The vulnerability of the NameSurfer IP address management server allows a malicious actor to inject malicious code that interacts with the web server.

The vulnerability of the Nixu NameSurfer software lies in errors in the program’s code. Exploiting this vulnerability allows a malicious individual to inject malicious code into the web page displayed by the web system. This malicious code will be executed on the user’s computer when the user ope...

The vulnerability of the NameSurfer IP address management server allows a malicious actor to perform unauthorized privilege escalation within the system.

The vulnerability of the Nixu NameSurfer software lies in errors in the program’s code. Exploiting this vulnerability allows a malicious individual to unauthorizedly elevate privileges within the system by writing a path to their file into the $PATH variable, and having that application executed...

The vulnerability of the NameSurfer IP address management server allows attackers to gain access to files on the server with user namesurf privileges.

The vulnerability of the Nixu NameSurfer software lies in errors in the program’s code. Exploiting this vulnerability allows a malicious individual to gain access to files on the server with user privileges of namesurf...

The vulnerability of the NameSurfer IP address management server allows a malicious actor to gain unauthorized access to confidential information of the target system.

The vulnerability of the Nixu NameSurfer software lies in errors that occur when working with SOAP interfaces. Exploiting this vulnerability allows a malicious individual to gain access to confidential information of the target system...

Nixu NameSurfer多个安全漏洞

CVE ID:CVE-2014-0060、CVE-2014-0061、CVE-2014-0062、CVE-2014-0063、CVE-2014-0064、CVE-2014-0065、CVE-2014-0066 Nixu NameSurfer是一个实现集中地址管理覆盖的IPAM软件应用解决方案。 Nixu NameSurfer存在多个安全漏洞： 1，部分输入在使用之前缺少过滤，允许攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。 2，解析XML实体时存在错误，允许攻击者利用特制的包含外部实体引用的XML文档来获取本地资源数据或消耗服务器资源。...

PT-2014-04: Single Sign-On Vulnerability in Nixu Namesurfer

The specialists of the Positive Research center have detected a Single Sign-On vulnerability in Nixu Namesurfer. All services used by the Nixu Namesurfer software PostgreSQL, Apache use the same user account to operate. Therefore, a weakness in one of the services will affect all of them. For...

PT-2014-03: Arbitrary Files Reading in Nixu Namesurfer

The specialists of the Positive Research center have detected an Arbitrary Files Reading vulnerability in Nixu Namesurfer. An attacker can read any file on the server with the rights of the namesurf user. How to fix Update your sofware up to the latest version Advisory status 16.01.2014 - Vendor...

PT-2014-02: XML External Entities Resolution vulnerability in Nixu Namesurfer

The specialists of the Positive Research center have detected an XML External Entities Resolution vulnerability in Nixu Namesurfer. The vulnerability allows an attacker to inject a malicious code into a page generated by the web-based system. This code will be executed on the victim’s computer wh...

PT-2014-05: Privilege Gaining in Nixu Namesurfer

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Nixu Namesurfer. An attacker could assign the $PATH variable with the path to his/her malicious file. An application with the suid bit will execute it. Thus the attacker will receive the highest...