Next Page >>
Procheckup Ltd
References:
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-05-751&viewMode=view
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Legal:
Copyright 2009 Procheckup Ltd. All rights reserved.
Advisory publicly released: Tuesday, 21 December 2010
Vulnerability found: Thursday, 4 February 2010
Vendor informed: Monday, 8 February 2010
Severity level: Low/Medium
Credits
Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Description
Viva Thumbs resizes and display images, as part of a popular WordPress
plugin.ProCheckUp has discovered that Viva Thumbs is vulnerable to a
directory traversal attack within the image display functionality, the
directory traversal attack is limited to file existence validation.
References:
http://moodle.org/mod/forum/discuss.php?d=101403
http://www.procheckup.com/Vulnerabilities.php
Credits: Richard Brain of ProCheckUp Ltd. (www.procheckup.com)
ProCheckUp would like to thank Petr Skoda and the rest of the Moodle
team for their excellent response time and cooperation towards resolving
this matter.
Advisory publicly released: 30th January 2009
Severity: Medium
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com).
ProCheckUp thanks Novell for working with us in such a professional manner.
Successfully tested on: Novell GroupWise WebAccess 7.0.3
Novell has confirmed the following versions to be affected by this
Date Public: 10th November 2008
Severity: High
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com).
ProCheckUp thanks Sun for working with us.
Description:
http://www.procheckup.com/Vulnerabilities.php
http://www.rsa.com/node.aspx?id=2807
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com).
ProCheckUp thanks RSA for being so cooperative and responding so fast.
Legal:
http://www.procheckup.com/Vulnerabilities.php
http://www.juniper.net/products_and_services/ssl_vpn_secure_access/secure_access_2000/
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
COMPLETE HTTP REQUEST:
GET /dana-na/auth/remediate.cgi?step=preauth HTTP/1.1
http://www.procheckup.com/Vulnerabilities.php
http://www.juniper.net/products_and_services/ssl_vpn_secure_access/secure_access_2000/
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
COMPLETE HTTP REQUEST:
GET
References:
http://moodle.org/mod/forum/discuss.php?d=101401
http://www.procheckup.com/Vulnerabilities.php
Credits: Adrian Pastor and Amir Azam of ProCheckUp Ltd. (www.procheckup.com)
ProCheckUp would like to thank Petr Skoda and the rest of the Moodle
team for their excellent response time and cooperation towards resolving
this matter.
References:
http://moodle.org/mod/forum/discuss.php?d=101405
http://www.procheckup.com/Vulnerabilities.php
Credits: Amir Azam and Adrian Pastor of ProCheckUp Ltd. (www.procheckup.com)
ProCheckUp would like to thank Petr Skoda and the rest of the Moodle
team for their excellent response time and cooperation towards resolving
this matter.
http://www.procheckup.com/Vulnerabilities.php
http://www.rsa.com/node.aspx?id=2807
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com).
ProCheckUp thanks RSA for being so cooperative and responding so fast.
Legal:
http://www.procheckup.com/Vulnerability_2007.php
http://www.rsa.com/node.aspx?id=2807
Credits: found by Jan Fry and Adrian Pastor - ProCheckUp Ltd
(www.procheckup.com). ProCheckUp thanks RSA for being so cooperative and
responding so fast.
COMPLETE HTTP REQUEST for simple XSS PoC:
Advisory publicly released: 30th January 2009
Severity: High
Credits: Jan Fry of ProCheckUp Ltd (www.procheckup.com). ProCheckUp
thanks Novell for working with us in such a professional manner.
Successfully tested on: Novell GroupWise WebAcess 7.0.3
Novell has confirmed the following versions to be affected by this
http://www.procheckup.com/Vulnerability_2007.php
http://www.rsa.com/node.aspx?id=2807
Credits: found by Jan Fry and Adrian Pastor - ProCheckUp Ltd
(www.procheckup.com). ProCheckUp thanks RSA for being so cooperative and
responding so fast.
COMPLETE HTTP REQUEST for simple XSS PoC:
Vulnerability found: Wednesday, 10 February 2010
Vendor informed: Wednesday, 10 February 2010
Vulnerability fixed: Tuesday, 14 December 2010
Severity level: Medium/High
Credits
Jan Fry of ProCheckUp Ltd (www.procheckup.com).
Description
A remote URI redirection vulnerability affects the PGP Universal Web
Messenger. This issue is due to a failure of the application to properly
sanitize URI-supplied data assigned to the 'retryURL' parameter.
.
References:
http://www.procheckup.com/Vulnerabilities.php
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Legal:
Copyright 2010 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet connected interface, by disabling WeBUI within service
options on the Internet connected interface.
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Legal:
Copyright 2009 Procheckup Ltd. All rights reserved.
Advisory last updated: 1st March 2009
Severity: Medium/High
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
CVE reference: CVE-2009-0796
BID: 34383
Many thanks to Torsten Foertsch for his kind assistance in fixing the bug.
Date Public: 14th November 2008
Severity: Medium
Credits: Adrian Pastor of ProCheckUp Ltd (www.procheckup.com).
Vulnerability #1:
Description:
Advisory publicly released: 9th October 2008
Severity: High
Credits: Adrian Pastor of ProCheckUp Ltd (www.procheckup.com)
Description:
Attackers can inject a malicious HTML/JavaScript payload via the
"system.sysName.0" SNMP OID. Such payload is returned on the web
Microsoft IIS 5.0
Absolute Poll Manager XE - Version 4.1
Severity: Medium/High
Authors: Richard Brain and Adrian Pastor of ProCheckUp Ltd (http://www.procheckup.com/)
Vendor URL: http://www.xigla.com/
Product URL: http://www.xigla.com/absolutepm/
http://www.procheckup.com/Vulnerabilities.php
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2861 CVE-2010-2861
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Legal:
Copyright 2010 Procheckup Ltd. All rights reserved.
HP have issued a fix, download the appropiate update for your operating
system ensuring the sytem management agent is ay least version 6.0.0.96
or above.
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Legal:
Copyright 2009 ProCheckUp Ltd. All rights reserved.
http://www.procheckup.com/Vulnerabilities.php
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Legal:
Copyright 2010 ProCheckUp Ltd. All rights reserved.
ProCheckUp Security Vulnerabilities and Advisories:
http://www.procheckup.com/Vulnerabilities.php
Credits: Adrian Pastor of ProCheckUp Ltd (www.procheckup.com)
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
http://www.procheckup.com/Vulnerabilities.php
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Legal:
Copyright 2009 Procheckup Ltd. All rights reserved.
Advisory publicly released: Tuesday, 21 December 2010
Vulnerability found: Wednesday, 21 July 2010
Vendor informed: Monday, 26 July 2010
Severity level: High/Critical
Credits
Jan Fry of ProCheckUp Ltd (www.procheckup.com)
Description
Mitel Audio and Web Conferencing (AWC) is a simple, cost-effective and
scalable audio and web conferencing solution supporting upto 200 ports.
http://www.mitel.com/DocController?documentId=26451
ProCheckUp has discovered that the AWC web user interface is vulnerable
http://www.procheckup.com/Vulnerability_2007.php
http://www.rsa.com/node.aspx?id=2807
Credits: found by Jan Fry and Adrian Pastor - ProCheckUp Ltd
(www.procheckup.com). ProCheckUp thanks RSA for being so cooperative and
responding so fast.
COMPLETE HTTP REQUEST for simple XSS PoC:
Advisory publicly released: 14th January 2009
Severity: Medium
Credits: Adrian Pastor of ProCheckUp Ltd (www.procheckup.com)
Description:
Cisco IOS HTTP server is vulnerable to XSS within invalid parameters
processed by the "/ping" server-side binary/script.
operating system ensuring the sytem management agent is at least version
v8.5.1.3712 or above.
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
Legal:
Next Page>>
|
