CroatianEnglish

INFIGO IS Security Advisory #INFIGO-2008-01-06

Title:    McAfee E-Business Server Remote Preauth Code Execution / DoS
Advisory ID:    INFIGO-2008-01-06
Date:    2008-01-06
Risk Level:    High
Summary:   

McAfee E-Business Server guards sensitive corporate data with industry-standard PGP 128-bit encryption and authentication. McAfee E-Business Server supports a variety of platforms and security certificates.
During an audit of McAfee E-Business Server, we have discovered a vulnerability in the administration interface (TCP port 1718).
It is possible to crash McAfee E-Business Server during the authentication process.
McAfee further researched the vulnerability and confirmed that it also allows an attacker to execute code remotely.

INFIGO IS Security Advisory #INFIGO-2007-04-05

Title:    Enterprise Security Analyzer server remote buffer overflows
Advisory ID:    INFIGO-2007-04-05
Date:    2007-04-10
Risk Level:    High
Summary:   

Enterprise Security Analyzer (ESA) from eIQnetworks (http://www.eIQnetworks.com) is a Security Information Management (SIM) solution that provides security intelligence across the enterprise.
During an audit of Enterprise Security Analyzer, multiple remote buffer overflows have been discovered in the ESA server (TCP port 10616).
Specially crafted ESA requests can lead to various stack and heap overflows.

INFIGO IS Security Advisory #INFIGO-2006-08-04

Title:    MDaemon POP3 server remote buffer overflow (preauth)
Advisory ID:    INFIGO-2006-08-04
Date:    2006-08-21
Risk Level:    High
Summary:   

During security analysis of POP3 protocol in various e-mail server software products INFIGO IS research team discovered a critical vulnerability in the MDaemon e-mail server software.
After successful exploitation, remote attacker can take complete control of the vulnerable e-mail server. Nature of the e-mail and POP3 protocol which are often accessible not only form internal network, but from the Internet furthermore increases severity of the problem.
With assistance of INFIGO IS, the vendor has released a new version of MDaemon e-mail server which eliminates the vulnerability.

INFIGO IS Security Advisory #INFIGO-2006-05-03

Title:    Multiple FTP Servers vulnerabilities
Advisory ID:    INFIGO-2006-05-03
Date:    2006-05-05
Risk Level:    High
Summary:   

Infigo IS released a simple GUI FTP fuzzer which can be downloaded from http://www.infigo.hr/en/in_focus/tools. An announcement which was posted to the multiple security groups included overview of several vulnerabilities discovered with the Fuzzer.
This advisory is published due to some misinterpretations in further reposts discussing vulnerabilities discovered.
Vulnerabilities described in this advisory were found in the following FTP server software products:
- ArgoSoft FTP Server
- Golden FTP Server
- Filezilla
- War FTP Daemon
- Guild FTP Server

 

INFIGO IS Security Advisory #INFIGO-2006-04-02

Title:    Multiple PHP4/PHP5 vulnerabilities
Advisory ID:    INFIGO-2006-04-02
Date:    2006-04-24
Risk Level:    Medium
Summary:   

The INFIGO IS research team audited the PHP interpreter code and more than 20 vulnerabilities in PHP4 and PHP5 have been discovered. Most of them have been reported and fixed.
However, several vulnerabilities are still present in current PHP 4 and PHP 5 versions. During the last two months the vendor has been contacted several times but no official response has been received. At the moment no official patches are available.
 

XML feed
INfigo.hr © 2006 | design & development: Vega Intro