We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.   We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.
 Saturday, August 20, 2005
CPAINT Ajax Toolkit

Original release date: 8/19/2005
Source: US-CERT/NIST

Overview

Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.
Impact

Severity: High
Range: Remotely exploitable
Impact Type: Provides user account access
References to Advisories, Solutions, and Tools

External Source:  BUGTRAQ (disclaimer)

Name: 20050816 RE: Vulnerability found in CPAINT Ajax Toolkit

Type:  Advisory
Hyperlink: http://marc.theaimsgroup.com/?l=bugtraq&m=112421484419768&w=2
Vulnerable software and versions
CPAINT, CPAINT
 

Technical Details

Vulnerability Type: Input Validation Error

CVE Standard Vulnerability Entry:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2625
Threats
8/20/2005 8:30:15 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |  Comments [0]  | 
Related Posts:
UPS phishing again
Obama sex video
Attack Breaks DNS Patches!
Kaminsky provides the why
DNS vulnerability
MPack: the Strange Case of the Mass-Hacking Tool