OpenText FirstClass Client 11.005 - Code Execution

Exploit Title: OpenText FirstClass Client Delayed Code Executiion Date: Discovered 11/16/2010, Contacted OpenText 2/1/11 and 2/7/11, Released 4/11/2011 Author: Kyle Ossinger www.k0ss.net Email: [email protected] Software Link:...

OpenText First Class Client 11.005 Code Execution

Exploit Title: OpenText FirstClass Client Delayed Code Executiion Date: Discovered 11/16/2010, Contacted OpenText 2/1/11 and 2/7/11, Released 4/11/2011 Author: Kyle Ossinger www.k0ss.net Email: [email protected] Software Link:...

CVE-2007-2976

Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null "%00" character, which allows remote attackers to conduct cross-site scripting XSS attacks. NOTE: the provenance of this information is unknown; the details are obtain...

CVE-2007-2976

Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null "%00" character, which allows remote attackers to conduct cross-site scripting XSS attacks. NOTE: the provenance of this information is unknown; the details are obtain...

Cross site scripting

Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null "%00" character, which allows remote attackers to conduct cross-site scripting XSS attacks. NOTE: the provenance of this information is unknown; the details are obtain...

CVE-2007-2976

CVE-2007-2976 affects Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier. The root cause is improper handling of a URL containing a null character (%00), which enables remote cross-site scripting (XSS). The description in the provided documents does not includ...

CVE-2007-2976

Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null "%00" character, which allows remote attackers to conduct cross-site scripting XSS attacks. NOTE: the provenance of this information is unknown; the details are obtain...

FirstClass Desktop 7.1 (latest) Buffer Overflow Exploit

No description provided by source. / ++++++++++++++++++++++++++++++++++++++++++++++++++++ FirstClass Desktop 7.1 latest buffer overflow exploit Discovered and coded by I2S-LaB. URL : http://www.I2S-LaB.com contact : contactatI2S-LaB.com ++++++++++++++++++++++++++++++++++++++++++++++++++++ Compile...

CVE-2004-2496

The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service service availability loss via a large number of POST requests to /Search...

CVE-2004-2496

OpenText FirstClass HTTP daemon (OpenText FirstClass 7.1 and 8.0) is vulnerable to a denial-of-service via a flood of POST requests to /Search. Root cause is an excessively resource-intensive handling of /Search POSTs, which can exhaust service availability. Impact is denial of service to the HTT...

CVE-2003-1173

Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory...

CVE-2003-1173

CVE-2003-1173 affects Centrinity FirstClass 7.1. The vulnerability allows a remote attacker to access sensitive information by manipulating the URL: append a search, check all search option checkboxes, and leave the text field blank, which returns all files in the targeted directory. The provided...

CVE-2005-1045

OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark...

CVE-2005-1045

OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark...

CVE-2005-1045

OpenText FirstClass 8.0 client is affected by CVE-2005-1045 due to improper sanitization of strings before passing them to the Windows ShellExecute API. This allows a remote attacker to execute arbitrary commands via a UNC path in a bookmark. The vulnerability is network‑based with no authenticat...

OpenText FirstClass client code execution

Internet Bokkmark can point to UNC resource...

OpenText FirstClass 8.0 Client Arbitrary File Execution

Product: OpenText FirstClass 8.0 Client Homepage: http://www.firstclass.com Platform: Microsoft Windows Description: Insufficient validation of user input allows arbitrary file execution FirstClass bookmark files allow the user to organise their web address's using the familiar FirstClass desktop...

CVE-2004-2496

The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service service availability loss via a large number of POST requests to /Search...

Fwd: OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS Vulnerability

From: dila [email protected] Date: Wed, 15 Dec 2004 02:27:40 +0000 Subject: OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS Vulnerability To: [email protected], [email protected] 13.12.04 OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS Vulnerability The...

OpenText FirstClass 8.0 - HTTP Daemon /Search Remote Denial of Service

/ http://secunia.com/advisories/13415 written by dila released on 11.12.04 compile with ms vc++ remember to link with winsock / define WIN32LEANANDMEAN include "windows.h" define IDDMAIN 101 define IDIMAIN 103 define IDCSERV 1000 define IDCSOCKS 1002 define IDHALT 1004 // Next default values for...