[CLOSE] OSVDB ID : 17129 - Disclosed: 2005-06-06

Description:

602LAN SUITE contains a flaw that may allow remote manipulation of log data. The issue is triggered when a remote user submits an HTTP GET request for the string "</pre><!--". From that point, subsequent log entries will not be displayed when the administrator views the log file until the string " --><pre>" is encountered. This log manipulation can be used by a remote attacker to obfuscate records of other attack attempts, and will result in loss of log integrity for the service. Administrators can still see the log entries by viewing the HTML source of the logs.

[CLOSE] OSVDB ID : 16068 - Disclosed: 2005-04-29

Description:

602Lan Suite 2004 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'A' variable upon submission to the mail script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16069 - Disclosed: 2005-04-29

Description:

602LAN Suite contains a flaw that allows a remote attacker to enumerate arbitrary files outside of the web path. The issue is due to the mail script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the A variable, leading to loss of confidentiality. In addition, these requests could be scripted with the goal of consuming the server's resources, leading to a loss of availability.

[CLOSE] OSVDB ID : 17709 - Disclosed: 2004-07-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 11529 - Disclosed: 2004-11-06

Description:

(Description Provided by CVE) : The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop.

[CLOSE] OSVDB ID : 17708 - Disclosed: 2004-04-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 11528 - Disclosed: 2004-11-06

Description:

(Description Provided by CVE) : The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data.

[CLOSE] OSVDB ID : 13590 - Disclosed: 2005-02-07

Description:

602LAN Suite contains a flaw that allows a remote attacker to upload files to arbitrary directories outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'filename' variable when attaching a file to an email. Files uploaded to the cgi-bin directory can be executed remotely by an authenticated user via a URL and will run at the privileges of the web server.

[CLOSE] OSVDB ID : 2620 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10281 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10280 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10279 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10278 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60106 - Disclosed: 2002-08-04

Description:

(Description Provided by CVE) : The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections.

[CLOSE] OSVDB ID : 10282 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2621 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 37232 - Disclosed: 2007-06-12

Description:

(Description Provided by CVE) : Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 59905 - Disclosed: 2002-10-18

Description:

(Description Provided by CVE) : 602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.

[CLOSE] OSVDB ID : 11542 - Disclosed: 2001-03-26

Description:

(Description Provided by CVE) : Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.

[CLOSE] OSVDB ID : 11541 - Disclosed: 2001-03-26

Description:

LAN SUITE 602Pro contains a flaw that may allow a malicious user to cause a denial of service. The issue is triggered when a user issues a GET request containg an MS-DOS device name. It is possible that the flaw may allow remote users to crash the service, resulting in a loss of availability.

[CLOSE] OSVDB ID : 6932 - Disclosed: 2004-02-28

Description:

(Description Provided by CVE) : LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.

[CLOSE] OSVDB ID : 6933 - Disclosed: 2004-02-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4107 - Disclosed: 2004-02-28

Description:

(Description Provided by CVE) : LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.

[CLOSE] OSVDB ID : 1657 - Disclosed: 2000-11-22

Description:

(Description Provided by CVE) : Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

[CLOSE] OSVDB ID : 45247 - Disclosed: 2008-05-15

Description:

68 Classifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'category.php' script not properly sanitizing user-supplied input to the 'cat' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 56564 - Disclosed: 2009-07-27

Description:

68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'cat' parameters upon submission to the 'category.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 56565 - Disclosed: 2009-07-27

Description:

68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'goto' parameters upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 56566 - Disclosed: 2009-07-27

Description:

68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'page' parameters upon submission to the 'searchresults.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 56567 - Disclosed: 2009-07-27

Description:

68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'page' parameters upon submission to the 'toplistings.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 56568 - Disclosed: 2009-07-27

Description:

68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'view' parameters upon submission to the 'viewlisting.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.