Metasploit Vulnerability Research

PGP Desktop Wipe Free Space Flaw - PGP Desktop includes a Wipe Free Space utility that claims to eliminate data in all the free space on your hard drive including the the little areas after the end of existing files which may still have old data left behind. In short, the utility claims to wipe file slack space, the unused space in a disk cluster. The software does not work as advertised. It does not clean slack space.

Lyris ListManager Multiple Flaws - The Lyris ListManager software is vulnerable to numerous SQL injection, source code dislosure, and authentication bypass flaws. The ListManager software runs on Linux, Solaris, and Windows and can be configured to use one of the following database backends: PostgreSQL, Oracle, and MSSQL/MSDE. These flaws can be used to gain complete access to the ListManager data and often the host server itself.

Windows File Time Stamp Display Flaw - Windows file time stamps can be set to extremely low values via the NtSetInformationFile() system call. The Windows API does not properly translate the low 64-bit time values stored on disk into human readable format, and displays no information instead. Although this is not a security vulnerability in itself, it adversely affects third-party applications that rely upon the Windows API to perform the translation.

Google Search Appliance proxystylesheet Flaws - The Google Search Appliance allows customization of the search interface through XSLT style sheets. Certain versions of the appliance allow a remote URL to be supplied as the path to the XSLT style sheet. This feature can be abused to perform cross-site scripting (XSS), file discovery, service enumeration, and arbitrary command execution.

Arkeia Unauthenticated Access - The Arkeia Network Backup Client suffers from a design flaw that allows unauthenticated remote access. A description of this issue, complete with screen shots, demonstration code, and packet captures can be found in the advisory.