21 matches found
EUVD-2005-0812
Malware in sbrugna...
EUVD-2005-0810
Malware in sbrugna...
EUVD-2005-0811
Malware in sbrugna...
EUVD-2005-0813
Malware in sbrugna...
CVE-2005-0810
SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL...
CVE-2005-0812
The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information...
CVE-2005-0809
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme fixed byte reordering to protect the key, which allows remote attackers to obtain the key via a brute force attack...
CVE-2005-0811
The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs...
CVE-2005-0811
The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs...
CVE-2005-0811
CVE-2005-0811 concerns the NotifyLink 3.0 web interface, where authenticated users can bypass GUI-enabled access restrictions by issuing direct requests to restricted URLs. The underlying issue is ineffective server-side access control for features that are disabled in the user interface, enablin...
CVE-2005-0809
CVE-2005-0809 affects NotifyLink server: when client key retrieval is enabled, an unauthenticated HTTP POST to /hwp/get.asp can disclose AES keys. The server uses a fixed byte reordering scheme to obfuscate the key, substantially weakening cryptographic protection and enabling brute-force recover...
CVE-2005-0812
The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information...
CVE-2005-0810
CVE-2005-0810: NotifyLink contains SQL injection vulnerabilities affecting NotifyLink Server (pre-3.0). Unauthenticated remote attackers can append SQL via various URLs to view/modify the NotifyLink SQL database; impact includes unauthorized user creation, password changes, and data exposure. The...
CVE-2005-0812
The CVE-2005-0812 issue affects NotifyLink 3.0 where the web interface displays user passwords in cleartext on the administrative page. root cause: passwords are stored and exposed via the admin UI, enabling an attacker with web/admin access or local access to obtain credentials. Impact per sourc...
CVE-2005-0809
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme fixed byte reordering to protect the key, which allows remote attackers to obtain the key via a brute force attack...
CVE-2005-0810
SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL...
[SA14617] NotifyLink Enterprise Server Multiple Vulnerabilities
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: NotifyLink Enterprise Server Multiple Vulnerabilities...
NotifyLink contains multiple SQL injection vulnerabilities
Overview There are multiple vulnerabilities in NotifyLink that allow unauthenticated remote users to view or modify the contents of the NotifyLink SQL database. Possible modifications include the addition of unauthorized user and administrator accounts. Description Notify Technology NotifyLink...
NotifyLink web client fails to adequately restrict access to administrative functions
Overview The NotifyLink web interface contains a vulnerability that allows authenticated normal users to access functions that have been disabled by an administrator. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...
NotifyLink server provides inadequate protection for cryptographic key material
Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...