advisory - The SAP Internet Graphics Server versions below 6.40 Patch 11 are susceptible to a directory traversal attack.
bc1bf9061a5b291ddad02fbb0d9b84f70b54b11e4937e46f27f17ae2e47c5288
Corsaire Security Advisory - The aim of this document is to clearly define several vulnerabilities in the Danware NetOp Host product that suffers from multiple information disclosure issues.
42db080f94b4a9d2053f5f711e043ba751541dcd77b4eb01d14059438cd13bce
Corsaire Security Advisory - By using malformed MIME encapsulation techniques centered on the presence of fields containing an RFC822 comment, embedded file attachment blocking functionality can be evaded.
74251de47904aae76e4bffb4f916da01cf56d98e7b1ed49b5e0f83010829c5b5
Corsaire Security Advisory - By using malformed MIME encapsulation techniques centered on the presence of non-standard separators, embedded file attachment blocking functionality can be evaded.
66ff35c775b45519831713986c8df93cd3e7b62b318c9ec3b8e112458a53ce8e
Corsaire Security Advisory - By using MIME encapsulation techniques centered on both standard and non-standard Content-Transfer-Encoding mechanisms, embedded file attachment blocking functionality can be evaded.
35436f55f94abd49272c41efd63997ec83f2d27a43061abf56462b465653327b
Corsaire Security Advisory - There are a number of content security gateway and anti-virus products available that provide policy based security functionality. Part of this functionality allows the products to block embedded file attachments based on their specific content type, such as executables or those containing viruses. However, by using malformed MIME encapsulation techniques centered on the presence of multiple occurrences of fields, this functionality can be evaded.
861f18b0357c439502c07a12285b7d20b18584f5ea50adaee7fcfa7ffc20f5c2
Corsaire Security Advisory - Clearswift MAILsweeper versions prior to 4.3.15 do not detect a number of common compression formats, for which it is listed as compatible, and in certain circumstances also fails to identify the name of file attachments when they are encoded.
3f047f592c34f90980051f2bc93509140eefe357ea985ae9b8430829c523dfa8
Corsaire Security Advisory - Sygate Enforcer releases prior to 3.5MR1 allow unauthenticated broadcast traffic to pass through.
21d9a16475777b2c30bcd941e5e7faebe82c5cfe876f2a8709cdc45163e95f60
Corsaire Security Advisory - Sygate Secure Enterprise versions prior to 3.5MR3 are susceptible to a replay attack that allows for resource exhaustion.
9518fde350500d8f1f17561d136500ea61cea2c37c0fb9f6ff05042d4ef28006
Corsaire Security Advisory - Sygate Enforcer 4.0 and prior releases are susceptible to a denial of service attack via malformed discovery packets.
c0ffd3b2d0fc4b2f508557dda3a080b8daea38175bc4d73cf4d1a38f69678dee
Corsaire White Paper: Cookie Path Best Practice. A brief document discussing how and why a cookie path should be strictly defined.
c30fa2410156b0fdf005bdaacdb6fc9efd561e2ce36194f3f8f20250a403b84a
Verity Ultraseek versions 5.2.1 and below suffer from a path disclosure vulnerability.
7d453bcafb1e5f1d30de0877909326e0a78a7f4796780b0c8aa184c41961b2cd
Corsaire Security Advisory - The PeopleSoft PeopleBooks Search CGI is susceptible to argument handling vulnerabilities that allow a remote attacker to gain access to files outside of the webroot.
54bdecc65f1cc150934bc3dc63cf2ef28eea6cf37d5cea1c26b8bb166ac96381
Corsaire Security Advisory - The PeopleSoft IScript interface accepts a number of arguments via HTTP POST/GET calls. Using a carefully constructed URL, Java code can be executed in a users context.
49c7d7dac2df8685c1ffa08b0ea2b20a702114b5f2b917806113e242380c3f43
Corsaire Security Advisory - The PeopleSoft Gateway Administration utility has a servlet that discloses its full path to the configuration files on the server when improper values are passed to it.
08f4265e6b6df73f2a516dc2004f39b7a6a8b4a9721fbac7e78d54b11bea003a
Corsaire Security Advisory - The Symantec Enterprise Firewall (SEF) 7.0 allows URLs to be blocked based on predefined regular expression patterns. Utilizing URL encoding techniques this functionality can be evaded.
88ab8f83030a662c57788624994d6f9339a65e39faa21fe5b363fa5e8832223d