Next Page >>
Vendor Contact
Embedded web server HP-ChaiSOE/1.0 on:
HP JetDirect 2420
HP JetDirect 4250
Vendor Contact
--------------
HP
http://www.hp.com
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
Tested Systems / Software (with versions)
------------------------------------------
Windows XP SP3, ActiveMQ 5.2.0 Release Windows Binary
Vendor Contact
--------------
Vendor Name: The Apache Software Foundation
Vendor Website: http://activemq.apache.org/
_______
Timeline |
=======
Bug Found: 16/09/2008
Vendor Contact: 20/09/2008
Vendor Response: 23/09/2008
Public Disclosure: 13/10/2008
ChX Security
Tested Systems / Software (with versions)
------------------------------------------
Windows 2003 with Citrix BCS 6.0 for Citrix Access Gateway. Other versions of the Citrix BCS may be vulnerable. According to Citrix Document ID CTX119315, the Avaya AG250 Broadcast Server 2.0 is also vulnerable to this flaw.
Vendor Contact
--------------
Citrix Systems, Inc.
www.citrix.com
secure@citrix.com
Tested Systems / Software (with versions)
------------------------------------------
BadBlue Personal Edition version 2.72 has been tested on Windows XP and Windows Server 2003. Other versions and systems are assumed to be vulnerable.
Vendor Contact
--------------
Vendor Name: BadBlue
Vendor Website: www.badblue.com
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
Tested Systems / Software (with versions)
------------------------------------------
Windows XP, SMART Board Whiteboard
Vendor Contact
--------------
Vendor Name: SMART Technologies ULC
Vendor Website: http://www2.smarttech.com/
Tested Systems / Software (with versions)
------------------------------------------
Red Hat Linux, NetMRI
Vendor Contact
--------------
Name: Netcordia
Website: http://www.netcordia.com/products/netmri-event-analysis.asp
Contact Information: http://www.netcordia.com/contact/index.asp
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
Published: Jan 1, 2010 12:01AM
Timeline: Submission to Mitre: January 29, 2010
Vendor Contact: February 18, 2010
Vendor Response: February 19, 2010
Patch Available: March 10, 2010
Tested Systems / Software (with versions)
------------------------------------------
LogRover version 2.3 for Windows XP
Vendor Contact
--------------
Name: LogRover
Website: http://www.logrover.com/
Developers.
You can download this version here: http://g30rg3x.com/wp-files/dpm_11gx.zip
5. Timeline
Bug Found: 11/01/2008
Vendor Contact: 12/01/2008
Vendor Response: --/--/--
Public Disclosure: 21/01/2008
Copy: http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10/ (Spanish Only)
_________________________
III. Timeline
08/05/2007 - Bugs discovered
10/05/2007 - Vendor Contact (No Response)
12/12/2007 - Vendor Contacted Again (No Response)
28/12/2007 - Advisory Disclosure
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows
Vendor Contact
--------------
Vendor Name: Apple Inc.
Vendor Website: www.apple.com
============================
2) Report Timeline
============================
2010-01-25 Vendor Contact
2010-01-26 Vendor repsonse
2010-03-26 Coordinate release of this advisory
#####################################################################################
CVE: CVE-2010-0475
Remote: Yes
Local: Yes
Published: May 11, 2010 08:30AM
Timeline:Submission to MITRE: 1/18/2010
Vendor Contact: 2/18/2010
Vendor Response: 2/18/2010
Patch Available: 5/2010 Patched in maintenance releases (3.1.1 & 3.0.9)
Credit: Jeromie Jackson CISSP, CISM
COBIT & ITIL Certified
President- San Diego Open Web Application Security Project (OWASP)
Tested Systems / Software (with versions)
------------------------------------------
Ubuntu Linux 9.10: Mozilla Firefox 3.5.9
Windows XP Professional Service Pack 3: Windows Internet Explorer 7.0.5730.13, Mozilla Firefox 3.6.3
Vendor Contact
--------------
Vendor Name: Adaptive Micro Systems Inc.
Vendor Website: http://www.adaptivedisplays.com/Default.asp
Tested Systems / Software (with versions)
------------------------------------------
Windows Server 2003, IIS vBook v 4.2.17
Vendor Contact
--------------
Vendor Name: Retrieve Technologies, Inc.
Vendor Website: http://www.retrieve.com/index.html
Tested Systems / Software
-------------------------
F2L-3000 version 4.0.0 is the only platform that has been manually tested. Earlier versions and other, similar models may also be vulnerable as the platform is sold in various configurations.
Vendor Contact
--------------
Vendor Website: http://www.files2links.com/
------------------------------------------
Precidia Ether3201-232 w/ firmware 3.00.250
Precidia Ether232 Duo w/ firmware 5.00.02
Other versions are believed to be vulnerable.
Vendor Contact
--------------
Vendor Name: Precidia Technologies
Vendor Website: http://www.precidia.com
Contact Information: solutions@precidia.com, support@precidia.com
============================
2) Report Timeline
============================
2009-12-21 Vendor Contact
2009-12-22 Vendor Recontact
2009-12-29 Vendor Recontact
2010-01-05 Disclosure of this advisory
#####################################################################################
------------------------------------------
Orb version 2.01.0017 on Windows XP Pro SP2
Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on Windows XP Pro SP2
Orb version 2.01.0020 on Windows XP Pro SP2
Vendor Contact
--------------
Orb Networks
http://www.orb.com
Tested Systems / Software (with versions)
------------------------------------------
Unknown version on Windows 2003
Vendor Contact
--------------
Name: IPcelerate
Website: http://www.ipcelerate.com/ipsession.html
Tested Systems / Software (with versions)
-----------------------------------------
Sentinel Protection Server 7.1
Other versions may be vulnerable to this flaw.
Vendor Contact
--------------
SafeNet
http://www.safenet-inc.com/
NetSupport acknowledges in Technical Document ID TD545 that the following versions of the NetSupport Manager are vulnerable to this flaw:
NSM 10.00, NSS 9.00, NSM 10.20
Vendor Contact
--------------
NetSupport
http://www.netsupportmanager.com/
NetSupport acknowledges in Technical Document ID TD543 that the following versions of the NetSupport Manager are vulnerable to this flaw:
NSM 5.00, NSM 5.01, NSM 5.02, NSM 5.02f1, NSM 5.03, NSM 5.05, NSM 5.30, NSM 5.31, NSM 6.00, NSM 6.10, NSM 6.11, NSM 7.01, NSM 7.10, NSM 8.00, NSM 8.10, NSM 9.00, NSM 8.50, NSM 8.60, NSM 9.10, NSM 9.50, NSM 9.60, NSM 10.00, NSM 10.20
Vendor Contact
--------------
NetSupport
http://www.netsupportmanager.com/
============================
2) Report Timeline
============================
2010-05-27 Vendor Contact
2010-05-28 Vendor Response
2010-07-15 Patch Release (Groupwise 8.0.2)
#####################################################################################
Next Page>>
|
