NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q2

[sec-adv] Sphera HostingDirector Multiple Vulnerabilities

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Jun 17 2003 - 04:15:30 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Sphera HostingDirector Multiple Vulnerabilities

READ ONLINE:
http://www.secunia.com/advisories/9049/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Sphera HostingDirector 2.x
Sphera HostingDirector 1.x
Sphera HostingDirector 3.x

DESCRIPTION:
It has been reported that Sphera HostingDirector is vulnerable to
multiple issues possibly allowing users to gain system access.

It is possible to conduct Cross Site Scripting due to a lack of input
validation of parameters in multiple scripts.

Authentication information may be exposed due to the use of HTTP and
weak DES16 encryption.

Certain scripts do not validate input used when executing external
programs. This allows execution of arbitrary commands.

Buffer overruns has also been reported to exist but no details has
been released about this.

The vulnerabilities have been reported to affect version 1.x, 2.x,
and 3.x.

SOLUTION:
Disallow access to the system, until an update is available.

We recommend that you do not use this software, until these issues
have been fixed. The nature of the software and the vulnerabilities
makes it extremely difficult to protect with alternative measures.

REPORTED BY / CREDITS:
Lorenzo Manuel Hernandez Garcia-Hierro

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]