Vulnerability Research

The security related vulnerabilities listed below, were discovered by myself within my sparetime and are not related to my job or the company I'm currently working for, if not otherwise stated.

The advisory release process is based on the RFP-Policy.

For more details about each advisory, please have a look at my blog.

 


 

26. Aug. 2015

Octogate UTM Admin Interface Directory Traversal.

Bugtraq:

N/A

07. Aug. 2013

Trustport Webfilter Remote File Access Vulnerability

Bugtraq:

N/A

30.Jul.2012

Dr. Web Admin UI Remote Script Code Injection

Bugtraq:

N/A

25.Aug.2010

GFI WebMonitor Admin UI Remote Script Code Injection

Bugtraq:

42700

15.Aug.2008

Multiple Vulnerabilities within MailScan Admin Interface

Bugtraq:

30700

19.Jan.2008

BitDefender Update Server - Remote File Access Vulnerability
Heise News: Bitdefenders Update-Server lässt sich in die Karten schauen

Bugtraq:

27358

19.Dec.2007

Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability

Bugtraq:

26806

23.July.2007

Sidewinder SecurityReporter - Authentication Bypass and Directory Traversal

Bugtraq:

25027

16.Jan.2007

Oracle Application Server 10g - Directory Traversal

Bugtraq:

22027

07.Dec.2006

2X ThinClientServer Create Admin Account Replay Vulnerability

Bugtraq:

21300

27.Nov.2006

JBOSS Java Class Directory Traversal Vulnerability

Bugtraq:

21219

03.Okt.2006

CA Unicenter WSDM File System Read Access Vulnerability

Bugtraq:

19660

29.Aug.2006

SAP-DB/MaxDB WebDBM remote buffer overflow vulnerabilities

Bugtraq:

19660

13.Jan.2006

Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities

Bugtraq:

N/A

10.Aug.2005

Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness

Bugtraq:

14665

24.May.2005

Blue Coat Reporting Server 7.1.1.1 - Multiple Remote Vulnerabilities

Bugtraq:

NA

14.Apr.2005

RSA Authentication Agent for Web - IISWebAgentIF.dll - Cross Site Scripting Vulnerability

Bugtraq:

13168

13.Jan.2005

WebWasher CSM Conf Script Cross-Site Scripting Vulnerability

Bugtraq:

13037

10.Mar.2005

SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities

Bugtraq:

12984

10.Mar.2005

Apache Jakarta Tomcat 4 - Denial Of Service - Simple PoC Exploit

Bugtraq:

8824

13.Jan.2005

WebWasher Classic HTTP CONNECT Unauthorized Access Weakness

Bugtraq:

12394

03.Jan.2005

Apache Jakarta Tomcat 5.5.6 Cross Site Scripting Vulnerabilities

Bugtraq:

N/A

17.May.2004

ActiveState ActivePerl System() Buffer Overflow /Multiple Perl Implementation System Function Call Buffer Overflow Vulnerability

Bugtraq:

10375

26.Jul.2004

IBM Directory Server Directory Traversal

Bugtraq:

10841

14.Jan.2004

Symantec Web Security - Block Page Message Cross-Site Scripting Vulnerability
Symantec Response: www.symantec.com
Heise News: www.heise.de

Bugtraq:

9418

01.Jun.2004

Sambar Proxy Multible Vulnerabilities

Bugtraq:

10444

14.May.2004

MailEnable HTTPMail Remote Authorization Header Overflow

Bugtraq:

NA