EUVD-2010-0187

Malware in sbrugna...

EUVD-2010-0185

Malware in sbrugna...

IBM Proventia Network Mail Security System 2.5 POST File Read

No description provided by source. !/usr/bin/python ''' Author: muts of Offensive Security Product: IBM ISS Proventia Mail Security Version: 2.5 Vendor Site: http://www.ibm.com/us/en/ Product Page: http://www-935.ibm.com/services/us/en/it-services/proventia-network-mail-security-system.html...

IBM Proventia Network Mail Security System 2.5 - POST File Read

IBM Proventia Network Mail Security System 2.5 - POST File Read !/usr/bin/python ''' Author: muts of Offensive Security Product: IBM ISS Proventia Mail Security Version: 2.5 Vendor Site: http://www.ibm.com/us/en/ Product Page:...

CVE-2012-2955

This CVE affects IBM ISS Proventia Mail Security System and Lotus Protector for Mail Security. The vulnerability is cross-site scripting (XSS) in the administrative web interface, where an attacker can inject arbitrary JavaScript/HTML via the HTTP request query string (reflected XSS). This could ...

CVE-2010-0155

CRLF injection vulnerability in load.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the...

CVE-2010-0152

Multiple cross-site scripting XSS vulnerabilities in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via 1 the date1 parameter to pvmmessagestore.php, 2...

Crlf injection

CRLF injection vulnerability in load.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the...

Directory traversal

Directory traversal vulnerability in sla/index.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. dot dot in the l parameter, related to an "Insecur...

CVE-2010-0155

CRLF injection vulnerability in load.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the...

CVE-2010-0152

Multiple cross-site scripting XSS vulnerabilities in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via 1 the date1 parameter to pvmmessagestore.php, 2...

CVE-2010-0155

The CVE-2010-0155 issue affects IBM Proventia Network Mail Security System (PNMSS) with firmware older than 2.5, specifically the Local Management Interface (LMI). A CRLF injection vulnerability exists in load.php that is exploitable by remote authenticated users via the javaVersion parameter, en...

CVE-2010-0152

The CVE-2010-0152 entry corresponds to multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) of the IBM Proventia Network Mail Security System (PNMSS) appliance, affecting firmware prior to 2.5.0.2. The XSS flaws enable injection of arbitrary script/HTML via ...

CVE-2010-0153

Multiple cross-site request forgery CSRF vulnerabilities in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that 1 change settings o...

MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability

Security Advisory: MVSA-10-009 / CVE-2010-0155 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: CRLF Injection Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-009 Description Web-based...

MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities

Security Advisory: MVSA-10-006 / CVE-2010-0153 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Cross-Site Request Forgery XSRF Risk: High Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-006 Descripti...

Proventia Network Mail Security System Insecure Direct Object Reference

Security Advisory: MVSA-10-008 / CVE-2010-0154 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Insecure Direct Object Reference Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-008...

Proventia Network Mail Security System CRLF Injection

Security Advisory: MVSA-10-009 / CVE-2010-0155 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: CRLF Injection Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-009 Description Web-based...

CVE-2009-2543

CVE-2009-2543 (and closely related CVE-2009-1240) describes unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 (20081231) used in multiple IBM Proventia products that allow remote attackers to bypass malware detection by presenting modified archive formats (ZIP/CAB or RAR). The co...