53 matches found
CVE-2004-2684
Technical details about CVE-2004-2684 are not publicly provided in the connected documents. The Initial Description is generic. Monitor for updates from vendors (InterSystems/Red Hat/NVD) for affected products and fixes.
CVE-2003-1333
Unspecified vulnerability in the Cache' Server Page CSP implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server...
CVE-2004-2683
InterSystems Cache 5.0 is affected by a vulnerability in the %XML.Utils.SchemaServer class that could allow an attacker to read arbitrary files on the server. The connected entries confirm the vulnerable component and the impact (arbitrary file access), but do not provide concrete exploitation de...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the sample Cache' Server Page CSP scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via 1 the TO parameter to loop.csp, 2 the VALUE parameter to cookie.csp, and 3 the PAGE parameter to showsource.csp i...
CVE-2007-0437
Multiple cross-site scripting XSS vulnerabilities in the sample Cache' Server Page CSP scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via 1 the TO parameter to loop.csp, 2 the VALUE parameter to cookie.csp, and 3 the PAGE parameter to showsource.csp i...
CVE-2007-0437
CVE-2007-0437 involves multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts of InterSystems Cache. The affected components are CSP samples under csp/samples/: loop.csp (TO parameter), cookie.csp (VALUE), showsource.csp (PAGE); and (4) xmlclasseserror....
CVE-2007-0437
Multiple cross-site scripting XSS vulnerabilities in the sample Cache' Server Page CSP scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via 1 the TO parameter to loop.csp, 2 the VALUE parameter to cookie.csp, and 3 the PAGE parameter to showsource.csp i...
CVE-2004-2684
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including 1 cache.key and 2 cache.dat, related to .csp files under a Dev\studio\templates and b Devuser\studio\templates...
CVE-2004-2683
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server...
intersystems2.txt
Here are more details of my research... http://packetstormsecurity.nl/0307-exploits/intersystems.txt These are more details for the above advisory. Vuln1 Local attackers can exploit this to manipulate directories and binaries inside the installation tree. This may be used by a local malicious use...
[UNIX] Intersystems Cache' Database Two Local Root Vulnerabilities
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
InterSystems Cache 4.1.155.0.x - Insecure Default Permissions
InterSystems Cache 4.1.155.0.x - Insecure Default Permissions source: https://www.securityfocus.com/bid/8070/info It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for an...
InterSystems Cache 4.1.15/5.0.x - Insecure Default Permissions
source: https://www.securityfocus.com/bid/8070/info It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities...