New User, Welcome!     Login

Patrik Karlsson

ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

2010-09-23 - Vulnerability reported to vendor
2011-03-22 - Public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Patrik Karlsson <patrik@cqure.net>

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

AST-2009-008: SIP responses expose valid usernames

   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | October 26, 2009                                |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Patrik Karlsson <patrik AT cqure DOT net>       |
   |----------------------+-------------------------------------------------|
   |      Posted On       | November 4, 2009                                |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | November 4, 2009                                |
   |----------------------+-------------------------------------------------|

[ GLSA 201006-20 ] Asterisk: Multiple vulnerabilities

  implementation (CVE-2009-2346).

* amorsen reported an input processing error in the RTP protocol
  implementation (CVE-2009-4055).

* Patrik Karlsson reported an information disclosure flaw related to
  the REGISTER message (CVE-2009-3727).

* A vulnerability was found in the bundled Prototype JavaScript
  library, related to AJAX calls (CVE-2008-7220).


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!