[CLOSE] OSVDB ID : 17129 - Disclosed: 2005-06-06

Description:

602LAN SUITE contains a flaw that may allow remote manipulation of log data. The issue is triggered when a remote user submits an HTTP GET request for the string "</pre><!--". From that point, subsequent log entries will not be displayed when the administrator views the log file until the string " --><pre>" is encountered. This log manipulation can be used by a remote attacker to obfuscate records of other attack attempts, and will result in loss of log integrity for the service. Administrators can still see the log entries by viewing the HTML source of the logs.

[CLOSE] OSVDB ID : 16069 - Disclosed: 2005-04-29

Description:

602LAN Suite contains a flaw that allows a remote attacker to enumerate arbitrary files outside of the web path. The issue is due to the mail script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the A variable, leading to loss of confidentiality. In addition, these requests could be scripted with the goal of consuming the server's resources, leading to a loss of availability.

[CLOSE] OSVDB ID : 16068 - Disclosed: 2005-04-29

Description:

602Lan Suite 2004 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'A' variable upon submission to the mail script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17709 - Disclosed: 2004-07-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 11529 - Disclosed: 2004-11-06

Description:

(Description Provided by CVE) : The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop.

[CLOSE] OSVDB ID : 17708 - Disclosed: 2004-04-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 11528 - Disclosed: 2004-11-06

Description:

(Description Provided by CVE) : The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data.

[CLOSE] OSVDB ID : 13590 - Disclosed: 2005-02-07

Description:

602LAN Suite contains a flaw that allows a remote attacker to upload files to arbitrary directories outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'filename' variable when attaching a file to an email. Files uploaded to the cgi-bin directory can be executed remotely by an authenticated user via a URL and will run at the privileges of the web server.

[CLOSE] OSVDB ID : 2620 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10281 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10280 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10279 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10278 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60106 - Disclosed: 2002-08-03

Description:

(Description Provided by CVE) : The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections.

[CLOSE] OSVDB ID : 10282 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2621 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 37232 - Disclosed: 2007-06-12

Description:

(Description Provided by CVE) : Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 59905 - Disclosed: 2002-10-18

Description:

(Description Provided by CVE) : 602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.

[CLOSE] OSVDB ID : 11542 - Disclosed: 2001-03-26

Description:

(Description Provided by CVE) : Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.

[CLOSE] OSVDB ID : 85838 - Disclosed: 2001-04-05

Description:

602Pro LAN SUITE is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an overflow. With a specially crafted HTTP Proxy-Authorization Header, a remote attacker can potentially cause a denial of service.

[CLOSE] OSVDB ID : 11541 - Disclosed: 2001-03-26

Description:

LAN SUITE 602Pro contains a flaw that may allow a malicious user to cause a denial of service. The issue is triggered when a user issues a GET request containg an MS-DOS device name. It is possible that the flaw may allow remote users to crash the service, resulting in a loss of availability.

[CLOSE] OSVDB ID : 6932 - Disclosed: 2004-02-28

Description:

602Pro LAN SUITE Web Mail contains a flaw related to the ability to view files in a directory. The issue is triggered when a remote attacker sends an HTTP request to 'cgi-bin/', 'index.html', or 'users/'. This may allow an attacker to obtain a directory listing.

[CLOSE] OSVDB ID : 6933 - Disclosed: 2004-02-28

Description:

602Pro LAN SUITE Web Mail contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate user-supplied input to the 'index.html' URL. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 4107 - Disclosed: 2004-02-28

Description:

LAN SUITE Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker views a hidden parameter within the 'login' form occurs, which will disclose the installation path to a remote attacker.

[CLOSE] OSVDB ID : 1657 - Disclosed: 2000-11-22

Description:

(Description Provided by CVE) : Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

[CLOSE] OSVDB ID : 63896 - Disclosed: 2010-04-19

Description:

60cycleCMS contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as change the administrative password. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 75734 - Disclosed: 2011-01-31

Description:

(Description Provided by CVE) : 60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and certain other files.

[CLOSE] OSVDB ID : 64734 - Disclosed: 2010-04-13

Description:

60cycleCMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'news.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 64259 - Disclosed: 2010-04-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64736 - Disclosed: 2010-04-13

Description:

60cycleCMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'sqlConnect.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.