Centreon Enterprise Server 2.3.3 – 2.3.9-4 Blind SQL InjectionPosted on December 12, 2012 by Spentera |
We discovered the vulnerability when we’re looking for alternate software in network monitoring. We know and we love Nagios, and so the Centreon, they provide a very nice interface of Nagios. Centreon provide nice features and ease of use when you’re dealing with network monitoring. The backend system is still Nagios, but the interface is totally different. You can view more features of Centreon here.
PC Media Antivirus Insecure Library Loading VulnerabilityPosted on December 5, 2012 by Spentera |
PC Media Antivirus (PCMAV) is an antivirus made in Indonesia. PCMAV is quite popular in 2006 since many virus creators in Indonesia actively spread a computer virus, and infecting most computers in Indonesia. At that time some people start to claim a special anti-virus to detect Indonesia computer viruses, some of which are popular such as SmadAV, PC Media Antivirus (PCMAV), and Ansav.
Until now, PCMAV is still a popular antivirus used on most computers in Indonesia. PCMAV usually installed alongside with another popular free antivirus such as Avast, AVG, or Avira Antivir. In some companies, PCMAV is also a mainstay for detecting viruses made in Indonesia.
Antivirus is an endpoint protection to detect malicious programs from outside the computer, so the antivirus should be made with good protection, well flow design, and it should not vulnerable, thus cannot be exploited.
SmadAV 9.1 Null Pointer Dereference VulnerabilityPosted on November 13, 2012 by Spentera |
SmadAV antivirus 9.1 is susceptible to null pointer exploitation. The application does not properly filter the scanner input that processed into smadengine.dll. The successful exploitation of this vulnerability could potentially result a crash on the application, since it will refer to a null pointer, EAX = 0000000.
Trend Micro Control Manager SQL Injection VulnerabilityPosted on September 27, 2012 by Spentera |
SQL injection vulnerability was found in Trend Micro Control Manager. A remote attacker can extract sensitive data such as password through blind SQL injection.
Trend Micro Control Manager prior to version 5.5 build 1823 (English and Japanese version) and version 6 build 1449 (English version only) are susceptible to SQL Injection. The application does not properly filter user-supplied input. The successful exploitation of this vulnerability could potentially result in arbitrary SQL command input to the back-end database, such as execute SQL command to upload and execute arbitrary code against the target system.
webERP <=4.08.4 SQL Injection VulnerabilityPosted on September 17, 2012 by Spentera |
webERP <=4.08.4 contains sql injection vulnerability that may allow authenticated users to execute sql queries, potentially viewing or modifying data.
webERP is a mature open-source ERP system providing best practise, multi-user business administration and accounting tools over the web. The vulnerability sits in the WO (work order) parameter, file WorkOrderEntry.php in the Manufacturing menu. Lack of input validation of the WO parameter may allow malicious users to inject an sql query.