research

Vulnerability Research

The security related vulnerabilities listed below, were discovered by myself within my sparetime and are not related to my job or the company I'm currently working for, if not otherwise stated.

The advisory release process is based on the RFP-Policy.

For more details about each advisory, please have a look at my blog.

15.Aug.2008	Multiple Vulnerabilities within MailScan Admin Interface	Bugtraq:	30700
19.Jan.2008	BitDefender Update Server - Remote File Access Vulnerability Heise News: Bitdefenders Update-Server lässt sich in die Karten schauen	Bugtraq:	27358
19.Dec.2007	Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability	Bugtraq:	26806
23.July.2007	Sidewinder SecurityReporter - Authentication Bypass and Directory Traversal	Bugtraq:	25027
16.Jan.2007	Oracle Application Server 10g - Directory Traversal	Bugtraq:	22027
07.Dec.2006	2X ThinClientServer Create Admin Account Replay Vulnerability	Bugtraq:	21300
27.Nov.2006	JBOSS Java Class Directory Traversal Vulnerability	Bugtraq:	21219
03.Okt.2006	CA Unicenter WSDM File System Read Access Vulnerability	Bugtraq:	19660
29.Aug.2006	SAP-DB/MaxDB WebDBM remote buffer overflow vulnerabilities	Bugtraq:	19660
13.Jan.2006	Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities	Bugtraq:	N/A
10.Aug.2005	Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness	Bugtraq:	14665
24.May.2005	Blue Coat Reporting Server 7.1.1.1 - Multiple Remote Vulnerabilities	Bugtraq:	NA
14.Apr.2005	RSA Authentication Agent for Web - IISWebAgentIF.dll - Cross Site Scripting Vulnerability	Bugtraq:	13168
13.Jan.2005	WebWasher CSM Conf Script Cross-Site Scripting Vulnerability	Bugtraq:	13037
10.Mar.2005	SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities	Bugtraq:	12984
10.Mar.2005	Apache Jakarta Tomcat 4 - Denial Of Service - Simple PoC Exploit	Bugtraq:	8824
13.Jan.2005	WebWasher Classic HTTP CONNECT Unauthorized Access Weakness	Bugtraq:	12394
03.Jan.2005	Apache Jakarta Tomcat 5.5.6 Cross Site Scripting Vulnerabilities	Bugtraq:	N/A
17.May.2004	ActiveState ActivePerl System() Buffer Overflow /Multiple Perl Implementation System Function Call Buffer Overflow Vulnerability	Bugtraq:	10375
02.Dec.2003	IBM Directory Server Web Administration Interface Cross-Site Scripting Vulnerability	Bugtraq:	9140
26.Jul.2004	IBM Directory Server Directory Traversal	Bugtraq:	10841
13.Nov.2003	WebWasher Classic - Proxy Error Message Cross-Site Scripting Vulnerability	Bugtraq:	9039
20.Jan.2004	WebTrends Reporting Center - Management Interface Path Disclosure	Bugtraq:	9460
14.Jan.2004	Symantec Web Security - Block Page Message Cross-Site Scripting Vulnerability Symantec Response: www.symantec.com Heise News: www.heise.de	Bugtraq:	9418
01.Jun.2004	Sambar Proxy Multible Vulnerabilities	Bugtraq:	10444
14.May.2004	MailEnable HTTPMail Remote Authorization Header Overflow	Bugtraq:	NA
11.Dec.2003	Remotely Anywhere Message Injection Vulnerability	Bugtraq:	9202
17.May.2004	F-Secure Policy Manager FSMSH.DLL CGI Application Installation Path Disclosure Vulnerability	Bugtraq:	11869
17.May.2004	Imatix Xitami Server Side Includes Cross-Site Scripting Vulnerability	Bugtraq:	10778
17.May.2004	TelCondex SimpleWebserver - Buffer Overflow	Bugtraq:	8925
17.May.2004	Fastream NetFile - Error Message Cross-Site Scripting Vulnerability	Bugtraq:	8908
17.May.2004	Imatix Xitami - Long HTTP Header Denial Of Service Vulnerability	Bugtraq:	8665
17.May.2004	Bajie HTTP Server - Example Scripts And Servlets Cross-Site Scripting	Bugtraq:	8841
17.May.2004	Megacomputing Personal-WebServer Professional - Remote Directory Traversal	Bugtraq:	8721
17.May.2004	Megacomputing Personal-WebServer Professional - Denial Of Service Vulnerability	Bugtraq:	8723
17.May.2004	CSS Vulnerability in vqSoft vqServer demo servlets	Bugtraq:	N/A
17.May.2004	Plug and Play Web Server - Remote Denial of Service Vulnerability	Bugtraq:	8941
17.May.2004	BRS WebWeaver Webserver Cross Site Scripting Vulnerability	Bugtraq:	N/A
19.Apr.2004	Appfoundry Message Foundry COM Request DoS	Bugtraq:	N/A
30.Apr.2004	Multible Vulnerabilites in Aldos Webserver	Bugtraq:	10262