[Full-disclosure] [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection
The Novell ZENworks Patch Management Server 6.0.0.52 is vulnerable to SQL injection in the management console. To being able to exploit this issue the administrator have to manually created a none-privileged account as minimum, to allow exploitation. Fix: Upgrade to ZENworks Patch Management version 6.2.2.181 (or newer hot fix via your PLUS server) found at http://download.novell.com. Note: The 6.0.0.52 CD ISO image was on the Novell download site up until the 2nd week of September, 2005. The ZENworks Patch Management CD ISO image that is currently available at the download site at the time of this document being published http://download.novell.com/Download?buildid=5_kRStyf9wU~ ISO Name: ZEN_PatchMgmt_Upd6.2.iso Size: 323.8 MB (339607552) MD5: aeb244ecdf29c83cb8388fae1a6a1919 A technical description of the vulnerability can be read at: http://www.cirt.dk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CIRT.DK] Ipswitch Whatsup small Business 2004 - Directory Traversal
Title: [CIRT.DK] Ipswitch Whatsup small Business 2004 - Directory Traversal Vendor: IpSwitch Product: Ipswitch Whatsup small Business 2004 Description: The Whatsup Small Business 2004 are vulnerable to a directory traversal attack using "../" Read the full advisory at http://www.cirt.dk CIRT.DK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow
Title: [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow Apple Quicktime are vulnerable to a buffer overflow in the handling of .JPG/.PICT files Read the full advisory http://www.cirt.dk/advisories/cirt-41-advisory.pdf CIRT.DK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] QUICKTIME vuln: Apple pulls a Microsoft stunt
Title: QUICKTIME vuln: Apple pulls a Microsoft stunt Hey there Just an update it seems that Apple uses the same developers as Microsoft Apple QuickTime is still vulnerable: Tested on MAC OS X and Windows Platform Save the following file and open with QuickTime http://www.cirt.dk/tools/exploits/Apple_VS_MS.jpg you could change the name to Apple_VS_MS.pict ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow
The security flaw When sending a large amount of data to the SentinelLM service, it will result in a buffer overflow where the Extended Instruction Pointer are overwritten, allowing arbitrary code being run on the server, with the rights of the service. About SafeNet inc. SafeNet provides complete security utilizing its encryption technologies to protect communications, intellectual property and digital identities, and offers a full spectrum of products including hardware, software, and chips. About Sentinel License Manager Sentinel LM is a software-based license management application allowing application developers to implement multiple pre-built license models with a single software development integration effort. Read the entire CIRT-30-advisory at http://www.cirt.dk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
[Full-disclosure] [CIRT.DK - Advisory] Novell eDirectory 8.7.3 DOS Device name Denial of Service
ID: NOVL102201 Domain: primus Solution Class: Novell Fact: Novell eDirectory 8.7.3 for Windows 2000 Fact Novell eDirectory 8.7.3 for Windows NT Symptom: Requesting "DOS Device in Path Name" Denial of Service Symptom: Attack causes error in dhost.exe application Symptom: Attack causes nds service to stop until manually restarted. Symptom: Problem is not reproducible when using the current interm release for eDirectory 8.7.3 which is currently IR6 Read the full advisory at http://www.cirt.dk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module
ID: NOVL102200 Domain: primus Solution Class: Novell Fact: Novell iManager 2.02 Fact: Apache 2.0.48 Fact: OpenSSL 0.9.7 Symptom: OpenSSL ASN.1 Parsing vulnerability in Apache Symptom: Server stops responding and an error occurs Cause: Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. These issues could be exploited to cause a denial of service or to execute arbitrary code. Fix: These vulnerabilites are corrected in OpenSSL 0.9.7d. iManager 2.5 ships with OpenSSL 0.9.7d - to resolve the vulnerability upgrading is suggested. Read the full advisory at http://www.cirt.dk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CIRT.DK [Cryptomathic ActiveX Buffer Overflow (TDC Digital signature)]
Title: CIRT.DK [Cryptomathic ActiveX Buffer Overflow (TDC Digital signature)] A vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The suite consists of Cryptomathic PrimeInk CSP and some ActiveX objects. The primary task of the CSP is to handle private RSA keys that are encrypted by keys derived from the user provided passwords. The ActiveX objects assist in key management operations like certificate request generation, installation of issued certificate, key and certificate backup/recovery and change of password. The PrimeInk CSP product and the ActiveX utility objects are developed by Cryptomathic, for TDC Digital Certificates adhering to the Danish OCES certificate policy. While Cryptomathic PrimeInk CSP is used by many institutions around the world, the ActiveX objects have only been distributed as part of TDC's Microsoft CSP suite in Denmark. The vulnerability allows code execution on any client machine that has the component installed if the user navigates to an attacker-created website. The attacker creates a website that calls the installed ActiveX component, or it would be possible to make an email with an embedded HTML page thereby triggering an overflow. The full advisory can be read at http://www.cirt.dk/advisories/cirt-43-advisory.pdf CIRT.DK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [TOOLS] CIRT.DK WebRoot Version v.1.7
Name: CIRT.DK WebRoot - Bruteforcing tool Version: 1.7 Author/Developer: Dennis Rand - CIRT.DK Website: http://www.cirt.dk Copyright: (c)2005 by Dennis Rand Remember: This program may NOT be used, published or downloaded by any Danish company, unless explicit written permission. This would be violation of the law on intellectual property rights, and legal actions will be taken. Bugs/Features: Report bug and/or features to [EMAIL PROTECTED] Thanks to: Philippe Caturegli for all the nice feature ideas What this tool does: Have you ever been auditing a system where files are stored on a web server and accessed without authentication directly by an application that knows each file URL. Have you tried a number of spider tools but they are based on links so they don't pull up anything. CIRT.DK WebRoot is a Webserver auditing tools, that tries each and every combination (incremental)or a list of words from a file, against the Webserver. In short: A Brute Forcing tool to discover hidden directories, files or parameters in the URL of a webserver. Version descriptions Version 1.0 I'm back from scratch, this time I'm going to make it a bit better, but have patience. For now results are only written to screen. Version 1.1 We now have support for saving the scanning into an HTML file Decide how many lines of output from the server goes into the report. Version 1.2 More information added into the report start Now WebRoot also supports scanning of a HTTPS connection. The response in the report now shows the HTML Version 1.3 Fixed a bug in the -diff and -match options. Version 1.4 Added possibility to use -txt if you want the report in pure text Added recursive scanning, so if you use -recursive, it will bruteforce deeper to search for more. Added more information to the update function on what the new version are including. Version 1.5 Added possibility to add referer to the hostheader, use eg. -referer http://127.0.0.1/whatever/qwe.asp Added raw logging, pure text and only the word that got the hit, use -rawlog Changed name of the text log -txt replaced with -txtlog Added a "GUI" to the scanning. Added False Positive Check to the scan to ensure the right result, and be disabled with -override Added -debuglines for deciding how many lines of output to have in debug mode Added -debug for scanning in debug mode to also see what is being sent and recieved. Added -debugdelay for making a delay between each debug request Added -Verbose scanning to see findings on screen as they are spotted. Version 1.6 Fixed the issue if you do not choose -diff or -match it will by default be -diff Instead of only being able to delay for seconds, now possible to delay for microseconds 1 second = 100 microseconds (Time::HiRes) Fixed an error for recursive scan where we remote space and if there are errors in URL "/", "/ /", " /" or "/ " Added the possibility to resume previous scans "-resume WebRoot-xxx-xxx.resume" Version 1.7 Added functionality so that the scan will not stop if server responds slow Added timestamp to when a server does not respond or is dead, so it is possible to see when Added the possibility to use "-noupdate" to avoid WebRoot checking for a new version at www.cirt.dk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 3 minor vulnerabilities in IPSwitch products
The following 3 minor vulnerabilities were found in the products Whatsup Gold 8.04 and WhatsUp Small Business 2004 Ipswitch Whatsup Gold 8.04 - Access to view source code of all files(CIRT-34-advisory) Ipswitch Whatsup Gold 8.04 - Cross Site Scripting (CIRT-35-advisory) Ipswitch Whatsup small Business 2004 - Source code disclosure (CIRT-36-advisory) Read the full advisories at http://www.cirt.dk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CIRT.DK - Advisory 37] TAC Vista Webstation 3.0 Directory Traversal bug in webinterface
TAC Vista is based on open technologies, TAC VistaR is one of the most advanced software solutions for building automation. TAC Vista efficiently and economically controls, checks and analyzes all building operations, allowing system operators to control and monitor entire systems on site or from remote locations. The Web application is running on a Microsoft IIS 5.0 Server in this case. The problem is occurring in the input field of where the Template is called, resulting in the possibility to traverse into other parts of the system. Read the full Advisory at http://www.cirt.dk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CIRT.DK - Advisory] Windows XP SP2 Local TFTP HEAP based Overflow
[Description] The Windows XP tftp.exe software is vulnerable to a local Heap Based overflow, allowing to run arbitrary commands on the system as the user issuing the overflow. [Complete advisory] CIRT.DK Advisory 38 can be read at http://www.cirt.dk/ Regards CIRT.DK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
