Next Page >>
vendor
Title: CitectSCADA ODBC service vulnerability
Advisory ID: CORE-2008-0125
Advisory URL: http://www.coresecurity.com/?action=item&id=2186
Date published: 2008-06-11
Date of last update: 2008-06-10
Vendors contacted: Citect
Release mode: Coordinated release
*Vulnerability Information*
Title: Wonderware SuiteLink Denial of Service vulnerability
Advisory ID: CORE-2008-0129
Advisory URL: http://www.coresecurity.com/?action=item&id=2187
Date published: 2008-05-05
Date of last update: 2008-05-05
Vendors contacted: Wonderware
Release mode: Coordinated release
*Vulnerability Information*
Advisory ID: CORE-2008-0103
Advisory URL:
http://www.coresecurity.com/content/internet-explorer-zone-elevation
Date published: 2008-08-13
Date of last update: 2008-08-13
Vendors contacted: Microsoft
Release mode: Coordinated release
*Vulnerability Information*
Advisory ID: CORE-2011-0106
Advisory URL:
http://www.coresecurity.com/content/publisher-pubconv-memory-corruption
Date published: 2011-10-12
Date of last update: 2011-10-11
Vendors contacted: Microsoft
Release mode: User release
2. *Vulnerability Information*
Title: Multiple vulnerabilities in iCal
Advisory ID: CORE-2008-0126
Advisory URL: http://www.coresecurity.com/?action=item&id=2219
Date published: 2008-05-21
Date of last update: 2008-05-21
Vendors contacted: Apple Inc.
Release mode: Coordinated release
*Vulnerability Information*
Title: Multiple vulnerabilities in iCal
Advisory ID: CORE-2008-0126
Advisory URL: http://www.coresecurity.com/?action=item&id=2219
Date published: 2008-05-21
Date of last update: 2008-05-21
Vendors contacted: Apple Inc.
Release mode: Coordinated release
*Vulnerability Information*
A frequent example for unknown content-types is "image/bmp", which is created by
PHP's (< 5.3.0) getimagesize API function[4].
This is - the obvious XSS issue aside - used for phishing attachs[3].
As file -- especially image -- uploads are a standard feature in forum scripts,
we took the opportunity to survey popular forum script, whose vendors
claim to be
security conscious, regarding their handling of file uploads with regard to
handling mime sniffing.
We surveyed MyBB (1.4.5), SMF (1.1.18 / 2.0RC1), phpBB (2.0.23/3.0.4),
FluxBB (1.3),
Title: IBM WebSphere Application Server Cross-Site Request Forgery
Advisory ID: CORE-2010-1021
Advisory URL: http://www.coresecurity.com/content/IBM-WebSphere-CSRF
Date published: 2011-06-15
Date of last update: 2011-06-15
Vendors contacted: IBM
Release mode: User release
2. *Vulnerability Information*
Title: Microsoft Word Malformed FIB Arbitrary Free Vulnerability
Advisory ID: CORE-2008-0228
Advisory URL: http://www.coresecurity.com/content/word-arbitrary-free
Date published: 2008-12-10
Date of last update: 2008-12-10
Vendors contacted: Microsoft
Release mode: Coordinated release
2. *Vulnerability Information*
Title: HP OpenView Buffer Overflows
Advisory ID: CORE-2009-0122
Advisory URL: http://www.coresecurity.com/content/openview-buffer-overflows
Date published: 2009-03-23
Date of last update: 2009-03-23
Vendors contacted: Hewlett-Packard
Release mode: Coordinated release
2. *Vulnerability Information*
Advisory Id: CORE-2010-0407
Advisory URL:
[http://www.coresecurity.com/content/CORE-2010-0407-Excel-PivotTable-CDR-overflow]
Date published: 2010-08-10
Date of last update: 2010-08-09
Vendors contacted: Microsoft
Release mode: Coordinated release
2. *Vulnerability Information*
by: K. Gudinavicius
SEC Consult Vulnerability Lab
https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"OpenOffice.org 3 is the leading open-source office software suite for
word processing, spreadsheets, presentations, graphics, databases and
more. It is available in many languages and works on all common
computers."
Advisory Id: CORE-2009-0803
Advisory URL:
http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug
Date published: 2010-03-16
Date of last update: 2010-03-16
Vendors contacted: Microsoft
Release mode: User release
2. *Vulnerability Information*
Title: Multiple vulnerabilities in Google's Android SDK
Advisory ID: CORE-2008-0124
Advisory URL: http://www.coresecurity.com/?action=item&id=2148
Date published: 2008-03-04
Date of last update: 2008-03-04
Vendors contacted: Google
Release mode: Coordinated release
*Vulnerability Information*
Install the latest version of Adobe Flash Player.
======================================================================
5) Time Table
18/10/2007 - Vendor notified.
18/10/2007 - Vendor response.
01/11/2007 - Microsoft states that the vulnerability is fixed by the
patches released in MS06-069.
02/11/2007 - Vendor informed that MS06-069 does not fix the
vulnerability, which was tested against a fully patched
Title: Path Traversal vulnerability in VMware's shared folders implementation
Advisory ID: CORE-2007-0930
Advisory URL: http://www.coresecurity.com/?action=item&id=2129
Date published: 2008-02-25
Date of last update: 2008-02-25
Vendors contacted: VMware Inc.
Release mode: User release
*Vulnerability Information*
Class: Input Validation Error
nSense Vulnerability Research Security Advisory NSENSE-2010-003
---------------------------------------------------------------
Affected Vendor: Cisco Systems, Inc
Affected Product: Cisco Unified Communications Manager
Platform: All
Impact: Privilege Escalation
Vendor response: Patch. IntelliShield ID 21656
CVE: CVE-2010-3039
Credit: Knud / nSense
Advisory ID: CORE-2010-0908
Advisory URL:
http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow
Date published: 2011-05-24
Date of last update: 2011-05-24
Vendors contacted: IBM
Release mode: Coordinated release
2. *Vulnerability Information*
found: 2011-04-20
by: Elisabeth Demeter / SEC Consult Vulnerability Lab
https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"Forefront Unified Access Gateway 2010 (UAG) delivers comprehensive,
secure remote access to corporate resources for employees, partners,
and vendors on both managed and unmanaged PCs and mobile devices.
Utilizing a combination of connectivity options, ranging from SSL VPN
5. Workaround
Avoid opening untrusted XBM files, or use an alternative application to process XBM files.
6. Vendor Response
The vendor has not released a bulletin addressing this vulnerability.
7. Disclosure Timeline
Title: Internet Explorer Security Zone restrictions bypass
Advisory ID: CORE-2008-0826
Advisory URL: http://www.coresecurity.com/content/ie-security-zone-bypass
Date published: 2009-06-09
Date of last update: 2009-06-09
Vendors contacted: Microsoft
Release mode: Coordinated release
2. *Vulnerability Information*
Title: Multiple XSS in Sun Communications Express
Advisory ID: CORE-2009-0109
Advisory URL: http://www.coresecurity.com/content/sun-communications-express
Date published: 2009-05-20
Date of last update: 2009-05-20
Vendors contacted: Sun Microsystems
Release mode: Coordinated release
2. *Vulnerability Information*
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
Early this morning, the security group Virtual Luminous published a
vulnerability in 'Ebuddy Web Messenger' and we would like to inform
you that this vulnerability had been discovered and reported to the
vendor on June 5th, 2011 by DcLabs Security Research Group.
In the report below you are going to find videos and references to the
date when the POC was sent to the vendor and the follow up regarding
the timeline for the release.
- Ocultar texto das mensagens anteriores -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
DESCRIPTION
InstallShield Update Agent connects to and communicates with centralized
Acresso (formerly Macrovision) FLEXnet Connect servers for updates and other
product information on a periodic basis. From the vendor's site:
FLEXnet Connect lets you electronically deliver applications, patches,
updates, and messages directly to your users' systems.
When connecting with this service, the client agent reports its product GUID,
Title: Multiple vulnerabilities in Sun Calendar Express Web Server
Advisory ID: CORE-2009-0108
Advisory URL: http://www.coresecurity.com/content/sun-calendar-express
Date published: 2009-03-31
Date of last update: 2009-03-31
Vendors contacted: Sun Microsystems
Release mode: Coordinated release
2. *Vulnerability Information*
Advisory URL:
[http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos]
Date published: 2010-12-13
Date of last update: 2010-12-13
Vendors contacted: Symantec
Release mode: User release
2. *Vulnerability Information*
Name Multiple Vulnerabilities in Vtiger CRM
Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 6/10, vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Vendor http://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Next Page>>
|
