| OSVDB ID | Disclosure Date | Title |
|---|
|
19878
Description:
A remote overflow exists in multiple HAURI anti-virus products. The issue is due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ archive resulting in a stack-based buffer overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity. This requires that compressed file scanning is enabled.
|
2005-10-06
|
HAURI Anti-Virus ALZ Archive Filename Overflow
|
|
18812
Description:
Multiple HAURI Anti-Virus products contain a flaw that allows a remote attacker to overwrite arbitrary files. The issue is due to unsafe extraction of compressed archives into a temporary directory before scanning which can be used to write files into arbitrary directories when scanning, specifically a malicious archive containing files that have "../../" directory sequences in their filenames, resulting a loss of integrity.
|
2005-08-19
|
HAURI Anti-Virus Compressed Archive Extraction Traversal Arbitrary File Write
|
|
44066
Description:
Unknown / Incomplete
|
2005-08-23
|
HAURI Anti-Virus Multiple Unspecified Local Overflows
|
|
44067
Description:
Unknown / Incomplete
|
2005-08-23
|
HAURI Anti-Virus virobot Local Overflow
|
|
18940
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.
|
2005-08-24
|
HAURI Anti-Virus vrAZace.dll ACE Archive Handling Overflow
|
|
18485
Description:
Unknown / Incomplete
|
2005-07-26
|
HAURI LiveCall ActiveX Crafted liveup.haz Arbitrary File Download
|
|
57992
Description:
(Description Provided by CVE) : Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. NOTE: some of these details are obtained from third party information.
|
2009-09-03
|
HAURI ViRobot Desktop Unspecified Overflow
|
|
50750
Description:
(Description Provided by CVE) : HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
|
2008-12-09
|
HAURI ViRobot HTML Document MZ Header Multiple Filename Modification Malware Detection Bypass
|
|
17320
Description:
A remote overflow exists in ViRobot Linux Server. ViRobot Linux Server fails to perform proper bounds checks in the setuid cgi-bin file 'addschup' when processing the received cookie resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution via inserting commands into the root users crontab file resulting in a loss of integrity.
|
2005-06-15
|
HAURI ViRobot Linux Server addschup Cookie Field Remote Overflow
|
|
18919
Description:
(Description Provided by CVE) : Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).
|
2005-03-14
|
HAURI ViRobot Linux Server addschup ViRobot_ID Variable Overflow
|
|
23401
Description:
(Description Provided by CVE) : filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value.
|
2006-02-22
|
HAURI ViRobot Linux Server filescan Authentication Bypass
|
|
2458
Description:
Unknown / Incomplete
|
2003-08-21
|
HAURI ViRobot Linux Server Multiple CGI Local Overflow
|
|
45125
Description:
Unknown / Incomplete
|
2004-08-17
|
HAVAL-128 Algorithm Hash Function Collision Cryptanalysis Weakness
|
|
80770
Description:
Havalite CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error in data/havalite.db3 occurs, which will disclose database information to a remote attacker.
|
2012-03-30
|
Havalite CMS data/havalite.db3 CONFIG Database Information Disclosure
|
|
87743
Description:
Havalite CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'username' parameter upon submission edit article module. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-04-23
|
Havalite CMS Edit Article Module username Parameter XSS
|
|
81325
Description:
Havalite CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'linkId' parameter upon submission to the hava_link.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-04-23
|
Havalite CMS hava_link.php linkId Parameter XSS
|
|
87742
Description:
Havalite CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'postId' parameter upon submission to the hava_post.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-04-23
|
Havalite CMS hava_post.php Multiple Parameter XSS
|
|
80769
Description:
Havalite CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the hava_post.php script not properly sanitizing user-supplied input to the 'postId' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2012-03-30
|
Havalite CMS hava_post.php postId Parameter SQL Injection
|
|
80768
Description:
Havalite CMS contains a flaw related to the hava_upload.php script. The issue may allow an attack to upload arbitrary files.
|
2012-03-30
|
Havalite CMS hava_upload.php Arbitrary File Upload
|
|
81324
Description:
Havalite CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'userId' parameter upon submission to the hava_user.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-04-23
|
Havalite CMS hava_user.php userId Parameter XSS
|
|
87741
Description:
Havalite CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'input' or 'output' fields upon submission to the havalite/findReplace.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-04-23
|
Havalite CMS havalite/findReplace.php Multiple Field XSS
|
|
87740
Description:
Havalite CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'username' parameter upon submission to the havalite/hava_login.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-04-23
|
Havalite CMS havalite/hava_login.php username Parameter XSS
|
|
89028
Description:
Havalite CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'comment' parameter upon submission to the index.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2013-01-06
|
Havalite CMS index.php comment Parameter XSS
|
|
81323
Description:
Havalite CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'profile name' field when an administrator views it in the user list area. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-04-23
|
Havalite CMS User List Profile Name Field XSS
|
|
69147
Description:
HAVP contains a flaw related to the whitelist configuration file. The issue is triggered when a remote attacker delivers their malware via a domain ending in 'sourceforge.net'. This may allow an attacker to bypass security.
|
2010-09-09
|
HAVP Default Whitelist Entry File Detection Bypass
|
|
11223
Description:
ADSL Modem Router HAR11A and 4-port ADSL Modem Router HAR14A contain a flaw that may allow an attacker to obtain access to the router's administrative interface. The issue is triggered when the attacker uses telnet to connect to port 23, 254, or 255. The flaw allows unauthorized access to the router's management interface resulting in a loss of confidentiality.
|
2004-10-26
|
Hawking HAR11A and HAR14A Router Unauthenticated Administrative Access
|
|
45451
Description:
(Description Provided by CVE) : Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
|
2006-10-31
|
Hawking Technology WR254-CA Wireless Router Hardcoded DNS Server IP Weakness
|
|
89875
Description:
By default, HawkingTech HW2R1 installs with default user credentials (username/password combination). The 'admin' account has a password of '1234', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.
|
2010-01-15
|
HawkingTech HW2R1 Default Admin Credentials
|
|
93411
Description:
HawtJNI contains a flaw as native libraries create temporary files insecurely when bundling native libraries into a JAR file without a custom library path specified. It is possible for a local attacker to use a symlink attack against this file to cause the program to unexpectedly overwrite an arbitrary file.
|
2013-05-13
|
HawtJNI Native Libraries Preditable Temporary File Name Bundling Symlink Arbitrary File Overwrite
|
|
53211
Description:
Unknown / Incomplete
|
2008-06-02
|
Haxial KDX Encryption Algorithm Cryptanalysis Compromise
|
