Next Page >>
Disclosure Timeline
Copyright 2009 Giuseppe Bonfa'. All rights reserved.
***Disclosure Timeline***
Discover Date: -
PoC Code: porting C++ 26/09/2009
Vendor Notify: 26/09/2009
Vendor Reply: 15/09/2009
Vulnerability Information 5
Vulnerability Details 5
Proof-of-Concept 5
Security Analysis 6
Discovery 6
Disclosure Timeline 6
About BugSec LTD. 6
References 6
3. Technical Description
4. Exploiting it
5. References
6. Affected Products
7. Credits
8. Disclosure Timeline
9. Contact
== Fix ==
Download latest version of Diigo Toolbar
== Disclosure Timeline ==
* 12 May 2008 - Vendor Informed
* 2 June 2008 - Another e-mail to vendor to check if they've fixed
* 3 June 2008 - Vendor informed me that it's fixed
* 20 June 2008 - Public Release
wget --referer='http://<hr onMouseOver="alert(7)">' http://someblog.com/
Workaround/Fix
If you are using the referrer plugin, upgrade to 1.3.1.
Disclosure Timeline
2008-03-18 Vendor contacted
2008-03-18 Vendor answered
2008-03-18 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
wget --referer='http://<hr onMouseOver="alert(7)">' http://someblog.com/
Workaround/Fix
If you are using the referrer plugin, upgrade to 1.3.1.
Disclosure Timeline
2008-03-18 Vendor contacted
2008-03-18 Vendor answered
2008-03-18 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
user who started the application.
Microsoft has addressed this issue (among others) in its february
bulletin: http://www.microsoft.com/technet/security/Bulletin/MS08-009.mspx
Disclosure Timeline:
07/02/2007 - Vendor Contacted
07/02/2007 - Vendor Acknowledged
01/10/2008 - Vendor confirms vulnerability and plans to fix it.
02/12/2008 - Coordinated disclosure
ref
http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html
http://www.adobe.com/support/security/bulletins/apsb10-12.html
Disclosure Timeline
===================
2010-2-6 report to vendor
2010-2-7 vendor ask poc file
2010-2-7 we sent the poc file.
2010-2-8 vendor comfirm the issue.
Adobe has issued an update to correct this vulnerability. More
details can be found at:
http://www.adobe.com/support/security/bulletins/apsb10-12.html
-- Disclosure Timeline:
2010-02-02 - Vulnerability reported to vendor
2010-05-11 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Sun Microsystems has issued an update to correct this vulnerability. More
details can be found at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
-- Disclosure Timeline:
2009-12-10 - Vulnerability reported to vendor
2010-04-05 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Skype has issued an update that corrects this vulnerability. More
details can be found at:
http://share.skype.com/sites/garage/2010/03/10/ReleaseNotes_4.2.0.155.pdf
-- Disclosure Timeline:
2009-07-14 - Initial report to vendor, no response.
2010-01-07 - Follow-up report, again no response.
2010-01-11 - Received support e-mail with update notice from Skype.
2010-01-11 - We responded the same day stating that the new version does not address our reported bugs.
2010-01-12 - Skype requests more details, specifically a screen shot.
Microsoft has issued an update to correct this vulnerability. More
details can be found at:
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
-- Disclosure Timeline:
2010-01-06 - Vulnerability reported to vendor
2010-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
||width="
|| " onMouseOver=alert(1) " ||test||
The vendor has been contacted, but has not replied to my report.
Disclosure Timeline
2010-04-19: Vendor contacted
2010-05-07: Published advisory
Credits
Sun Microsystems has issued an update to correct this vulnerability. More
details can be found at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
-- Disclosure Timeline:
2009-10-21 - Vulnerability reported to vendor
2010-04-05 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:
http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
-- Disclosure Timeline:
2009-10-29 - Vulnerability reported to vendor
2010-02-09 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Adobe has issued an update to correct this vulnerability. More
details can be found at:
http://www.adobe.com/go/apsb10-14
-- Disclosure Timeline:
2010-06-25 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4196
-- Disclosure Timeline:
2010-05-10 - Vulnerability reported to vendor
2010-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Novell has issued an update to correct this vulnerability. More
details can be found at:
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7006255&sliceId=1&docTypeID=DT_TID_1_1&dialogID=149517296&stateId=0%200%20149513677,
-- Disclosure Timeline:
2009-12-10 - Vulnerability reported to vendor
2010-06-21 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4196
-- Disclosure Timeline:
2010-05-03 - Vulnerability reported to vendor
2010-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4196
-- Disclosure Timeline:
2010-02-23 - Vulnerability reported to vendor
2010-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Adobe has issued an update to correct this vulnerability. More
details can be found at:
http://www.adobe.com/support/security/bulletins/apsb10-12.html
-- Disclosure Timeline:
2010-04-08 - Vulnerability reported to vendor
2010-05-11 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Sun Microsystems has issued an update to correct this vulnerability. More
details can be found at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
-- Disclosure Timeline:
2009-12-10 - Vulnerability reported to vendor
2010-04-05 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4196
-- Disclosure Timeline:
2009-12-04 - Vulnerability reported to vendor
2010-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
by a set of nested loops which can result in arbitrary code execution.
-- Vendor Response:
-- Disclosure Timeline:
2009-03-26 - Vulnerability reported to vendor
2010-04-02 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4070
-- Disclosure Timeline:
2009-10-27 - Vulnerability reported to vendor
2010-03-16 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
-- Vendor Response:
SAP states:
A solution was provided via SAP note 1409425
(https://service.sap.com/sap/support/notes/1409425)
-- Disclosure Timeline:
2009-11-09 - Vulnerability reported to vendor
2010-03-16 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4196
-- Disclosure Timeline:
2010-02-23 - Vulnerability reported to vendor
2010-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
http://www-933.ibm.com/support/fixcentral/
APAR URLs
http://www.ibm.com/support/docview.wss?uid=swg1IC55329
http://www.ibm.com/support/docview.wss?uid=swg1IC55330
-- Disclosure Timeline:
2008-02-07 - Vulnerability reported to vendor
2010-03-01 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4104
-- Disclosure Timeline:
2009-10-27 - Vulnerability reported to vendor
2010-04-02 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Computer Associates has issued an update to correct this vulnerability. More
details can be found at:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
-- Disclosure Timeline:
2009-12-16 - Vulnerability reported to vendor
2010-04-06 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
Next Page>>
|
