CERT Quarterly Summary for May, 2001. Since the last regularly scheduled CERT summary, issued in February 2001 (CS-2001-01), we have seen a significant increase in reconnaissance activity, a number of self-propagating worms, and active exploitation of vulnerabilities in snmpxdmid, BIND and IIS by intruders.
4a4c69c74f9f9dfbf99e62d106c6b336a191d5792a093ca4b01aa1079a25f3c2CSC-CMS version 1.0.0 suffers from an ignored default credential vulnerability.
b9b7d88201df987f68f4f94bc9586defedd0a450d1c101b01f60ef5a6953ce24CSC-CMS version 1.0.0 suffers from a remote SQL injection vulnerability.
ae1f929eee44c923aaf211504bbbdd43d54c37767bd9674ac5a38adfc59453a6Coffee Shop Cashiering System version 1.0 suffers from a remote time-based SQL injection vulnerability.
f964a4311244797b00b346857d8249aa0ed9e3ed4fbb20b2da7ac878fcd027a6GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts.
513dd9d3220aed0443768d76d63650e8af9dc973885a471803f11ba9b1c10d5cMicrosoft Windows Containers suffers from a DP API design flaw where encryption keys are shared and reused between images.
9ca89e4b58c712f3b5cd994828e6290959a5d09fa6b74c261d55967effb8af17Apache MyFaces versions 2.2.13 and below, 2.3.7 and below, 2.3-next-M4 and below, and 2.1 and below suffer from a cross site request forgery vulnerability.
9496fb42b8d7b245393af79c43e00c9737bf7e2ce2f045cabe480e1ebae73876PLANEX CS-QP50F-ING2 security surveillance smart camera remote configuration disclosure exploit.
3726f2fc1651bd0eeed4b2842077106b9266fafd2395f49bfb65b2d0d32d68f0CSE Bookstore version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Alper Basaran in October of 2020.
fc951b6ccd26f9e3555d4b13f66f6d079b229758376a158cab4a785dac9e81efCSE Bookstore version 1.0 suffers from a persistent cross site scripting vulnerability.
43b48eac38ffbd3edb385a455b2a2eb549a7ebfca5a7d897033f98bd7f828bf3CSE Bookstore version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
22ade0807de506d719e10260a6706f161c23e19eabb44126ae5efb25be5761a3Details for performing a local file inclusion attack on CS-Cart version 1.3.3, a really old version.
ddf9554006d39786c262545673c21d61bb45fc6461be190a2232a46653661721Details for achieving remote code execution on CS-Cart version 1.3.3, a really old version.
4f690f72e60232a009b2067ca291afec05fa7b7866b7cdeba59bfcaa0b0084bcCS Cart version 4.6.2 suffers from a remote shell upload vulnerability.
f1ee462ab8b8fb7db0ca71f0fe2dd6b5d840e12bdfd35c6ed9f2ecdcbed12fbaCounter Strike: Condition Zero .BSP map file code execution exploit.
1aaae42dcf775bae0172248b3082263a9ac732e19aa248d45bc4c3b2e68c7ed7CS-Cart versions 4.3.10 and below suffer from an unauthenticated XML external entity (XXE) injection vulnerability.
d055752e041a2e34fe412240fa6a2df718f958b7dee0c4a6b2350b08ba38432aThe CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected.
51550678e302e308a0266d2824d45d664b115efd79d9d9699ff2ea9b8606149cThe management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing the password. Fixed in version 5.0. Version 4.0.11 is affected.
b01690bfbbc4be90118e3f7f950ff41e45b8a303eb3e13ca92e517d946087a0aThe CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected.
8cc3148316f4aa4c7d8a4758a7e89063b6e5b83abbe5c26a33241c18c888460cThe CollabNet Subversion Edge Management web application does not restrict users to be logged in only once and does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected.
136cd2ad53bd137bb66b883f29da54e22164f5784ffa08198eb81b5bca4a4facThe CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected.
c4a5be8f15df488c6909bf4b2ac7dc41e0d49ed272885ca67e0b4f9bf8d4b650The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "listViewItem" parameter of the "index" action. Fixed in version 5.0. Version 4.0.11 is affected.
056057c0fb271eb7d3df3d949644529069ad9b220d3cea13dac2b89f6483c3e0CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected.
c207b180dc94d5a50e20b860125c9f73e2c49f364c17a3013f7603f8c6f2d141The CollabNet Subversion Edge Management does not implement a strong passwordpolicy. Passwords like "aaaaa" are allowed as the only requirement is that the password is at least 5 characters long. Fixed in version 5.0. Version 4.0.11 is affected.
f122205e04ea0584d756f4c07ab8c745e0d178bd283e8cbc86963df7402628e9The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled. This may allow an attacker to retrieve a stored password from the browsers key store. Fixed in version 5.0. Version 4.0.11 is affected.
020e15b4242216e2e5a8d794bda6b2c2bedd387d58410fbce5ecb455fa026919The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.
37d936d9d7e63a4ff0e4d5ba93bd86e716a8d053ae486aae462f028a417603cc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed