Jump to content - Jump to section navigation
These advisories detail original security vulnerabilities found by Brandeis University employees. Please contact security@brandeis.edu for more information.
November 26, 2007
The Sentinel Protection Server and Sentinel Keys Server products include web servers which are vulnerable to directory traversal attacks. A remote attacker could exploit these vulnerabilities to read arbitrary files with the permissions of the web server, typically SYSTEM.
August 30, 2007
A SQL injection vulnerability exists in Cisco CallManager. An unauthenticated attacker could exploit this vulnerability to run arbitrary SQL commands, exposing the CallManager configuration, including call records.
March 28, 2007
An arbitrary command execution vulnerability exists in the command line administration interface of the software used by DataDomain appliances. An attacker who is able to access the administration interface could exploit this vulnerability to install malicious software and use the DataDomain appliance as a base from which to launch attacks on other systems.
January 18, 2007
A directory traversal vulnerability exists in the Ars Digita Community System. A remote attacker could exploit this vulnerability to read arbitrary files with the permissions of the web server.
