Next Page >>
Fortinet
[FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability
Fortinet Discovers Adobe Flash Player Vulnerability
2010.Nov.04
Summary:
Fortinet's FortiGuard Labs has discovered a Memory corruption vulnerability in Adobe Flash Player(Flash10h.ocx), which may lead to arbitrary code
execution or Denial of Service.
FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability
2009.April.08
Summary:
========
Fortinet's FortiGuard Global Security Research Team has discovered a buffer overflow vulnerability in EMC RepliStor.
Impact:
=======
Remote code execution.
2008-06-30 - Vendor issued update
2088-07-20 - Coordinated public release of advisory
Acknowledgment:
Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
2008-06-30 - Vendor issued update
2088-07-20 - Coordinated public release of advisory
Acknowledgment:
Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
2008-06-30 - Vendor issued update
2008-07-20 - Coordinated public release of advisory
Acknowledgment:
Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
2008-06-30 - Vendor issued update
2088-07-20 - Coordinated public release of advisory
Acknowledgment:
Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
7. Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first
4 bytes evades detection.
Affected products -
AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1,
Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900,
Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C,
NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103,
TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004
CVE no -
Fortinet Discovers Vulnerability in Indeo Codec
2009.December.08
Summary:
Fortinet's FortiGuard Labs Discovers Memory Corruption Vulnerability in Indeo Codec.
Impact:
Remote Code Execution.
Fortinet Discovers Microsoft Office Project Vulnerability (MS09-074)
2009.December.08
Summary:
Fortinet's FortiGuard Labs Discovers Memory Corruption Vulnerability in Microsoft Office Project.
Impact:
Remote Code Execution.
hi full-disclosure,
Baidu Soba Remote Code Execute Vulnerability
by cocoruder of Fortinet Security Research Team
http://ruder.cdut.net
Summary:
Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability
2009.June.10
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Adobe Reader / Acrobat.
Summary:
========
A memory corruption vulnerability exists when processing PDF documents and handling TrueType fonts, which could allow an attacker to execute arbitrary code with the privileges of the current user.
Impact:
hi full-disclosure,
CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability
by cocoruder of Fortinet Security Research Team
http://ruder.cdut.net
Summary:
______________________________________________________________________
From the low-hanging-fruit-department - Fortinet bypass/evasion
______________________________________________________________________
Release mode: Forced release, vendor has not replied.
Ref : TZO-112009 - Fortinet Generic Evasion
WWW : http://blog.zoller.lu/2005/04/fortinet-evasion-bypass-limited-details.html
Vendor : http://www.fortinet.com
Security notification reaction rating : Catastrophic
FGA-2008-23:EMC NetWorker Denial of Service Vulnerability
2008.October.21
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in EMC NetWorker
Summary:
A resource exhaustion vulnerability exists throughout multiple EMC products through an exploited RPC interface.
Impact:
Apple Safari Remote Memory Corruption Vulnerability
2009.June.09
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Apple Safari.
Summary:
========
A memory corruption vulnerability exists in Apple Safari which allows a remote attacker to execute arbitrary code through a malicious webpage.
Impact:
Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability
2009.June.09
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Microsoft's Internet Explorer.
Summary:
========
A memory corruption vulnerability exists in the DHTML handling of Microsoft's Internet Explorer which allows a remote attacker to compromise a system through a malicious site.
Impact:
Microsoft Office Excel Remote Memory Corruption Vulnerability
2009.April.14
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Microsoft Office Excel.
Summary:
========
A memory corruption vulnerability exists in Microsoft Office Excel which allows a remote attacker to compromise a system through a malicious document.
Impact:
Microsoft Internet Explorer Remote Memory Corruption Vulnerability
2010.January.21
Summary:
========
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Microsoft's Internet Explorer.
Impact:
=======
Remote Code Execution.
Microsoft Office Web Components Remote Memory Corruption Vulnerability
2009.July.13
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Microsoft Office Web Components.
Summary:
========
A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.
Impact:
Oracle Secure Backup's observiced.exe Denial Of Service vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers a vulnerability in observiced.exe of Oracle Secure Backup
Summary:
========
A Denial Of Service vulnerability exists Oracle Secure Backup 10.2.0.2 observiced.exe through malformed packet.
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Oracle Secure Backup
Summary:
========
A Buffer Overflow vulnerability exists Oracle Secure Backup 10.2.0.2 through a malformed NDMP packet.
RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities
2009.February.05
Fortinet's FortiGuard Global Security Research Team Discovers Two Vulnerabilities in RealNetworks RealPlayer.
Summary:
========
Two code execute vulnerabilities exist in RealNetworks RealPlayer 11 through malformed IVR files.
Oracle Secure Backup Multiple Denial Of Service vulnerabilities
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers multiple vulnerabilities in Oracle Secure Backup
Summary:
========
Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2 through malformed NDMP packets.
CA Advisory Updated: 2007-12-05
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Balding of Secunia Research (CVE-2007-5326)
Cocoruder of Fortinet Security Research Team (CVE-2007-5327)
Tenable Network Security (CVE-2007-5328)
Pedram Amini of DV Labs (dvlabs.tippingpoint.com) (CVE-2007-5329)
Dyon Balding of Secunia Research (CVE-2007-5330)
eEye Digital Security (CVE-2007-5331)
shirkdog (CVE-2007-5332)
01/10/2008 - Vendor confirms vulnerability and plans to fix it.
02/12/2008 - Coordinated disclosure
--------------------------------------------------------
2. Fortinet FortiClient Local Privilege Escalation.
Fortinet Endpoint Solution For Enterprise, FortiClient is prone to a
local privilege escalation due to the improper device filtering carried
out by its filter driver, fortimon.sys .
like to share it with you.
It is based on code developed By sinhack research labs:
http://sinhack.net/URLFilteringEvasion/sakeru.tx
Description:
"Fortinet's URL blocking functionality can be bypassed by
specially-crafted HTTP requests that fulfill 3 factors:
1.- HTTP Requests are terminated by the CRLF characters.
2.- Forcing to talk via HTTP/1.0 version so that dont send the host header.
3.- Finally, by Fragmenting the GET or POST requests
CA Advisory Date: 2008-10-09
Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Vulnerability Research Team of Assurent Secure Technologies, a
TELUS Company
Greg Linares of eEye Digital Security
Apple iTunes DAAP Messages Handling Denial of Service Vulnerability
2009.Mar.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Apple iTunes
Summary:
========
A DoS vulnerability in Apple iTunes through a maliciously crafted DAAP message.
Impact:
CA Advisory Date: 2007-10-10
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Balding of Secunia Research (CVE-2007-5326)
Cocoruder of Fortinet Security Research Team (CVE-2007-5327)
Tenable Network Security (CVE-2007-5328)
Pedram Amini of DV Labs (dvlabs.tippingpoint.com) (CVE-2007-5329)
Dyon Balding of Secunia Research (CVE-2007-5330)
eEye Digital Security (CVE-2007-5331)
shirkdog (CVE-2007-5332)
CVE-2009-0717 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2009-0718 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Zhenhua Liu, Junfeng Jia, and Xiaopeng Zhang of Fortinet's Fortiguard Global Security Research Team for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has provided HP StorageWorks Storage Mirroring v5.1.1.1090.15 to resolve these vulnerabilities.
Next Page>>
|
