I’ve discovered some XSS vulnerabilities in NetFlow Analyzer 7.
Link to Secunia SA.
Archives for posts tagged ‘Vulnerability’
NetFlow Analyzer 7 Cross-Site Scripting Vulnerabilities
Thursday, 16 July 2009
PSCS VPOP3 Email Server Cross-Site Scripting Vulnerabilities
Wednesday, 25 March 2009
I’ve discovered new XSS vulnerabilities in PSCS VPOP3 Enterprise Email server, exactly on Web Mail interface. Vulnerability version is 2.6.0j. Vendor is informed but isn’t published fix for this vulnerabilities yet, so for solution use a proxy or IPS to filter malicious characters.
Secunia confirmed and published this vulnerability.
Pwn2Own 2009
Sunday, 22 March 2009
This years Pwn2Own uncover 4 new never seen before critical vulnerabilities affecting the IE8, Safari and FireFox.
More about this contest you can read at DVLabs Blog.
ESET Remote Administrator Script Insertion Vulnerability
Thursday, 5 February 2009
Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report.
Secunia confirmed [...]
PSCS VPOP3 Email Server Script Insertion Vulnerability
Monday, 2 February 2009
I found vulnerability in VPOP3 Email server which allows script insertion.
Vulnerability is discovered in the version 2.6.0h. Although the vendor release the patch (implemented some filters), vulnerability still exists in the new version 2.6.0i. Patch don’t completely fix the vulnerability.
Secunia confirmed vulnerability.
Merak Mail Server Web Mail HTML Tag Script Insertion
Monday, 22 December 2008
After MDaemon vulnerability, I decide to test Merak Mail Server … And the result is vulnerability alike MDaemon, but more difficulty.
Secunia reported this vulnerability and estimate as moderately critical. For me this vulnerability especially in WebMail Pro interface is highly critical.
Here is CVE ID: 2008-5734. Also at National Vulnerability Database (NVD).
MDaemon WorldClient HTML Tag Script Insertion Vulnerability
Wednesday, 10 December 2008
After my friend Dejan Levaja find the vulnerability in MDaemon, here is the new vulnerability that I found in MDaemon
More about this you can find at Secunia.
MDaemon Server WorldClient Script Insertion Vulnerabilities
Thursday, 20 November 2008
My friend from Network Security Solutions, Dejan Levaja, has discovered vulnerabilities in MDaemon Server WorldClient, which can be exploited by malicious people to conduct script insertion attacks.
Details at Secunia.
