NIPC CyberNotes #2002-12 Page 8 of 33 06/17/2002
Vendor
Operating
System
Software
Name
Vulnerability/
Impact
Patches/Workarounds/
Alerts
Common
Name
Risk*
Attacks/
Scripts
Linksys
41
Multiple EtherFast
BEFSR11
Router
1.42.7,
BEFSR41
Router
1.42.7,
BEFSRU31
Router
1.42.7
A vulnerability exists in the
current firmware because
existing rules that deny
remote administration of the
router are not respected,
which could allow remote
administration by a malicious
user even if it has been
specifically disabled in
the product
No workaround or patch
available at time of
publishing.
EtherFast
Router Remote
Administration
Enabled
High
Bug discussed
in newsgroups
and websites.
There is no
exploit code
required.
LogiSense
Corpora-
tion
42
Multiple DNS
Manager
System,
Hawk-i 5.2,
Hawk-i
ASP
A vulnerability exists in the
ASP based login process
because user input is not
adequately filtered, which
could let a malicious user
obtain sensitive information.
No workaround or patch
available at time of
publishing.
Hawk-i
ASP Login
Medium Bug discussed
in newsgroups
and websites.
Exploit has
been published.
Lokwa
43
Multiple Lokwa BB
1.2.1
A vulnerability exists because
externally-supplied input is
not properly validated when
arbitrary characters and
additional SQL statements are
included in a query, which
could let a malicious user
obtain sensitive information
No workaround or patch
available at time of
publishing.
Lokwa BB
Sensitive
Information
Medium Bug discussed
in newsgroups
and websites.
Luis
Bernardo
44
Multiple MyHelp
Desk
20020509
Multiple vulnerabilities exist:
a vulnerability exists because
HTML tags are not properly
sanitized from form fields,
which could let a malicious
user execute arbitrary HTML
script code; multiple Cross-
Site Scripting vulnerabilities
exist due to unsanitized CGI
parameters, which could let a
malicious user execute
arbitrary script code; and a
SQL injection vulnerability
exists because user input is
not properly sanitized, which
could let a remote malicious
user modify the logic of a
SQL query.
No workaround or patch
available at time of
publishing.
MyHelpDesk
Multiple
Vulnerabilities
High
Bug discussed
in newsgroups
and websites.
Proofs of
Concept
exploits have
been published.
Macro-
media
45
Multiple JRun 3.0,
3.1, 4.0
A Denial of Service
vulnerability exists when
JRun encounters a malicious
JSP page.
No workaround or patch
available at time of
publishing.
JRun
JSP Page
Denial of
Service
Low Bug discussed
in newsgroups
and websites.
Proof of
Concept
exploit has
been published.
41
Securiteam, June 9, 2002.
42
Bugtraq, June 4, 2002.
43
SecurityFocus, June 10, 2002.
44
ALPER Research Labs Security Advisory, ARL02-A15, June 10, 2002.
45
Vulnwatch, June 11, 2002.
(51 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales