www.sec/consult.com
vulnerable version: LetoDMS (formerly MyDMS) <= 1.7.2
fixed version: n.a.
impact: critical
homepage: http://sourceforge.net/projects/mydms/
found: 2009-10-09
by: D. Fabian / SEC Consult / www.sec-consult.com
L. Weichselbaum / SEC Consult / www.sec-consult.com
========================================================================
Vendor description:
-------------------
vulnerable version: 21.120.39.000 and possibly others
fixed version: http://www.xerox.com/information-security/enus.html
impact: critical
homepage: http://www.xerox.com/
found: 2009-10-05
by: D. Fabian / SEC Consult / www.sec-consult.com
=======================================================================
Vendor description:
-------------------
WorkCentre 5665 / 5675 / 5687
vulnerable version: Sawmill Enterprise < v8.1.7.3
fixed version: v8.1.7.3
impact: critical
homepage: http://www.sawmill.net
found: 2010-07-20
by: J. Greil / SEC Consult / www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"Sawmill is universal log analysis software that runs on every major
Disclosure Vulnerability
program: Nortel Application Gateway 2000
vulnerable version: 6.3.1 and prior
homepage: http://www.nortel.com/ag2000
found: 2008-11-14
by: David Matscheko / SEC Consult / www.sec-consult.com
link:
https://www.sec-consult.com/files/20090415-1_nortel_AG_password_disclosure.txt
==========================================================================
Vendor description:
impact: critical
homepage: https://jsftemplating.dev.java.net
http://kenai.com/projects/scales
https://glassfish.dev.java.net
found: 2009-07-01
by: J. Greil / SEC Consult / www.sec-consult.com
=======================================================================
Vendor description:
-------------------
Templating for JavaServer™ Faces Technology plugs into JavaServer™ Faces to
fixed version: Staging 5.4.0 rev.091111
impact: critical
homepage:
http://www.sitecore.net/en/Products/Sitecore-CMS.aspx
found: 2009-09-07
by: L. Weichselbaum / SEC Consult / www.sec-consult.com
==========================================================================
Vendor description:
-------------------
Sitecore CMS makes it effortless to create content and experience rich
product: LevelOne AMG-2000 Wireless AP Management Gateway
vulnerable version: Firmware <=2.00.00build00600
impact: critical
homepage: http://www.level1.com
found: 2008-12-16
by: J. Greil / SEC Consult / www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"LevelOne was established in 1991 in Dortmund, Germany by Digital Data
program: Instant Expert Analysis
vendor: Husdawg, LLC
impact: Critical
homepage: http://www.systemrequirementslab.com
found: 2008-04-19
by: David Matscheko / SEC Consult / www.sec-consult.com
========================================================================
Vendor description:
-------------------
vulnerable version: <= I-Load 2008.2.4.0
fixed version: I-Load 2008.2.5.0
impact: critical
homepage: http://i-load.radactive.com/
found: 2009-07-20
by: S. Streichsbier / SEC Consult / www.sec-consult.com
=======================================================================
Vendor description:
-------------------
I-Load is an ASP.NET component explicitly created to manage image uploading
program: Nortel Contact Center Manager Server
vulnerable version: 6.0
homepage: http://www.nortel.com/ccms
found: 2008-11-14
by: Bernhard Mueller / SEC Consult Vulnerability Lab
permanent link: https://www.sec-consult.com/advisories_e.html#a58
==========================================================================
Vendor description:
-------------------
be used to indirectly influence function pointers and gain control of
the exploited process. A more detailed analysis, as well as the testing
approach used to identifiy the vulnerabilities, can be found in the
whitepaper "From 0 to 0day in Symbian" available at:
https://www.sec-consult.com/files/Pwning_Nokia_V1.03_PUB.pdf
Proof of concept:
-----------------
homepage: http://www.fujitsu-siemens.com/
found: 05/2008
by: Person at SEC Consult who does not want to be
named
permanent link:
http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt
===================================================================================
Vendor description:
---------------
vulnerable version: Echo2 < 2.1.1
homepage: http://echo.nextapp.com/site/echo2
found: Feb. 2008
by: Anonymous / SEC Consult Vulnerability Lab
permanent link:
http://www.sec-consult.com/files/20090305-0_echo_nextapp_xml_injection.txt
========================================================================
Vendor description:
-------------------
In the light of recent discussions about firewire / DMA hacks, we would like to throw in some of the results of our past research on this topic (done mainly by Peter Panholzer) in the form of a short whitepaper. In this paper, we demonstrate that the firewire unlock attack (as implemented in Adam Boileau´s winlockpwn) can be used against Windows Vista.
The paper is available at:
http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf
Best regards,
Bernhard
Hello,
I'll just leave this here ;)
https://www.sec-consult.com/files/SEC_Consult_Vulnerability_Lab_Pwning_Symbian_V1.03_PUBLIC.pdf
Abstract:
1. Perform static analysis of XIP ROM images (dumping, restoring import
and export tables, searching for unsafe function calls)
program: Nortel Contact Center Manager Server
vulnerable version: 6.0
homepage: http://www.nortel.com/ccms
found: 2008-11-14
by: David Matscheko / SEC Consult Vulnerability Lab
permanent link: https://www.sec-consult.com/advisories_e.html#a57
==========================================================================
Vendor description:
-------------------
program: SonicWALL Global Security Client
vulnerable version: 1.0.0.15 and possibly other versions
homepage: http://www.sonicwall.com
found: October 2006
by: lofi42
permanent link: https://www.sec-consult.com/advisories_e.html#a56
==========================================================================
Vendor description:
-------------------
vulnerable version: PRO 4100 SonicOS 4.0.0.2-51e Standard and Enhanced
possibly other versions
homepage: http://www.sonicwall.com
found: October 2006
by: lofi42
permanent link: https://www.sec-consult.com/advisories_e.html#a54
==========================================================================
Product description:
--------------------
vulnerable version: 1.0.3
homepage: http://www.novell.com/products/teaming/
found: February 2009
by: Michael Kirchner, SEC Consult Vulnerability Lab
link:
https://www.sec-consult.com/files/20090415-0-novell-teaming.txt
==========================================================================
Vendor description:
-------------------
implemented in Adam Boileau´s winlockpwn) can be used against Windows
Vista.
The paper is available at:
http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf
Best regards,
Bernhard
delegation RRs if it receives a delegation which is "closer" to the
answer than the nameservers it already knows. By spoofing replies that
contain a delegation for a single node, the nameserver will eventually
cache the delegation when we hit the right transfer id.
http://www.sec-consult.com/whitepapers_e.html
Regards,
Bernhard
vulnerable version: <= 5.20.3 Service Update 2
homepage: http://www-03.ibm.com/systems/management/director/
found: Sept. 2008
by: Bernhard Mueller / SEC Consult Vulnerability Lab
permanent link:
http://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt
=========================================================================================
Product description:
---------------
homepage: www.microsoft.com
found: 04-12-2008
by: Bernhard Mueller (SEC Consult Vulnerability
Lab)
perm. link:
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
=====================================================================================
Product description:
--------------------
Moreno Zilli of Swisscom has reported that MS SQL Server 2005 is
vulnerable to the same attack. This has been confirmed in a lab test
conducted by SEC Consult.
Our public security advisory has been updated accordingly:
http://www.sec-consult.com/files/20081209_mssql-sp_replwritetovarbin_memwrite.txt
Workaround:
-----------
vulnerable version: <= 5.20.3 Service Update 2
homepage: http://www-03.ibm.com/systems/management/director/
found: Sept. 2008
by: Bernhard Mueller / SEC Consult Vulnerability Lab
permanent link:
http://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt
=========================================================================================
Product description:
---------------
vulnerable version: Global VPN Client <= 4.0.0.835
possibly other versions
homepage: http://www.sonicwall.com
found: October 2006
by: lofi42
permanent link: https://www.sec-consult.com/advisories_e.html#a55
==========================================================================
Vendor description:
-------------------
talk :)
The presentations and whitepapers, along with our past presentations
from Blackhat and Deepsec, can be found at:
http://www.sec-consult.com/publikationen_e.html
Here are some links to what is already online:
|
