.:[ packet storm ]:.
                           
four continents, one idea
four continents, one idea

 Section:  .. / advisories / allaire  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 31
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: asb00-01.spectrawebtop
Description:
 Allaire Security Bulletin (ASB00-01) - The Allaire Spectra 1.0 Webtop allows authenticated users to access sections of the Webtop they may not have been granted access to by typing explicit URLs. This exploit does not give anyone access to the Webtop who does not already have permissions to at least one section of the Webtop.
Homepage:http://www.allaire.com/security
File Size:5343
Last Modified:Jul 2 01:38:35 2000
MD5 Checksum:fb2f039affb384c48bc2d1a8e9b964e2

 ///  File Name: asb00-02.spectrados
Description:
 Allaire Security Bulletin (ASB00-02) - When installing Allaire Spectra 1.0, a web-based Configuration Wizard is used to finalize a number of configuration settings, including a step which indexes data collections on the server. This step of the Configuration Wizard can be accessed via URL and the collections can be resubmitted for indexing. This could be used in a denial of service attack on an Allaire Spectra server.
Homepage:http://www.allaire.com/security
File Size:4518
Last Modified:Jul 2 01:36:57 2000
MD5 Checksum:b301a471c650bc6cb84cd31459e26055

 ///  File Name: asb00-03.cfcache
Description:
 Allaire Security Bulletin (ASB00-03) - Patch Available For Potential Information Exposure by the CFCACHE Tag. The CFCACHE tag is a feature available in ColdFusion 4.x to perform template caching to increase page delivery performance by intelligently compiling and storing the output of CFML pages for faster access. When this tag is utilized in a .CFM page it creates several temporary files, including one that contains absolute filenames with directory path information, URL parameters and timestamps. In ColdFusion 4.0x, these files are stored in the same directory as the .CFM page, usually in a publicly accessible web document directory.
Homepage:http://www.allaire.com/security
File Size:8015
Last Modified:Jul 2 01:35:38 2000
MD5 Checksum:db11e35811a8db95e915bfbd5d9a53ff

 ///  File Name: asb00-04.spectraauth
Description:
 Allaire Security Bulletin (ASB00-04) - There is a security issue with the Spectra 1.0 Remote Access Service invoke.cfm template. Normally users must be authenticated in the webtop security context in order to even attempt to use the Remote Access Service. However, if the user passes a parameter called "bAuthenticated" via the URL, a form field, or a WDDX packet, and the user does not specify a username, a bug allows them to use the Remote Access Service even if they are not in the webtop user directory.
Homepage:http://www.allaire.com/security
File Size:7234
Last Modified:Jul 2 01:40:05 2000
MD5 Checksum:51ea1428a3787f7ea58db829256c3d14

 ///  File Name: asb00-05.cross.site.scripting
Description:
 Allaire Security Bulletin (ASB00-05) - A new type of security attack called "cross-site scripting" has surfaced which is based on common website design flaws and data manipulation that web browsers use when communicating with web servers. While the problem is not a vendor-specific issue, it does affect many web servers and virtually all web browsers currently in use. The problem lies with the design and coding techniques of web sites that serve dynamically generated HTML pages rather than the software the websites themselves run on.
Homepage:http://www.allaire.com/security
File Size:19385
Last Modified:Jul 2 01:42:16 2000
MD5 Checksum:bcc7a83a8dc1242efc0a3a693d749170

 ///  File Name: asb00-06.forums
Description:
 Allaire Security Bulletin (ASB00-06) - Allaire has recently been notified of a security issue in the Allaire Forums 2.0.5 software. This behavior allows users to view and post to secure discussion threads via unsecured conferences and/or through email. This issue affects multiple templates in the Forums software. Updated versions of the affected templates are available from the following link: Download - Allaire Forums 2.0.5 Security Patch.
Homepage:http://www.allaire.com/security
File Size:6400
Last Modified:Jul 2 01:44:38 2000
MD5 Checksum:ade5ff08b372e1c1e6fb121a559ddeb9

 ///  File Name: asb00-07.hithighlight
Description:
 Allaire Security Bulletin (ASB00-07) - Microsoft has announced a vulnerability for Microsoft IIS which exposes the ability to use a malformed URL to read the source code of ASP, CFML, Perl and other files that are on a server. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.
Homepage:http://www.allaire.com/security
File Size:4760
Last Modified:Jul 2 01:46:13 2000
MD5 Checksum:ff8f49f8316ff6560f047c56fabef015

 ///  File Name: asb00-08.iis.escaped
Description:
 Allaire Security Bulletin (ASB00-08) - Microsoft has announced a Microsoft has released a patch for a security vulnerability in Microsoft(r) Internet Information Server. The vulnerability could allow a malicious user to slow a web server's response or prevent it from providing service altogether for a period of time. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.
Homepage:http://www.allaire.com/security
File Size:4985
Last Modified:Jul 2 01:50:46 2000
MD5 Checksum:e01a1fb4c6360ab15acd88334ccf22d3

 ///  File Name: asb00-09.iis.linkview
Description:
 Allaire Security Bulletin (ASB00-09) - Microsoft has released a procedure to eliminate a security vulnerability that could allow a malicious user to cause a web server to crash, or potentially run arbitrary code on the server, if certain permissions have been changed from their default settings to inappropriate ones. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.
Homepage:http://www.allaire.com/security
File Size:5229
Last Modified:Jul 2 01:49:24 2000
MD5 Checksum:7c7ebab5aa6415205df2158a47166718

 ///  File Name: asb00-10.spectra.preview
Description:
 Allaire Security Bulletin (ASB00-10) - The Spectra Container Editor Preview does not properly enforce object security. Allaire has released a patch that addresses this issue.
Homepage:http://www.allaire.com/security
File Size:4901
Last Modified:Jul 2 01:47:53 2000
MD5 Checksum:d68c2c3a601ef9b11f343fd1985abf10

 ///  File Name: asb00-11.iis.imagemap
Description:
 Allaire Security Bulletin (ASB00-11) - A procedure is available to eliminate a security vulnerability affecting several web server products. The vulnerability could potentially allow a malicious web site visitor to perform actions that the system permissions authorize him to perform, but which he previously may have had no means of actually carrying out. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.
Homepage:http://www.allaire.com/security
File Size:5715
Last Modified:Jul 2 01:52:13 2000
MD5 Checksum:64ff08b95cf484851db9a133fc6d98ca

 ///  File Name: asb00-12.querystring
Description:
 Allaire Security Bulletin (ASB00-12) - ClusterCATS Appends Stale Query String to URL Line during HTML Redirection. The vulnerability potentially releases confidential query string information on redirect. Affected software versions include ClusterCATS ColdFusion.
Homepage:http://www.allaire.com/security
File Size:4204
Last Modified:Jul 2 01:31:45 2000
MD5 Checksum:a1ab2891a0e9049c67bc337d3d3a1d2d

 ///  File Name: asb00-13.iis.htr.request
Description:
 Allaire Security Bulletin (ASB00-13) - Microsoft has released a patch for two security vulnerabilities in Microsoft(r) Internet Information Server. The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under very restricted conditions. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.
Homepage:http://www.allaire.com/security
File Size:5783
Last Modified:Jul 2 01:55:45 2000
MD5 Checksum:193258e275f4bf44ef3af0b0281e1d78

 ///  File Name: asb00-14.coldfusion.admin
Description:
 Allaire Security Bulletin (ASB00-14) - Allaire has recently been notified by Foundstone, Inc. (see Revisions section below for contact information) of a denial of service attack against an unprotected installation of the ColdFusion Administrator. This issue only affects ColdFusion Servers that have not followed Allaire's recommendations in the Allaire Security Best Practices article 10954.
Homepage:http://www.allaire.com/security
File Size:4536
Last Modified:Jul 2 01:57:48 2000
MD5 Checksum:ceccb518e5bf04b3975045321d9b1a9f

 ///  File Name: asb00-15.jrun.samplecode
Description:
 Allaire Security Bulletin (ASB00-15) - JRun 2.3.x includes a number of example applications and sample code that expose security issues. JRun 3.0 addresses the viewsource.jsp issue. Allaire strongly recommends that customers follow the best practice of not installing sample code and documentation on production servers, and removing the sample code and documentation files from production servers and restricting access to those directories where they are installed on workstations.
Homepage:http://www.allaire.com/security
File Size:6305
Last Modified:Jul 2 01:59:12 2000
MD5 Checksum:e94d56741d8066033490a1a8293fb3f2

 ///  File Name: asb00-16.storedperm
Description:
 Allaire Security Bulletin (ASB00-16) - Microsoft has released a patch for a security vulnerability in Microsoft SQL Server 7.0. The vulnerability could allow a malicious user to run a database stored procedure without proper permissions. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.
Homepage:http://www.allaire.com/developer/securityzone/
File Size:4899
Last Modified:Jul 25 18:41:37 2000
MD5 Checksum:370004784395c107509b43fe1a8e7afa

 ///  File Name: asb00-17.dts.password
Description:
 Allaire Security Bulletin (ASB00-17) - Microsoft has released an updated patch that eliminates a security vulnerability in Microsoft(r) SQL Server 7.0. The vulnerability could allow a malicious user to compromise passwords. The updated patch also addresses a related problem with the Enterprise Manager Server registration dialog. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.
Homepage:http://www.allaire.com/developer/securityzone
File Size:5621
Last Modified:Jul 25 18:38:00 2000
MD5 Checksum:da0752a106863377b1af0f4910a1f3d5

 ///  File Name: asb00-20.absentdirectory
Description:
 Allaire Security Bulletin (ASB00-20) - Microsoft has released a patch for two security vulnerabilities in Microsoft Internet Information Server. In sum, the vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.
Homepage:http://www.allaire.com/developer/securityzone/
File Size:6598
Last Modified:Aug 9 01:11:51 2000
MD5 Checksum:ec6ac93f06e23862db17da106688fd4c

 ///  File Name: asb00-21.webfind.exe
Description:
 The Cerberus Security Team has released an advisory about a security issue in the O'Reilly Website Pro web server. The issue could allow a malicious user to execute arbitrary code. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers see O'Reilly's support options for further information about this issue.
Homepage:http://www.allaire.com/developer/securityzone/
File Size:5585
Last Modified:Aug 9 01:14:23 2000
MD5 Checksum:b6ce0bc3861873ddbd9ba4912ab79280

 ///  File Name: asb00-22.httpd32.exe
Description:
 Allaire Security Bulletin (ASB00-22) - The Cerberus Security Team has released an advisory about a security issue in the O'Reilly Website Pro web server. The issue could allow a malicious user to execute arbitrary code. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers see O'Reilly's support options for further information about this issue.
Homepage:http://www.allaire.com/developer/securityzone/
File Size:5587
Last Modified:Aug 9 01:17:55 2000
MD5 Checksum:87341990c65795889707e7e42e307ce5

 ///  File Name: asb99-01.expression_evaluator
Description:
 asb99-01.expression_evaluator
File Size:5905
Last Modified:Sep 23 06:21:48 1999
MD5 Checksum:2d55fad4c8b642e1a06363a081cf70c0

 ///  File Name: asb99-02.coldfusion_example_apps
Description:
 asb99-02.coldfusion_example_apps
File Size:7093
Last Modified:Sep 23 06:21:48 1999
MD5 Checksum:f29d8f02da972142b9bd3b180130e307

 ///  File Name: asb99-03.miis_DATA
Description:
 asb99-03.miis_DATA
File Size:4228
Last Modified:Sep 23 06:21:48 1999
MD5 Checksum:5eaf1d274a4413a0f6641d4632bf9a35

 ///  File Name: asb99-04.mult_sql_statements
Description:
 asb99-04.mult_sql_statements
File Size:7911
Last Modified:Sep 23 06:21:48 1999
MD5 Checksum:efa68e5e37f4f4e4ceb148ce13a5afe4

 ///  File Name: asb99-05.forums_204
Description:
 asb99-05.forums_204
File Size:3728
Last Modified:Sep 23 06:21:48 1999
MD5 Checksum:69221bee36f14c0e90ebeda0aef94378
 

 ///  Last 10 Files
  1. :· phpemlak-sql.txt
  2. :· scip-dreambox.txt
  3. :· logmein-activex.txt
  4. :· najdisi-overflow.txt
  5. :· ipb235-multi.txt
  6. :· hoagie_snoop.c
  7. :· ZDI-08-054.txt
  8. :· MDVSA-2008-181.txt
  9. :· kisgearth-0.01f.tar.bz2
  10. :· firefox301-exec.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· scip-dreambox.txt
  2. :· ZDI-08-054.txt
  3. :· MDVSA-2008-181.txt
  4. :· firefox301-exec.txt
  5. :· SSRT080118.txt
  6. :· USN-638-1.txt
  7. :· SSRT080106.txt
  8. :· PLSA-2008-31.txt
  9. :· MDVSA-2008-180-1.txt
  10. :· kyocera-upload.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· phpemlak-sql.txt
  2. :· logmein-activex.txt
  3. :· najdisi-overflow.txt
  4. :· ipb235-multi.txt
  5. :· hoagie_snoop.c
  6. :· dotproject-sqlxss.txt
  7. :· mercadolibre-xssrfi.txt
  8. :· friendly-exec.txt
  9. :· friendly-fwremotecfg.txt
  10. :· acoustica-overflow.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· kisgearth-0.01f.tar.bz2
  2. :· lynis-1.2.0.tar.gz
  3. :· advchk-2.10.tar.gz
  4. :· fwknop-1.9.7.tar.gz
  5. :· tor.uclibc.i686.20080822.iso
  6. :· tor-0.2.0.30.tar.gz
  7. :· sipwitch-0.3.0.tar.gz
  8. :· DirBuster-0.11-src.tar.bz2
  9. :· collabreate-defcon.tgz
  10. :· Grendel-Scan-v1.0-src.zip
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· OpenSSH-4.4p1-backdoored.tar.gz
  2. :· strongswan-4.2.6.tar.gz
  3. :· freebsd-master.txt
  4. :· nufw-2.2.16.tar.gz
  5. :· linux-cbexec.txt
  6. :· openvas-contest.txt
  7. :· H2HC-CFP-2008.txt
  8. :· freebsd-setexec.txt
  9. :· freebsd-reverse.txt
  10. :· ios-shellcode.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice