Next Page >>
Risk Level
Public Disclosure: October 15, 2012
Vulnerability Type: NULL Pointer Dereference [CWE-476], Improper Access Control [CWE-284], Improper Access Control [CWE-284], Improper Access Control [CWE-284], Improper Access Control [CWE-284]
CVE References: CVE-2012-3806, CVE-2012-3807, CVE-2012-3808, CVE-2012-3809, CVE-2012-3810
CVSSv2 Base Scores: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P), 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P), 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P), 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P), 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Solution Status: Fixed by Vendor
Risk Level: Medium
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
Public Disclosure: November 7, 2012
Vulnerability Type: Cross-Site Request Forgery [CWE-352]
CVE Reference: CVE-2012-5450
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Solution Status: Fixed by Vendor
Risk Level: Low
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
Title: McAfee E-Business Server Remote Preauth Code Execution / DoS
Advisory ID: INFIGO-2008-01-06
Date: 2008-01-09
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-01-06
Impact: Remote code execution
Risk Level: High
Vulnerability Type: Remote
Public Disclosure: 6 June 2012
Vulnerability Type: SQL injection
CVE Reference: CVE-2012-2762
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Risk Level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
Public Disclosure: October 17, 2012
Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352]
CVE References: CVE-2012-4771, CVE-2012-4772, CVE-2012-4773
CVSSv2 Base Scores: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P), 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N), 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Risk Level: High
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
Public Disclosure: December 5, 2012
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2012-5849
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Risk Level: High
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
AppSecInc Team SHATTER Security Advisory
SQL Injection in Oracle Enterprise Manager (searchPage web page).
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 (and
previous patchsets)
SQL Injection in Oracle Enterprise Manager (streams queue)
February 20, 2013
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, 11.2.0.3
Seth Fogie
Airscanner Mobile Security
http://www.airscanner.com
March 20, 2007
Risk Level:
High - Server compromise
Program Summary:
From the site: http://www.ezphotosales.com
EZPhotoSales is the perfect solution for the photographer who already
Vendor Patch: 4 May 2012
Public Disclosure: 23 May 2012
Vulnerability Type: Cross-Site Scripting (XSS)
CVE Reference: CVE-2012-2452
Solution Status: Fixed by Vendor
Risk Level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
By exploiting this vulnerability, a remote unauthenticated attacker might be able to access or modify all the business
information processed by the ERP system.
This would result in the total compromise of the SAP infrastructure.
Risk Level: Critical
2. Advisory Information
=======================
-- Public Release Date: 2013-02-21
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei addmimistrator
Risk Level: Low
——Description—–
VISIT ORIGINAL ADVISORY FOR MORE DETAILS
http://myimei.com/security/2007-09-01/olate-download-342uploads-folder-directory-traversal.html
VISIT ORIGINAL ADVISORY FOR MORE DETAILS
--
IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid
August 31st 2007
Risk Level:
High
Affected versions:
DB2 9.1 Fixpack 2 Enterprise server edition
> Tested Version: 3.7.0.2
> Vendor Notification: 21 December 2011
> Vendor Patch: 23 December 2011
> Vulnerability Type: XSS
> Status: Fixed by Vendor
> Risk Level: Medium
> Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
>
>
> Advisory Details:
>
Public Disclosure: 20 June 2012
Vulnerability Type: Сross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS)
CVE References: CVE-2012-3231, CVE-2012-3232
CVSSv2 Base Scores: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N), 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Solution Status: Fixed by Vendor
Risk Level: Medium
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
Public Disclosure: January 9, 2013
Vulnerability Type: Buffer Errors [CWE-119]
CVE Reference: CVE-2012-6429
CVSSv2 Base Score: 9.3 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Solution Status: Fixed by Vendor
Risk Level: Critical
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
Vendor Notification: March 27, 2013
Vendor Patch: March 31, 2013
Public Disclosure: April 17, 2013
Vulnerability Type: Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352]
CVE References: CVE-2013-2712, CVE-2013-2713
Risk Level: Medium
CVSSv2 Base Scores: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N), 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
AppSecInc Team SHATTER Security Advisory
SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page).
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 (and
previous patchsets)
Seth Fogie
Airscanner Mobile Security
http://www.airscanner.com
December 20, 2007
Risk Level:
Medium - Spoofed image injection, redirection of uploaded content,
remote DoS of Eye-Fi service.
Summary:
The Eye-Fi is an instant solution to add wireless upload capability to
Seth Fogie
White Wolf Security
http://www.whitewolfsecurity.com
August 21, 2008
Risk Level:
Medium - Full TCP/IP access via RNDIS protocol over USB from
Windows Mobile device.
Summary:
Seth Fogie
Airscanner Mobile Security
http://www.airscanner.com
May 30, 2007
* Risk Level:*
High - Camera compromise leading to network compromise
*Program Summary:
*From the site: http://www.axis.com/products/cam_207/index.htm
The AXIS 207 offers the best image quality in its class, providing
AppSecInc Team SHATTER Security Advisory
Java Operating System command execution.
Risk Level:
High
Affected versions:
Sybase ASE 15.0, 15.5 and 15.7
Product: Confluence Wiki
Vendor: Atlassian (www.atlassian.com)
Vulnerability Type: Cross Site Scripting (XSS)
Risk Level: High (classified by vendor)
Discovered by: INTREST SEC - NID
Public Diclosure: 2012/09/12
Vendor Notification: 2012/02/07
Tested Versions: 3.5.9, 4.0.3, 4.1.4
CVSS Score: 7.5
Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter)
August 4, 2008
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 10gR1, 10gR2 and 11g (11.1.0.6)
Title: ICQ 6 remote buffer overflow vulnerability
Advisory ID: INFIGO-2008-04-08
Date: 2008-04-14
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-04-08
Impact: Remote code execution
Risk Level: High
Vulnerability Type: Remote
==[ Overview
AppSecInc Team SHATTER Security Advisory
OCIPasswordChange API leaks information of password hash.
Risk Level:
High
Affected versions:
Oracle Database Server version 10gR1, 10gR2 (10.2.0.4 and previous
patchsets) and 11gR1 (11.1.0.7 and previous patchsets)
=====================
By exploiting this vulnerability, an unauthenticated attacker would be able to remotely shutdown the JD Edwards server.
This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
- -- Risk Level: High
2. Advisory Information
=======================
Oracle Enterprise Manager vulnerable to Cross-site scripting (metricDetail$type page)
July 26, 2011
Risk Level:
Medium
Affected versions:
Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5
Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, 11.2.0.2
Oracle Database Buffer overflow vulnerability in procedure
DBMS_AQADM_SYS.DBLINK_INFO
October 29, 2007
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous
patchsets) and 10gR1
=====================
By exploiting this vulnerability, an internal or external attacker would be able to obtain sensitive technical information from a vulnerable SAP
Enterprise Portal system, which can be highly useful in the next phases of his attacks.
- - Risk Level: Low
2. Advisory Information
=======================
Next Page>>
|
