• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Unify eWave ServletExec UploadServlet Unprivileged File Upload

Network Security News – Friday, July 08, 2005 Events

Unify eWave ServletExec UploadServlet Unprivileged File Upload

ServletExec contains a flaw that may allow a remote attacker to arbitrarily upload files. The problem is that the application does not restrict access to the 'com.unify.ewave.servletexec.UploadServlet' servlet. It is possible that the flaw may allow a remote attacker to create a HTML form and upload JSP files to the server and execute arbitrary commands resulting in a loss of integrity.. Read more at osvdb.org/469

Unify eWave ServletExec GET /servlet/ Request DoS

ServletExec contains a flaw that may allow a remote denial of service. The issue is triggered when issuing a specially crafted HTTP GET request containing the '/servlet/' string, which causes the servlet engine to crash resulting in a loss of availability.. Read more at osvdb.org/17769

Access Remote PC Registry Cleartext User Credential Disclosure

Access Remote PC contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to RPC Subscription Service passwords by reading the 'HKEY_LOCAL_MACHINE\Software\Access Remote PC\Server\Proxy\RPCNumber' and 'HKEY_LOCAL_MACHINE\Software\Access Remote PC\Server\Proxy\Password' registry keys, which store that passwords without using encryption.. Read more at osvdb.org/17749

Mark Kronsbein MyGuestbook form.inc.php3 lang Variable Remote File Inclusion

Mark Kronsbein MyGuestbook, contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to "form.inc.php3" not properly sanitizing user input supplied to the "lang" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/17750

Broker FTP LIST Command Traversarl Arbitrary Directory Listing

Broker FTP server contains a flaw that allows a remote attacker to list and retrieve files outside of the FTP root directory. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'LIST' or 'DIR' FTP commands.. Read more at osvdb.org/17755

Broker FTP DELETE Command Traversarl Arbitrary File Deletion

Broker FTP server contains a flaw that allows a remote attacker to delete files outside of the ftp root directory. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the DELETE FTP command.. Read more at osvdb.org/455

Opera URL Redirection XSS

Opera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the content of self generated temporary pages for displaying a redirection when the 'Automatic redirection' option is disabled. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17580

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software