CIRT vuln disclosure

EasyWeb (EW) FileManager Directory Traversal

Product:
EasyWeb FileManager Module (home.postnuke.ru)

Released:
07/23/2004

Description:
EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows
retrieval of arbitrary files from the remote system.

Systems Affected:
EasyWeb FileManager 1.0 RC-1

Technical Description:

Vulnerabilities: 
CIRT vuln disclosure

MySQL Eventum 1.31 Cross Site Scripting

Product:
MySQL Eventum Issue / Bug Tracking System

Released:
12/28/2004

Description:
MySQL Eventum 1.3.1 contains multiple multiple cross site scripting (XSS) vulnerabilities.

Systems Affected:
MySQL Eventum 1.3.1

Technical Description:
The Eventum bug tracking system has multiple variables that do not filter user supplied input. This could allow an attacker to perform Cross Site Scripting (XSS)
attacks.

XSS is possible in the following pages/fields:

    Vulnerabilities: 
    CIRT vuln disclosure

    MySQL Eventum 1.3.1 Default Vendor Account

    Product:
    MySQL Eventum Issue / Bug Tracking System

    Released:
    12/28/2004

    Description:
    MySQL Eventum 1.3.1 contains an undocumented administrator account with an unknown password.

    Systems Affected:

    • MySQL Eventum 1.3.1
    • MySQL Eventum 1.3
    • MySQL Eventum 1.2.2
    • MySQL Eventum 1.2.1
    • MySQL Eventum 1.2
    • MySQL Eventum 1.1

    Technical Description:

    Vulnerabilities: 
    CIRT vuln disclosure

    Cyclades AlterPath Manager Information Disclosure

    Product:
    AlterPath Manager (APM) Console Server

    Released:
    01/23/2005

    Description:
    AlterPath Manager (APM) reveals sensitive system information without authentication.

    Systems Affected:
    AlterPath Manager 1.1.0 and below

    Technical Description:
    The APM reveals sensitive information, including:

    • Boot Version
    • Kernel Version
    • Config Version
    • OS Version
    • AP Version
    • Hardware information
    Vulnerabilities: 
    CIRT vuln disclosure

    Cyclades AlterPath Manager Privilege Escalation

    Product:
    AlterPath Manager (APM) Console Server

    Released:
    01/23/2005

    Description:
    AlterPath Manager (APM) allows any connected user grant themselves administrator access.

    Systems Affected:
    AlterPath Manager 1.1.0 and below

    Technical Description:

    Vulnerabilities: 
    CIRT vuln disclosure

    Cyclades AlterPath Manager Arbitrary Console Connection

    Product:
    AlterPath Manager (APM) Console Server

    Released:
    01/23/2005

    Description:
    AlterPath Manager (APM) allows any connected user to access any console, ignoring access restrictions connected to the AlterPath.

    Systems Affected:
    AlterPath Manager 1.1.0
    AlterPath Manager 1.2.1 and 1.2.0 partially affected

    Technical Description:

    Vulnerabilities: 
    CIRT vuln disclosure

    Pages