Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Identifier: PT-2014-57

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-56

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (8.0)
(AV:N/AC:L/Au:S/С:C/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-55

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-54

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-53

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Gleb Gritsai and Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-52

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

:

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Gleb Gritsai, Alexander Tlyapov, and Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-51

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-50

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-49

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-48

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov and Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-47

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-46

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-45

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-44

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-43

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov and Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-42

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov and Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-41

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov and Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-40

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-39

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-38

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-37

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-36

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

:

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-35

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-34

Product:
Honeywell International Inc.
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-33

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-32

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Kirill Nesterov and Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-31

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-30

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov and Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-29

Vendor: Honeywell International Inc.

Product:
Honeywell Experion PKS R311

Exploitation vector: Remote

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-03-2014

Fix issued: 02-06-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


PT-2014-28 - Cisco

Vulnerability status: Unpatched

Timeline:
25.09.2014 - Vendor gets vulnerability details

Severity: Medium (4.6)
(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitation vector: Local


Days since vendor notification:


30
60
62

Discovered by: Andrey Medov, Positive Research Center (Positive Technologies Company)


PT-2014-27 - Cisco

Vulnerability status: Unpatched

Timeline:
25.09.2014 - Vendor gets vulnerability details

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitation vector: Remote


Days since vendor notification:


30
60
62

Discovered by: Andrey Medov, Positive Research Center (Positive Technologies Company)


PT-2014-26 - Cisco

Vulnerability status: Unpatched

Timeline:
25.09.2014 - Vendor gets vulnerability details

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitation vector: Remote


Days since vendor notification:


30
60
62

Discovered by: Andrey Medov, Positive Research Center (Positive Technologies Company)


PT-2014-25 - HP

Vulnerability status: Unpatched

Timeline:
22.09.2014 - Vendor gets vulnerability details

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitation vector: Remote


Days since vendor notification:


30
60
65

Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


PT-2014-24 - LG Electronics

Vulnerability status: Unpatched

Timeline:
18.09.2014 - Vendor is notified

Severity: Medium (5.9)
(AV:L/AC:M/Au:N/C:C/I:P/A:P)

Exploitation vector: Local


Days since vendor notification:


30
60
69

Discovered by: Olga Kochetova and Alexey Osipov, Positive Research Center (Positive Technologies Company)


PT-2014-23 - Nidec Sankyo Corporation

Vulnerability status: Unpatched

Timeline:
18.09.2014 - Vendor is notified

Severity: Medium (5.4)
(AV:L/AC:M/Au:N/C:C/I:P/A:N)

Exploitation vector: Local


Days since vendor notification:


30
60
69

Discovered by: Olga Kochetova and Alexey Osipov, Positive Research Center (Positive Technologies Company)


PT-2014-22 - Cisco

Vulnerability status: Unpatched

Timeline:
28.08.2014 - Vendor gets vulnerability details

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitation vector: Remote


Days since vendor notification:


30
60
90

Discovered by: Valentin Shilnenkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-21

Vendor: Invensys Systems

Product:
Wonderware Information Server 4.x
Wonderware Information Server 5.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2014-5399

Vulnerability status: Patched

Notification date: 01-04-2014

Fix issued: 26-08-2014



Discovered by: Sergey Gordeychik, Alexey Osipov, and Timur Yunusov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-20

Vendor: Invensys Systems

Product:
Wonderware Information Server 4.x
Wonderware Information Server 5.x

Exploitation vector: Remote

Severity: Medium (4.9)
(AV:N/AC:M/Au:S/C:P/I:N/A:P)

CVE ID: CVE-2014-5398

Vulnerability status: Patched

Notification date: 01-04-2014

Fix issued: 26-08-2014



Discovered by: Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-19

Vendor: Invensys Systems

Product:
Wonderware Information Server 4.x
Wonderware Information Server 5.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2014-5397

Vulnerability status: Patched

Notification date: 01-04-2014

Fix issued: 26-08-2014



Discovered by: Dmitry Serebryannikov, Timur Yunusov, and Sergey Gordeychik, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-18

Vendor: Invensys Systems

Product:
Wonderware Information Server 4.x
Wonderware Information Server 5.x

Exploitation vector: Local

Severity: Low (2.1)
(AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2014-2381

Vulnerability status: Patched

Notification date: 01-04-2014

Fix issued: 26-08-2014



Discovered by: Sergey Gordeychik and Alexey Osipov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-17

Vendor: Invensys Systems

Product:
Wonderware Information Server 4.x
Wonderware Information Server 5.x

Exploitation vector: Remote

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVE ID: CVE-2014-2380

Vulnerability status: Patched

Notification date: 01-04-2014

Fix issued: 26-08-2014



Discovered by: Sergey Gordeychik, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-16

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2014-4686

Vulnerability status: Patched

Notification date: 16-04-2014

Fix issued: 23-07-2014



Discovered by: Alexander Tlyapov and Sergey Gordeychik, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-15

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Local

Severity: Medium (4.6)
(AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2014-4685

Vulnerability status: Patched

Notification date: 19-03-2014

Fix issued: 23-07-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-14

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (6.0)
(AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVE ID: CVE-2014-4684

Vulnerability status: Patched

Notification date: 08-01-2014

Fix issued: 23-07-2014



Discovered by: Dmitry Nagibin and Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-13

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (4.9)
(AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVE ID: CVE-2014-4683

Vulnerability status: Patched

Notification date: 23-12-2012

Fix issued: 23-07-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-12

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2014-4682

Vulnerability status: Patched

Notification date: 23-12-2012

Fix issued: 23-07-2014



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-11

Vendor: nginx

Product:
nginx 1.7.x

Exploitation vector: Local

Severity: Low (1.9)
(AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 18-07-2014

Fix issued: 05-08-2014



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


PT-2014-10 - Bitrix

Vulnerability status: Unpatched

Timeline:
14.07.2014 - Vendor gets vulnerability details

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
135

Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-09

Vendor: SAP

Product:
SAP NetWeaver 7.x

Exploitation vector: Remote

Severity: Low (3.5)
(AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 21-03-2014

Fix issued: 13-05-2014



Discovered by: Dmitry Gutsko, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-08

Vendor: Solare Datensysteme GmbH

Product:
Solar-Log 200
Solar-Log 300
Solar-Log 500
Solar-Log 800e
Solar-Log 1000
Solar-Log 1200
Solar-Log 2000

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 11-04-2014

Fix issued: 14-04-2014



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-07

Vendor: Solare Datensysteme GmbH

Product:
Solar-Log 200
Solar-Log 500
Solar-Log 800e
Solar-Log 1000

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 11-04-2014

Fix issued: 14-04-2014



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-06

Vendor: Solare Datensysteme GmbH

Product:
Solar-Log 200
Solar-Log 300
Solar-Log 500
Solar-Log 800e
Solar-Log 1000
Solar-Log 1200
Solar-Log 2000

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 11-04-2014

Fix issued: 14-04-2014



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-05

Vendor: Nixu Software

Product:
NameSurfer

Exploitation vector: Remote

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 16-01-2014

Fix issued: 14-03-2014



Discovered by: Alexey Osipov, Alexander Tlyapov, Valentin Shilnenkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-04

Vendor: Nixu Software

Product:
NameSurfer

Exploitation vector: Remote

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 16-01-2014

Fix issued: 14-03-2014



Discovered by: Alexey Osipov, Alexander Tlyapov, Valentin Shilnenkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-03

Vendor: Nixu Software

Product:
NameSurfer

Exploitation vector: Remote

Severity: Low (3.5)
(AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 16-01-2014

Fix issued: 14-03-2014



Discovered by: Alexey Osipov, Alexander Tlyapov, Valentin Shilnenkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-02

Vendor: Nixu Software

Product:
NameSurfer

Exploitation vector: Remote

Severity: Medium (4.9)
(AV:N/AC:M/Au:S/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 16-01-2014

Fix issued: 14-03-2014



Discovered by: Alexey Osipov, Alexander Tlyapov, Valentin Shilnenkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2014-01

Vendor: Nixu Software

Product:
NameSurfer

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 16-01-2014

Fix issued: 14-03-2014



Discovered by: Alexey Osipov, Alexander Tlyapov, Valentin Shilnenkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-91

Vendor: Emerson Electric Co

Product:
DeltaV 10.x
DeltaV 11.x
DeltaV 12.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2014-2350

Vulnerability status: Patched

Notification date: 03-10-2013

Fix issued: 22-05-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-90

Vendor: Emerson Electric Co

Product:
DeltaV 10.x
DeltaV 11.x
DeltaV 12.x

Exploitation vector: Local

Severity: Medium (4.6)
(AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2014-2349

Vulnerability status: Patched

Notification date: 03-10-2013

Fix issued: 22-05-2014



Discovered by: Dmitry Nagibin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-89

Vendor: WellinTech

Product:
KingSCADA 3.x

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 14-03-2013

Fix issued: 27-03-2014



Discovered by: Timur Yunusov, Alexey Osipov and Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-88

Vendor: Siemens

Product:
Siemens SIMATIC S7-1200 3.x

Exploitation vector: Remote

Severity: Medium (6.1)
(AV:A/AC:L/Au:N/C:N/I:N/A:C)

CVE ID: CVE-2014-2252

Vulnerability status: Patched

Notification date: 15-04-2013

Fix issued: 20-03-2014



Discovered by: Dmitry Serebryannikov, Ilya Karpov, Alexey Osipov, Yury Goltsev, and Alexander Timorin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-87

Vendor: Siemens

Product:
Siemens SIMATIC S7-1200 3.x

Exploitation vector: Remote

Severity: High (8.3)
(AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE ID: CVE: CVE-2014-2250

Vulnerability status: Patched

Notification date: 05-08-2013

Fix issued: 20-03-2014



Discovered by: Alexey Osipov and Alexander Timorin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-86

Vendor: Siemens

Product:
Siemens SIMATIC S7-1500 1.x

Exploitation vector: Remote

Severity: Medium (6.1)
(AV:A/AC:L/Au:N/C:N/I:N/A:C)

CVE ID: CVE-2014-2253

Vulnerability status: Patched

Notification date: 15-04-2013

Fix issued: 12-03-2014



Discovered by: Dmitry Serebryannikov, Ilya Karpov, Alexey Osipov, Yury Goltsev, and Alexander Timorin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-85

Vendor: Siemens

Product:
Siemens SIMATIC S7-1500 1.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2014-2248

Vulnerability status: Patched

Notification date: 05-08-2013

Fix issued: 12-03-2014



Discovered by: Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-84

Vendor: Siemens

Product:
Siemens SIMATIC S7-1500 1.x

Exploitation vector: Remote

Severity: High (8.3)
(AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE ID: CVE-2014-2251

Vulnerability status: Patched

Notification date: 05-08-2013

Fix issued: 12-03-2014



Discovered by: Alexey Osipov and Alexander Timorin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-83

Vendor: Siemens

Product:
Siemens SIMATIC S7-1500 1.x

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVE ID: CVE-2014-2247

Vulnerability status: Patched

Notification date: 05-08-2013

Fix issued: 12-03-2014



Discovered by: Yury Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-82

Vendor: Siemens

Product:
Siemens SIMATIC S7-1500 1.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2014-2246

Vulnerability status: Patched

Notification date: 05-08-2013

Fix issued: 12-03-2014



Discovered by: Dmitry Serebryannikov, Ilya Karpov, and Alexey Osipov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-81

Vendor: Siemens

Product:
Siemens SIMATIC S7-1500 1.x

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVE ID: CVE-2014-2249

Vulnerability status: Patched

Notification date: 05-08-2013

Fix issued: 12-03-2014



Discovered by: Dmitry Serebryannikov, Ilya Karpov, Alexey Osipov, Yury Goltsev, and Alexander Timorin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-80

Vendor: Siemens

Product:
Siemens SIMATIC WinCC Open Architecture 3.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 01-12-2013

Fix issued: 03-02-2014



Discovered by: Gleb Gritsai and Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-79

Vendor: Siemens

Product:
Siemens SIMATIC WinCC Open Architecture 3.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2014-1698

Vulnerability status: Patched

Notification date: 01-12-2013

Fix issued: 03-02-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-78

Vendor: Siemens

Product:
Siemens SIMATIC WinCC Open Architecture 3.x

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2014-1697

Vulnerability status: Patched

Notification date: 01-12-2013

Fix issued: 03-02-2014



Discovered by: Kirill Nesterov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-77

Vendor: Siemens

Product:
Siemens SIMATIC WinCC Open Architecture 3.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2014-1696

Vulnerability status: Patched

Notification date: 01-12-2013

Fix issued: 03-02-2014



Discovered by: Gleb Gritsai and Ilya Karpov, Positive Research Center (Positive Technologies Company)


PT-2013-76 - LiveStreet CMS

Vulnerability status: Unpatched

Timeline:
11.12.2013 - Vendor gets vulnerability details

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
347

Discovered by: Positive Research Center (Positive Technologies Company)


PT-2013-75 - Nuxeo

Vulnerability status: Unpatched

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
347

Discovered by: Positive Research Center (Positive Technologies Company)


PT-2013-74 - ForgeRock

Vulnerability status: Unpatched

Timeline:
13.12.2013 - Vendor gets vulnerability details

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
348

Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-73

Vendor: Microsoft

Product:
Microsoft Office 2007
Microsoft Office 2003 Professional Edition
Microsoft Office Word 2007
Microsoft Word 2003
Microsoft Word Viewer 2003

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE ID: CVE-2013-3160

Vulnerability status: Patched

Notification date: 26-11-2012

Fix issued: 10-09-2013



Discovered by: Timur Yunusov, Alexey Osipov, Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-72

Vendor: Microsoft

Product:
Microsoft Excel 2010
Microsoft Office Excel 2007
Microsoft Excel 2003
Microsoft Office Excel Viewer 2007

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE ID: CVE-2013-3159

Vulnerability status: Patched

Notification date: 26-11-2012

Fix issued: 10-09-2013



Discovered by: Timur Yunusov, Alexey Osipov, Ilya Karpov, Positive Research Center (Positive Technologies Company)


PT-2013-71 - Caucho Technology

Vulnerability status: Unpatched

Timeline:
02.10.2013 - Vendor gets vulnerability details
29.10.2013 - Vulnerability details were sent to CERT

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
420

Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-70

Vendor: Serv-U

Product:
Serv-U 15.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 02-10-2013

Fix issued: 03-06-2014



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-69

Vendor: Serv-U

Product:
Serv-U 15.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 02-10-2013

Fix issued: 19-02-2014



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-68

Vendor: Serv-U

Product:
Serv-U 15.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 02-10-2013



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-67

Vendor: Serv-U

Product:
Serv-U 15.x

Exploitation vector: Remote

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 02-10-2013

Fix issued: 19-02-2014



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-66

Vendor: Serv-U

Product:
Serv-U 15.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 02-10-2013



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-65

Vendor: Jetty

Product:
Jetty 9.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 25-09-2013

Fix issued: 30-09-2013



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-64

Vendor: Bitrix

Product:
Bitrix Site Manager 12.x

Exploitation vector: Local

Severity: Medium (4.6)
(AV:L/AC:L/Au:S/C:N/I:C/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 04-09-2013

Fix issued: 06-09-2013



Discovered by: Timur Yunusov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-63

Vendor: HTMLPurifier

Product:
HTML Purifier 4.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 03-09-2013

Fix issued: 30-11-2013



Discovered by: Arseny Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-62

Vendor: Samsung

Product:
Web Viewer for Samsung

Exploitation vector: Remote

Severity: High (7.6)
(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3586

Vulnerability status: Unpatched

Notification date: 10-04-2013



Discovered by: Andrey Bezborodov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-61

Vendor: Samsung

Product:
Web Viewer for Samsung

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-3585

Vulnerability status: Unpatched

Notification date: 10-04-2013



Discovered by: Andrey Bezborodov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-59

Vendor: Huawei

Product:
Huawei M2000

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-05-2013

Fix issued: 31-07-2013



Discovered by: Timur Yunusov, Alexey Osipov, Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-58

Vendor: Huawei

Product:
Huawei M2000

Exploitation vector: Remote

Severity: Medium (5.1)
(AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-05-2013

Fix issued: 31-07-2013



Discovered by: Timur Yunusov, Alexey Osipov, Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-57

Vendor: Huawei

Product:
Huawei M2000

Exploitation vector: Remote

Severity: Medium (5.1)
(AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-05-2013

Fix issued: 31-07-2013



Discovered by: Timur Yunusov, Alexey Osipov, Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-56

Vendor: Huawei

Product:
Huawei SGSN USN9810

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-05-2013

Fix issued: 31-07-2013



Discovered by: Kirill Ermakov, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-55

Vendor: Huawei

Product:
Huawei SGSN USN9810

Exploitation vector: Remote

Severity: Medium (5.4)
(AV:N/AC:H/Au:N/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-05-2013

Fix issued: 31-07-2013



Discovered by: Timur Yunusov, Alexey Osipov, Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-54

Vendor: Huawei

Product:
Huawei SGSN USN9810

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-05-2013

Fix issued: 31-07-2013



Discovered by: Timur Yunusov, Alexey Osipov, Gleb Gritsai, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-53

Vendor: Huawei

Product:
Huawei SGSN USN9810

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-05-2013

Fix issued: 31-07-2013



Discovered by: Kirill Ermakov, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-52

Vendor: Huawei

Product:
Huawei SGSN USN9810

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 17-05-2013

Fix issued: 31-07-2013



Discovered by: Kirill Ermakov, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-51

Vendor: Siemens

Product:
Siemens SIMATIC WinCC TIA Portal 12.x

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-4912

Vulnerability status: Patched

Notification date: 15-05-2012

Fix issued: 31-07-2013



Discovered by: Timur Yunusov, Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-50

Vendor: Siemens

Product:
Siemens SIMATIC WinCC TIA Portal 12.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-4911

Vulnerability status: Patched

Notification date: 02-08-2012

Fix issued: 31-07-2013



Discovered by: Timur Yunusov, Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-49

Vendor: Oracle

Product:
Oracle Containers for J2EE 10.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/AU:N/C:P/I:N/A:N)

CVE ID: CVE-2014-0414

Vulnerability status: Patched

Notification date: 16-08-2013

Fix issued: 15-04-2014



Discovered by: Sergey Bobrov, Andrey Medov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-48

Vendor: Oracle

Product:
Oracle Containers for J2EE 10.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/AU:N/C:N/I:P/A:N)

CVE ID: CVE-2014-0413

Vulnerability status: Patched

Notification date: 16-08-2013

Fix issued: 15-04-2014



Discovered by: Mikhail Firstov and Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-47

Vendor: Oracle

Product:
Oracle Containers for J2EE 10.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2014-0426

Vulnerability status: Patched

Notification date: 16-08-2013

Fix issued: 15-04-2014



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-46

Vendor: Nagios

Product:
Nagios Looking Glass 1.x

Exploitation vector: Remote

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 19-07-2013



Discovered by: Vyacheslav Egoshin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-45

Vendor: ISPsystem

Product:
ISPmanager 4.x

Exploitation vector: Remote

Severity: High (8.5)
(AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 12-07-2013

Fix issued: 15-07-2013



Discovered by: Vladislav Roskov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-44

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2013-3959

Vulnerability status: Patched

Notification date: 13-01-2013

Fix issued: 14-06-2013



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-43

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-3958

Vulnerability status: Patched

Notification date: 03-03-2013

Fix issued: 14-06-2013



Discovered by: Alexander Tlyapov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-42

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3957

Vulnerability status: Patched

Notification date: 13-01-2013

Fix issued: 14-06-2013



Discovered by: Sergey Gordeychik, Timur Yunusov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-41

Vendor: PHPLETTER

Product:
Ajax File and Image manager 1.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 20-06-2013



Discovered by: Ilya Krupenko, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-40

Vendor: Invensys Systems

Product:
Wonderware Information Server 5.x
Wonderware Information Server 4.x

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0685

Vulnerability status: Patched

Notification date: 16-12-2012

Fix issued: 23-04-2013



Discovered by: Ivan Poliyanchuk, Evgeny Ermakov, Nikita Mikhalevsky, Dmitry Serebryannikov, Vyacheslav Egoshin, Gleb Gritsai, Denis Baranov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-39

Vendor: Invensys Systems

Product:
Wonderware Information Server 5.x
Wonderware Information Server 4.x

Exploitation vector: Local

Severity: Medium (6.3)
(AV:L/AC:M/Au:N/C:C/I:N/A:C)

CVE ID: CVE-2013-0686

Vulnerability status: Patched

Notification date: 16-12-2012

Fix issued: 23-04-2013



Discovered by: Ilya Karpov, Timur Yunusov, Alexey Osipov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-38

Vendor: Invensys Systems

Product:
Wonderware Information Server 5.x
Wonderware Information Server 4.x

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0684

Vulnerability status: Patched

Notification date: 16-12-2012

Fix issued: 23-04-2013



Discovered by: Ivan Poliyanchuk, Evgeny Ermakov, Nikita Mikhalevsky, Dmitry Serebryannikov, Vyacheslav Egoshin, Gleb Gritsai, Denis Baranov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-37

Vendor: Invensys Systems

Product:
Wonderware Information Server 5.x
Wonderware Information Server 4.x

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0688

Vulnerability status: Patched

Notification date: 16-12-2012

Fix issued: 23-04-2013



Discovered by: Ivan Poliyanchuk, Evgeny Ermakov, Nikita Mikhalevsky, Dmitry Serebryannikov, Vyacheslav Egoshin, Gleb Gritsai, Denis Baranov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-36

Vendor: Invensys Systems

Product:
Invensys Wonderware Win-XML Exporter

Exploitation vector: Remote

Severity: Medium (6.3)
(AV:L/AC:M/Au:N/C:C/I:N/A:C)

CVE ID: CVE-2012-4710

Vulnerability status: Patched

Notification date: 22-11-2012

Fix issued: 21-03-2013



Discovered by: Timur Yunusov, Alexey Osipov, Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-35

Vendor: Siemens

Product:
Siemens SIMATIC WinCC TIA Portal 11.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-0668

Vulnerability status: Patched

Notification date: 21-09-2012

Fix issued: 15-03-2013



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-34

Vendor: Siemens

Product:
Siemens SIMATIC WinCC TIA Portal 11.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-0667

Vulnerability status: Patched

Notification date: 21-09-2012

Fix issued: 15-03-2013



Discovered by: Artem Chaykin, Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-33

Vendor: Siemens

Product:
Siemens SIMATIC WinCC TIA Portal 11.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-0670

Vulnerability status: Patched

Notification date: 21-09-2012

Fix issued: 15-03-2013



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-32

Vendor: Siemens

Product:
Siemens SIMATIC WinCC TIA Portal 11.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVE ID: CVE-2013-0671

Vulnerability status: Patched

Notification date: 21-09-2012

Fix issued: 15-03-2013



Discovered by: Sergey Bobrov, Roman Ilin, Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-31

Vendor: Siemens

Product:
Siemens SIMATIC WinCC TIA Portal 11.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2013-0672

Vulnerability status: Patched

Notification date: 21-09-2012

Fix issued: 15-03-2013



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-30

Vendor: Siemens

Product:
Siemens SIMATIC WinCC TIA Portal 11.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVE ID: CVE-2013-0669

Vulnerability status: Patched

Notification date: 21-09-2012

Fix issued: 15-03-2013



Discovered by: Roman Ilin, Artem Chaykin, Ilya Karpov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-29

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE ID: CVE-2013-0677

Vulnerability status: Patched

Notification date: 02-08-2012

Fix issued: 15-03-2013



Discovered by: Alexey Osipov, Timur Yunusov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-28

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-0674

Vulnerability status: Patched

Notification date: 02-08-2012

Fix issued: 15-03-2013



Discovered by: Gleb Gritsai, Dmitry Nagibin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-27

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2013-0679

Vulnerability status: Patched

Notification date: 11-07-2012

Fix issued: 15-03-2013



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-26

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2013-0676

Vulnerability status: Patched

Notification date: 11-07-2012

Fix issued: 15-03-2013



Discovered by: Sergey Gordeychik, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-25

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2013-0678

Vulnerability status: Patched

Notification date: 11-07-2012

Fix issued: 15-03-2013



Discovered by: Gleb Gritsai, Sergey Gordeychik, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-24

Vendor: SAP

Product:
SAP NetWeaver 7.x

Exploitation vector: Remote

Severity: Medium (4.6)
(AV:N/AC:H/AU:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 20-03-2013

Fix issued: 10-06-2013



Discovered by: Dmitry Gutsko, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-23

Vendor: SAP

Product:
SAP NetWeaver 7.x

Exploitation vector: Remote

Severity: Medium (4.9)
(AV:N/AC:M/Au:S/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 20-03-2013

Fix issued: 12-11-2013



Discovered by: Dmitry Sklyarov, Dmitry Gutsko, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-22

Vendor: Trustwave

Product:
ModSecurity 2.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 27-02-2013

Fix issued: 29-03-2013



Discovered by: Timur Yunusov, Alexey Osipov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-21

Vendor: Oracle

Product:
Oracle Database 11.x
Oracle Database 12.x

Exploitation vector: Remote

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE ID: CVE-2013-5771

Vulnerability status: Patched

Notification date: 26-02-2013

Fix issued: 15-10-2013



Discovered by: Timur Yunusov, Alexey Osipov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-18

Vendor: mnoGoSearch

Product:
mnoGoSearch 3.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 15-02-2013

Fix issued: 05-03-2013



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-17

Vendor: mnoGoSearch

Product:
mnoGoSearch 3.x

Exploitation vector: Remote

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 15-02-2013

Fix issued: 05-03-2013



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


PT-2013-16 - Microsoft

Vulnerability status: Unpatched

Timeline:
13.02.2013 - Vendor gets vulnerability details

Severity: Low (3.5)
(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
651

Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-15

Vendor: Jelsoft Enterprises

Product:
vBulletin 5 CONNECT

Exploitation vector: Remote

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 07-02-2013

Fix issued: 11-02-2013



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-14

Vendor: PHP

Product:
PHP 5.4.x
PHP 5.3.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-1643

Vulnerability status: Patched

Notification date: 07-02-2013

Fix issued: 14-03-2013



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-13

Vendor: SAP

Product:
SAP NetWeaver 7.x

Exploitation vector: Remote

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 18-01-2013

Fix issued: 12-03-2013



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-12

Vendor: PHP

Product:
PHP 5.4.x
PHP 5.3.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-1635

Vulnerability status: Patched

Notification date: 07-02-2013

Fix issued: 14-03-2013



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-11

Vendor: Oracle

Product:
Oracle Siebel CRM 8.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-3841

Vulnerability status: Patched

Notification date: 05-02-2013

Fix issued: 15-10-2013



Discovered by: Nikita Mikhalevsky, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-08

Vendor: Oracle

Product:
Oracle Siebel CRM 8.x

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-5761

Vulnerability status: Patched

Notification date: 05-02-2013

Fix issued: 15-10-2013



Discovered by: Nikita Mikhalevsky, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-07

Vendor: Oracle

Product:
Oracle Siebel CRM 8.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2013-3840

Vulnerability status: Patched

Notification date: 05-02-2013

Fix issued: 15-10-2013



Discovered by: Nikita Mikhalevsky, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-06

Vendor: Oracle

Product:
Oracle Siebel CRM 8.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-5867

Vulnerability status: Patched

Notification date: 05-02-2013

Fix issued: 15-10-2013



Discovered by: Alexander Tlyapov, Dmitry Sklyarov, Positive Research Center (Positive Technologies Company)


PT-2013-04 - Microsoft

Vulnerability status: Unpatched

Timeline:
25.01.2013 - Vendor gets vulnerability details

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
670

Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-19

Vendor: HP

Product:
ArcSight Connectors 5.x

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 24-01-2013



Discovered by: Timur Yunusov, Alexey Osipov and Sergey Pavlov, Positive Research Center (Positive Technologies Company)


PT-2013-03 - PunBB

Vulnerability status: Unpatched

Timeline:
17.01.2013 - Vendor gets vulnerability details

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitation vector: Remote


Days since vendor notification:


30
60
678

Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-02

Vendor: FluxBB

Product:
FluxBB 1.x

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 17-01-2013

Fix issued: 22-02-2013



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2013-01

Vendor: GNOME

Product:
GNOME

Exploitation vector: Local

Severity: Medium (6.6)
(AV:L/AC:L/Au:N/C:C/I:N/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 14-01-2013

Fix issued: 16-05-2013



Discovered by: Timur Yunusov, Alexey Osipov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-61

Vendor: SAP Software

Product:
Sybase Adaptive Server Enterprise 15.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2013-6025

Vulnerability status: Patched

Notification date: 27-12-2012

Fix issued: 10-09-2013



Discovered by: Igor Bulatenko, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-60

Vendor: Dolphin Browser for Android 9.x

Product:
Dolphin Browser for Android 9.x

Exploitation vector: Remote

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 18-12-2012

Fix issued: 07-03-2013



Discovered by: Mikhail Firstov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-59

Vendor: Zend Technologies

Product:
Zend Framework 1.x

Exploitation vector: Remote

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 13-12-2012

Fix issued: 17-12-2012



Discovered by: Yury Dyachenko, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-58

Vendor: mongoDB

Product:
mongoDB 2.x

Exploitation vector: Local

Severity: Medium (4.4)
(AV:L/AC:M/Au:S/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 27-11-2012

Fix issued: 13-02-2013



Discovered by: Mikhail Firstov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-57

Vendor: Bitrix

Product:
Bitrix Site Manager 11.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 03-09-2012

Fix issued: 10-09-2012



Discovered by: Timur Yunusov, Positive Research Center (Positive Technologies Company)


PT-2012-56 - VMWare

Vulnerability status: Unpatched

Timeline:
11.11.2012 - Vendor is notified
11.11.2012 - Vendor gets vulnerability details

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
745

Discovered by: Evgeniy Tolmachev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-55

Vendor: Siemens

Product:
Siemens Teamcenter 2007.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 09-10-2012

Fix issued: 13-11-2012



Discovered by: Ilya Smit, Dmitry Efanov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-54

Vendor: Siemens

Product:
Siemens Teamcenter 2007.x

Exploitation vector: Remote

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 09-10-2012

Fix issued: 13-11-2012



Discovered by: Ilya Smit, Dmitry Efanov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-53

Vendor: Softnews Media Group

Product:
DataLife Engine 9.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 30-10-2012

Fix issued: 19-01-2013



Discovered by: Timur Yunusov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-52

Vendor: DokuWiki

Product:
DokuWiki

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 22-10-2012

Fix issued: 06-03-2013



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-50

Vendor: Siemens

Product:
Siemens SIMATIC S7-1200 2.x
Siemens SIMATIC S7-1200 3.x

Exploitation vector: Remote

Severity: High (8.3)
(AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 08-08-2012

Fix issued: 08-10-2012



Discovered by: Dmitry Serebryannikov, Artem Chaikin, Yury Goltsev, Timur Yunusov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-49

Vendor: Oracle

Product:
Oracle Siebel CRM 8.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-1510

Vulnerability status: Patched

Notification date: 26-09-2012

Fix issued: 16-04-2013



Discovered by: Pavel Toporkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-48

Vendor: Siemens

Product:
Siemens SIMATIC S7-1200 2.x

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2012-3037

Vulnerability status: Patched

Notification date: 29-08-2012

Fix issued: 13-09-2012



Discovered by: Dmitry Sklyarov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-47

Vendor: Google

Product:
Google Chrome for Android 18.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2012-4903

Vulnerability status: Patched

Notification date: 20-07-2012

Fix issued: 12-09-2012



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-46

Vendor: Google

Product:
Google Chrome for Android 18.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2012-4904

Vulnerability status: Patched

Notification date: 20-07-2012

Fix issued: 12-09-2012



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-45

Vendor: Siemens

Product:
Siemens Simatic WinCC WebNavigator 7.x

Exploitation vector: Remote

Severity: High (8.3)
(AV:N/AC:M/Au:N/C:C/I:P/A:P)

CVE ID: CVE-2012-3034

Vulnerability status: Patched

Notification date: 16-07-2012

Fix issued: 10-09-2012



Discovered by: Denis Baranov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-44

Vendor: Siemens

Product:
Siemens Simatic WinCC WebNavigator 7.x

Exploitation vector: Remote

Severity: High (9.0)
(AV:N/AC:L/Au:N/C:P/I:P/A:C)

CVE ID: CVE-2012-3032

Vulnerability status: Patched

Notification date: 16-07-2012

Fix issued: 10-09-2012



Discovered by: Denis Baranov, Vladimir Kochetkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-43

Vendor: Siemens

Product:
Siemens Simatic WinCC WebNavigator 7.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2012-3030

Vulnerability status: Patched

Notification date: 16-07-2012

Fix issued: 10-09-2012



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-42

Vendor: Siemens

Product:
Siemens Simatic WinCC WebNavigator 7.x

Exploitation vector: Remote

Severity: High (8.3)
(AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE ID: CVE-2012-3031 CVE-2012-3028

Vulnerability status: Patched

Notification date: 16-07-2012

Fix issued: 10-09-2012



Discovered by: Sergey Bobrov, Timur Yunusov, Artem Chaykin, Pavel Toporkov, Vladimir Kochetkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-41

Vendor: mongoDB

Product:
mongoDB 2.x

Exploitation vector: Local

Severity: Medium (5.5)
(AV:L/AC:M/Au:S/C:C/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-09-2012

Fix issued: 13-02-2013



Discovered by: Mikhail Firstov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-40

Vendor: mongoDB

Product:
mongoDB 2.x

Exploitation vector: Remote

Severity: High (8.3)
(AV:AN/AC:L/AU:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-09-2012

Fix issued: 13-02-2013



Discovered by: Mikhail Firstov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-38

Vendor: Oracle

Product:
Oracle E-Business Suite 12.x

Exploitation vector: Remote

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-0382

Vulnerability status: Patched

Notification date: 06-09-2012

Fix issued: 15-01-2013



Discovered by: Pavel Toporkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-37

Vendor: Oracle

Product:
Oracle E-Business Suite 12.x

Exploitation vector: Remote

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-0381

Vulnerability status: Patched

Notification date: 06-09-2012

Fix issued: 15-01-2013



Discovered by: Pavel Toporkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-36

Vendor: Oracle

Product:
Oracle E-Business Suite 12.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-0380

Vulnerability status: Patched

Notification date: 06-09-2012

Fix issued: 15-01-2013



Discovered by: Pavel Toporkov, Positive Research Center (Positive Technologies Company)


PT-2012-35 - PHP

Vulnerability status: Unpatched

Timeline:
28.08.2012 - Vendor is notified
28.08.2012 - Vendor gets vulnerability details

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
820

Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-34

Vendor: OpenCart Limited

Product:
OpenCart 1.x

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 28-08-2012

Fix issued: 29-11-2012



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-33

Vendor: Sanuel Co.

Product:
Sanuel Family 11.х

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 27-08-2012



Discovered by: Denis Gorchakov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-32

Vendor: Sanuel Co.

Product:
Sanuel Family 11.х

Exploitation vector: Remote

Severity: High (8.5)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 27-08-2012



Discovered by: Denis Gorchakov, Positive Research Center (Positive Technologies Company)


PT-2012-31 - PHP

Vulnerability status: Unpatched

Timeline:
24.08.2012 - Vendor is notified
24.08.2012 - Vendor gets vulnerability details

Severity: Medium ()

Exploitation vector: Local


Days since vendor notification:


30
60
824

Discovered by: Timur Yunusov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-30

Vendor: OpenCart Limited

Product:
OpenCart 1.x

Exploitation vector: Remote

Severity: High (9.3)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 23-08-2012

Fix issued: 23-08-2012



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-29

Vendor: Simple Machines

Product:
Simple Machines Forum 2.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 23-08-2012

Fix issued: 01-02-2013



Discovered by: Arseniy Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-28

Vendor: Softnews Media Group

Product:
DataLife Engine 9.x

Exploitation vector: Remote

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 17-08-2012

Fix issued: 12-09-2012



Discovered by: Timur Yunusov, Arseny Reutov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-27

Vendor: Umisoft

Product:
UMI.CMS 2.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 16-08-2012

Fix issued: 20-11-2012



Discovered by: Timur Yunusov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-26

Vendor: qutIM

Product:
qutIM 0.x

Exploitation vector: Remote

Severity: Medium (5.4)
(AV:A/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 14-08-2012

Fix issued: 23-09-2013



Discovered by: Mikhail Firstov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-24

Vendor: SAP

Product:
SAP NetWeaver 7.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 16-07-2012

Fix issued: 14-05-2013



Discovered by: Pavel Toporkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-23

Vendor: Dr.Web

Product:
Dr.Web Antivirus

Exploitation vector: Local

Severity: Low (2.1)
(AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 11-07-2012

Fix issued: 13-07-2012



Discovered by: Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-22

Vendor: SQLite

Product:
SQLite 3.x

Exploitation vector: Local

Severity: Medium (5.5)
(AV:L/AC:M/Au:S/C:C/I:P/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 10-07-2012



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-21

Vendor: NetIQ

Product:
eDirectory

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVE ID: CVE-2012-0429

Vulnerability status: Patched

Notification date: 06-07-2012

Fix issued: 18-12-2012



Discovered by: Dmitry Serebryannikov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-20

Vendor: NetIQ

Product:
eDirectory

Exploitation vector: Remote

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2012-0430

Vulnerability status: Patched

Notification date: 06-07-2012

Fix issued: 18-12-2012



Discovered by: Dmitry Serebryannikov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-19

Vendor: NetIQ

Product:
eDirectory

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2012-0428

Vulnerability status: Patched

Notification date: 06-07-2012

Fix issued: 18-12-2012



Discovered by: Dmitry Serebryannikov, Positive Research Center (Positive Technologies Company)


PT-2012-18 - Microsoft

Vulnerability status: Unpatched

Timeline:
04.07.2012 - Vendor is notified
04.07.2012 - Vendor gets vulnerability details

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitation vector: Remote


Days since vendor notification:


30
60
875

Discovered by: Alexander Polunin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-17

Vendor: Oracle

Product:
Oracle E-Business Suite 12.x

Exploitation vector: Remote

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-06-2012

Fix issued: 15-10-2012



Discovered by: Pavel Toporkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-16

Vendor: Python Software Foundation

Product:
Pillow 1.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 25-06-2012

Fix issued: 15-03-2013



Discovered by: Pavel Toporkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-15

Vendor: IBM

Product:
InfoSphere Guardium 8.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2012-3309, CVE-2012-3312

Vulnerability status: Patched

Notification date: 25-06-2012

Fix issued: 15-08-2012



Discovered by: Igor Bulatenko, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-14

Vendor: PHP

Product:
PHP 5.4.x
PHP 5.3.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2012-3365

Vulnerability status: Patched

Notification date: 22-06-2012

Fix issued: 19-07-2012



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-13

Vendor: PHP

Product:
PHP 5.4.x

Exploitation vector: Local

Severity: Low (1.7)
(AV:L/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 22-06-2012

Fix issued: 14-09-2012



Discovered by: Sergey Bobrov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-12

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2012-3003

Vulnerability status: Patched

Notification date: 23-05-2012

Fix issued: 05-06-2012



Discovered by: Sergey Scherbel, Yury Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov, Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-11

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2012-2595

Vulnerability status: Patched

Notification date: 23-05-2012

Fix issued: 05-06-2012



Discovered by: Sergey Scherbel, Yury Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov, Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-10

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2012-2598

Vulnerability status: Patched

Notification date: 23-05-2012

Fix issued: 05-06-2012



Discovered by: Sergey Scherbel, Yury Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov, Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-09

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:L/Au:S/C:C/I:N/A:N)

CVE ID: CVE-2012-2597

Vulnerability status: Patched

Notification date: 23-05-2012

Fix issued: 05-06-2012



Discovered by: Sergey Scherbel, Yury Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov, Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-08

Vendor: Siemens

Product:
Siemens SIMATIC WinCC 7.x

Exploitation vector: Remote

Severity: Medium (5.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVE ID: CVE-2012-2596

Vulnerability status: Patched

Notification date: 23-05-2012

Fix issued: 05-06-2012



Discovered by: Sergey Scherbel, Yury Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov, Artem Chaykin, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-06

Vendor: nginx

Product:
nginx 1.2.0
nginx 1.3.0

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2011-4963

Vulnerability status: Patched

Notification date: 15-05-2012

Fix issued: 05-06-2012



Discovered by: Vladimir Kochetkov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-05

Vendor: Quercus on Resin 4.x

Product:
Quercus on Resin 4.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2012-2965

Vulnerability status: Patched

Notification date: 23-03-2012

Fix issued: 13-07-2012



Discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-04

Vendor: Cisco

Product:
Cisco Identity Services Engine 1.0.4.x

Exploitation vector: Remote

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID: CVE-2012-3910

Vulnerability status: Patched

Notification date: 13-01-2012

Fix issued: 12-04-2012



Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-03

Vendor: Cisco

Product:
Cisco Identity Services Engine 1.0.4.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2012-3909

Vulnerability status: Patched

Notification date: 13-01-2012

Fix issued: 12-04-2012



Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-02

Vendor: Cisco

Product:
Cisco Identity Services Engine 1.0.4.x

Exploitation vector: Remote

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

CVE ID: CVE-2012-3908

Vulnerability status: Patched

Notification date: 13-01-2012

Fix issued: 12-04-2012



Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2012-01

Vendor: Cisco

Product:
Cisco Identity Services Engine 1.0.4.x

Exploitation vector: Remote

Severity: High (9.0)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2012-3907

Vulnerability status: Patched

Notification date: 13-01-2012

Fix issued: 12-04-2012



Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-48

Vendor: AtMail

Product:
AtMail

Exploitation vector: Remote

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 06-12-2011

Fix issued: 26-03-2012



Discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-47

Vendor: SAP

Product:
SAP

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 02-12-2011

Fix issued: 08-05-2012



Discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-46

Vendor: SAP

Product:
SAP

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/AU:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 02-12-2011

Fix issued: 03-08-2012



Discovered by: Ilya Smith, Maxim Tsoy, Kirill Mosolov, Evgeny Ryzhov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-45

Vendor: SAP

Product:
SAP

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 08-05-2012



Discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-44

Vendor: SAP

Product:
SAP

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 02-12-2011

Fix issued: 08-05-2012



Discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-43

Vendor: Kayako

Product:
Kayako Fusion

Exploitation vector: Remote

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 25-11-2011

Fix issued: 25-11-2011



Discovered by: Yuri Goltsev, Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-41

Vendor: Citrix

Product:
Citrix License Administration Console 11.9

Exploitation vector: Remote

Severity: Medium (4.9)
(AV:N/AC:H/Au:S/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-40

Vendor: Citrix

Product:
Citrix License Administration Console 11.9

Exploitation vector: Remote

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-39

Vendor: Citrix

Product:
Citrix XenServer-6.0.0 WLB

Exploitation vector: Remote

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 13-03-2012



Discovered by: Kirill Mosolov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-38

Vendor: Citrix

Product:
Citrix XenServer Virtual Switch Controller 6.0.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 13-03-2012



Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-37

Vendor: Citrix

Product:
Citrix XenServer Virtual Switch Controller 6.0.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-36

Vendor: Citrix

Product:
Citrix XenServer Virtual Switch Controller 6.0.x

Exploitation vector: Local

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-35

Vendor: Citrix

Product:
Citrix XenServer Virtual Switch Controller 6.0.x

Exploitation vector: Remote

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-34

Vendor: Citrix

Product:
Citrix XenServer 6.0 Web Self Service 1.1

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 10-03-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-33

Vendor: Citrix

Product:
Citrix XenServer 6.0 Web Self Service 1.1

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 10-03-2012



Discovered by: Ilya Smith, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-32

Vendor: Citrix

Product:
Citrix XenServer 6.0 Web Self Service 1.1

Exploitation vector: Remote

Severity: Medium (4.9)
(AV:N/AC:H/Au:S/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 10-03-2012



Discovered by: Kirill Mosolov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-31

Vendor: Citrix

Product:
Citrix XenServer 6.0 Web Self Service 1.1

Exploitation vector: Remote

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 10-11-2011

Fix issued: 10-04-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-30

Vendor: D-Link

Product:
D-Link DIR-300

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:L/Au:S/C:C/I:N/A:N)

CVE ID: CVE-2011-4723

Vulnerability status: Patched

Notification date: 09-09-2011

Fix issued: 19-09-2011



Discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-29

Vendor: D-Link

Product:
D-Link DIR-300

Exploitation vector: Remote

Severity: High (10.0)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 09-09-2011

Fix issued: 19-09-2011



Discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-27

Vendor: Cisco

Product:
Cisco Secure ACS 5.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2011-3317

Vulnerability status: Patched

Notification date: 28-07-2011

Fix issued: 13-02-2012



Discovered by: Maxim Tsoy, Yuriy Goltsev, Alexander Zaitsev and Evgeniy Tolmachev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-26

Vendor: Cisco

Product:
Cisco Secure ACS 5.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2011-3293

Vulnerability status: Patched

Notification date: 19-07-2011

Fix issued: 13-02-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-25

Vendor: Support Incident Tracker

Product:
Support Incident Tracker 3.x

Exploitation vector: Remote

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 13-07-2011

Fix issued: 17-07-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-24

Vendor: Arbor Networks

Product:
Arbor Peakflow X

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVE ID: CVE-2011-4637

Vulnerability status: Patched

Notification date: 12-07-2011

Fix issued: 02-03-2012



Discovered by: Dmitriy Gutsko, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-23

Vendor: GLPI

Product:
GLPI 0.x

Exploitation vector: Remote

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 11-07-2011

Fix issued: 21-07-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-21

Vendor: OneOrZero

Product:
OneOrZero AIMS 2.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 08-07-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-20

Vendor: OneOrZero

Product:
OneOrZero AIMS 2.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 08-07-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-19

Vendor: Help Request System

Product:
Help Request System 1.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 07-07-2011

Fix issued: 16-07-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-18

Vendor: Arbor Networks

Product:
Arbor Peakflow X

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2011-4636

Vulnerability status: Patched

Notification date: 01-07-2011

Fix issued: 02-03-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-16

Vendor: Mozilla

Product:
Mozilla Firefox 3.6.x
Mozilla Firefox 4.0.x
Mozilla Firefox 16.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 29-06-2011

Fix issued: 21-11-2012



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-14

Vendor: BoonEx

Product:
Dolphin 6.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Notification date: 29-06-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-22

Vendor: Adobe Systems

Product:
Adobe Flash Player 10.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2011-2137

Vulnerability status: Patched

Notification date: 28-06-2011

Fix issued: 09-08-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-13

Vendor: ManageEngine ServiceDesk Plus 8.x

Product:
ManageEngine ServiceDesk Plus 8.x

Exploitation vector: Remote

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 24-06-2011

Fix issued: 29-03-2012



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-12

Vendor: ManageEngine ServiceDesk Plus 8.x

Product:
ManageEngine ServiceDesk Plus 8.x

Exploitation vector: Remote

Severity: Medium (6.3)
(AV:N/AC:M/Au:S/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 24-06-2011

Fix issued: 29-11-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-11

Vendor: ManageEngine ServiceDesk Plus 8.x

Product:
ManageEngine ServiceDesk Plus 8.x

Exploitation vector: Remote

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 24-06-2011

Fix issued: 23-04-2012



Discovered by: Dmitry Evteev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-10

Vendor: ManageEngine ServiceDesk Plus 8.x

Product:
ManageEngine ServiceDesk Plus 8.x

Exploitation vector: Remote

Severity: High (8.5)
(AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 24-06-2011

Fix issued: 23-04-2012



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-09

Vendor: ManageEngine ServiceDesk Plus 8.x

Product:
ManageEngine ServiceDesk Plus 8.x

Exploitation vector: Remote

Severity: High (8.5)
(AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 24-06-2011

Fix issued: 29-03-2012



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-08

Vendor: D-Link

Product:
D-Link DPH 150s IP Phone

Exploitation vector: Remote

Severity: High (9.7)
(AV:N/AC:L/Au:N/C:P/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 24-06-2011

Fix issued: 20-07-2011



Discovered by: Alexander Zaitsev, Gleb Gritsai and Yuri Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-07

Vendor: Cisco

Product:
Cisco SPA8000 8-port IP Telephony Gateway 6.x
Cisco SPA8800 IP Telephony Gateway 6.x
Cisco SPA2102 Phone Adapter with Router 5.x
Cisco SPA3102 Voice Gateway with Router 5.x
Cisco Small Business SPA500 Series IP Phones 7.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2011-2545

Vulnerability status: Patched

Notification date: 23-06-2011

Fix issued: 12-06-2012



Discovered by: Alexander Zaitsev, Gleb Gritsai, Positive Research Center (Positive Technologies Company)


PT-2011-06 - VMWare

Vulnerability status: Unpatched

Timeline:
20.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:N/I:P/A:P)

Exploitation vector: Remote


Days since vendor notification:


30
60
1255

Discovered by: Denis Baranov, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-05

Vendor: Koha Library Software

Product:
Koha 3.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 31-05-2011

Fix issued: 19-06-2011



Discovered by: Yuriy Goltsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-04

Vendor: Kayako Web Solutions

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 30-05-2011

Fix issued: 25-08-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-03

Vendor: Kayako Web Solutions

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 30-05-2011

Fix issued: 25-08-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-02

Vendor: Kayako Web Solutions

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 30-05-2011

Fix issued: 25-08-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Identifier: PT-2011-01

Vendor: Kayako Web Solutions

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Notification date: 30-05-2011

Fix issued: 25-08-2011



Discovered by: Yuriy Goltsev, Positive Research Center (Positive Technologies Company)


PT-2010-11 - IrisvisiaCMS

Vulnerability status: Unpatched

Timeline:
11.09.2010 - Sent email to vendor

Severity: High (10.0)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitation vector: Remote


Days since vendor notification:


30
60
1478

Discovered by: Yuri Goltsev, Positive Research


PT-2010-09 - Newton CMS

Vulnerability status: Unpatched

Timeline:
10.09.2010 - vendor notified
11.09.2010 - Status request sent

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
1538

Discovered by: Yuri Goltsev, Positive Research


PT-2010-05 - OpenSSL Project

Vulnerability status: Unpatched

Timeline:
09/07/2010 - Vendor notified

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
1541

Discovered by: Sergey Rublev, Positive Research


PT-2010-08 - Quantum Art

Vulnerability status: Unpatched

Timeline:
08.19.2010 - Vendor notified
11.09.2010 - Status request sent

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitation vector: Remote


Days since vendor notification:


30
60
1560

Discovered by: Dmitry Evteev, Positive Research


PT-2009-44: Multiple vulnerabilities in Kayako Support Suite - Kayako

Vulnerability status: Unpatched

Timeline:
10/12/2009 - Vendor notified
10/13/2009 - Vendor response

Severity: Medium (6.4)
AV:N/AC:H/Au:M/C:C/I:C/A:P

Exploitation vector: Remote


Days since vendor notification:


30
60
1870

Discovered by: Timur Yunusov, Positive Research


Identifier: PT-2009-43

Vendor: Kayako

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Low (4.3)
AV:N/AC:M/Au:N/C:P/I:N

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 12-03-2010



Discovered by: Timur Yunusov, Positive Research


Identifier: PT-2009-42

Vendor: Kayako

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Medium (7.0)
AV:N/AC:M/Au:S/C:C/I:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 09-02-2010



Discovered by: Timur Yunusov, Positive Research


Identifier: PT-2009-41

Vendor: Kayako

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Low (6.4)
AV:N/AC:L/Au:N/C:P/I:N/A:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 12-03-2010



Discovered by: Timur Yunusov, Positive Research


Identifier: PT-2009-40

Vendor: Atlassian

Product:
JIRA 3.13.4

Exploitation vector: Remote

Severity: Low (0.0)
(AV:N/AC:L/Au:N/C:N/I:N/A:N/E:P/RL:W/RC:C)

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 24-06-2009



Discovered by: Dmitry Evteev, Positive Research


PT-2009-39 - Avaya

Vulnerability status: Unpatched

Timeline:
04.08.2009 - Vendor notified 04.13.2009 - Vendor response 04.14.2009 - Sent detail information

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2056

Discovered by: Nikita Tarakanov, Positive Research


PT-2009-38 - Citrix

Vulnerability status: Unpatched

Timeline:
04.10.2009 - Vendor notified 04.16.2009 - Vendor response 04.16.2009 - Sent detail information

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2056

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-37 - Cisco

Vulnerability status: Unpatched

Timeline:
04.10.2009 - Vendor notified

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2056

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Identifier: PT-2009-36

Product:
Neo CMS

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 27-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-32 Cross-Site Scripting Vulnerability - N/A

Vulnerability status: Unpatched

Timeline:
03/25/2009 - Vendor is notified
03/25/2009 - Vendor response

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitation vector: Remote


Days since vendor notification:


30
60
2072

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-35: SQL Injection Vulnerability - N/A

Vulnerability status: Unpatched

Timeline:
03/25/2009 - Vendor is notified
03/26/2009 - Vendor response

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days since vendor notification:


30
60
2072

Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-34

Product:
AKmedia CMS

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 26-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-33

Product:
iNTERNET.cms

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 18-05-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-29

Product:
Tribiq CMS 5.0.11

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 29-09-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-28: SQL Injection Vulnerability - N/A

Vulnerability status: Unpatched

Timeline:
03/24/2009 - Vendor is notified
03/24/2009 - Vendor response

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days since vendor notification:


30
60
2073

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-27: Multiple Vulnerabilities - Huberspace

Vulnerability status: Unpatched

Timeline:
03/24/2009 - Vendor notified

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days since vendor notification:


30
60
2073

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-30: Multiple Vulnerabilities - N/A

Vulnerability status: Patched

Timeline:
03.12.2009 - Vendor notified
no response
03.24.2009 - Second notification

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days since vendor notification:


30
60
2085

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-31: Multiple Vulnerabilities - N/A

Vulnerability status: Unpatched

Timeline:
03.11.2009 - Vendor notified
no response
03.24.2009 - Second notification

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days since vendor notification:


30
60
2086

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-26 Cross-Site Scripting Vulnerability - Cupid Systems

Vulnerability status: Unpatched

Timeline:
03/11/2009 - Vendor is notified
03/11/2009 - Vendor response
03/24/2009 - Requested status update from vendor

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitation vector: Remote


Days since vendor notification:


30
60
2086

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-25: Multiple Vulnerabilities - N/A

Vulnerability status: Unpatched

Timeline:
03/11/2009 - Vendor notified
03/11/2009 - Vendor response
03/24/2009 - Requested status update from vendor

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days since vendor notification:


30
60
2086

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-19 - Cisco

Vulnerability status: Unpatched

Timeline:
03.10.2009 - Vendor notified

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2087

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Identifier: PT-2009-24

Product:
ELDORADO CMS 3.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 13-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-13

Product:
TinX/cms 3.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: CVE-2009-0825

Vulnerability status: Patched

Notification date:

Fix issued: 05-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-23: Multiple Vulnerabilities - N/A

Vulnerability status: Unpatched

Timeline:
03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days since vendor notification:


30
60
2093

Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-16

Product:
Subrion CMS 1.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 25-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-12

Vendor: Umisoft

Product:
UMI.CMS 2.x

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 06-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-22

Product:
EXcms 2.x

Exploitation vector: Remote

Severity: Low (0.0)
AV:N/AC:L/Au:N/C:N/I:N/A:N

CVE ID: N/A

Vulnerability status: Unpatched

Notification date:



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-15

Product:
Living CMS 1.x

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 11-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-14

Product:
BLOG:CMS 4.x

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 03-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-21

Product:
CMS.Pilot 1.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Unpatched

Notification date:



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-20

Product:
A.CMS 1.x

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 04-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-18

Product:
Cetera CMS

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 24-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-17

Product:
ABO.CMS 5.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Notification date:

Fix issued: 05-04-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


Identifier: PT-2009-11

Vendor: SlySoft

Product:
AnyDVD 6.x
Virtual CloneDrive 5.x
CloneDVD 2.x
CloneCD 5.x

Exploitation vector: Local

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

CVE ID: CVE-2009-0824

Vulnerability status: Patched

Notification date:

Fix issued: 06-03-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Identifier: PT-2009-09

Vendor: Trend Micro

Product:
Trend Micro Internet Security Pro 2009
Trend Micro Internet Security 2008
Trend Micro Internet Security Pro 2008

Exploitation vector: Local

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

CVE ID: CVE-2009-0686

Vulnerability status: Unpatched

Notification date:



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-08 - Sunbelt Software

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
no response
02.12.2009 - Second notification
no response

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2121

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-07 - PC Tools

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.11.2009 - Vendor replied
02.24.2009 - Sent detailed information

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2121

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-06 - F-Secure

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.11.2009 - Vendor replied
02.16.2009 - Sent detailed information
02.16.2009 - Vendor replied

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2121

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Identifier: PT-2009-05

Vendor: Computer Associates (CA)

Product:
CA Internet Security Suite Plus 2009
CA Internet Security Suite Plus 2008
CA Internet Security Suite 2007

Exploitation vector: Local

Severity: Medium (4.9)
AV:L/AC:L/Au:N/C:N/I:N/A:C

CVE ID: CVE-2009-0682

Vulnerability status: Patched

Notification date:

Fix issued: 18-08-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-04 - Tall Emu

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2121

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-03 - Tall Emu

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2121

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-02 - Tall Emu

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.04.2009 - Sent detailed information

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2121

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Identifier: PT-2009-01

Vendor: PGP

Product:
PGP Corporate Desktop 9.x

Exploitation vector: Local

Severity: Medium (6.2)
AV:L/AC:H/Au:N/C:C/I:C/A:C

CVE ID: CVE-2009-0681

Vulnerability status: Patched

Notification date:

Fix issued: 02-04-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Identifier: PT-2008-09

Vendor: Microsoft

Product:
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista

Exploitation vector: Local

Severity: High (7.2)
AV:L/AC:M/Au:S/C:C/I:C/A:C

CVE ID: CVE-2009-1922

Vulnerability status: Patched

Notification date:

Fix issued: 11-08-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2008-08 - Microsoft

Vulnerability status: Unpatched

Timeline:
11.19.2008 - Vendor notified
11.21.2008 - Vendor replied

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2198

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Identifier: PT-2008-07

Vendor: VMWare

Product:
VMware Workstation 6.x
VMWare Player 2.x
VMWare ACE 2.x
VMware Server 2.x

Exploitation vector: Local

Severity: Medium (4.4)
AV:L/AC:M/Au:S/C:N/I:N/A:C

CVE ID: CVE-2009-1146

Vulnerability status: Patched

Notification date:

Fix issued: 31-03-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2008-06 VMware Multiple Products Denial of Service Vulnerability - VMWare

Vulnerability status: Patched

Timeline:
10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
05.28.2009 - Vendor releases fixed version and details

Severity: Medium (4.4)
AV:L/AC:M/Au:S/C:N/I:N/A:C

Exploitation vector: Local


Days since vendor notification:


30
60
2234

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Identifier: PT-2008-05

Vendor: VMWare

Product:
VMware Workstation 6.x
VMWare Player 2.x
VMware Server 2.x
VMWare ACE 2.x

Exploitation vector: Local

Severity: Medium (6.6)
AV:L/AC:M/Au:S/C:C/I:C/A:C

CVE ID: CVE-2009-1147

Vulnerability status: Patched

Notification date:

Fix issued: 03-04-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software an...

30 september, 2013

Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability

A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS Software and Cisco ...

30 september, 2013

Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the Network Time Protocol (NTP) feature in Cisco IO...

30 september, 2013

MS14-035: Cumulative Security Update for Internet Explorer (2969262)

This security update resolves two publicly disclosed vulnerabilities and fifty-seven privately repor...

11 june, 2014

MS14-036: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)

This security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft...

11 june, 2014

MS14-034: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)

This security update resolves one privately reported vulnerability in Microsoft Office.

10 june, 2014

This Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product

This Sun Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product.

14 april, 2010

This Alert Covers CVE-2010-0893 for the Mail Component of the Sun Convergence Product

This Alert covers CVE-2010-0893 for the mail component of the Sun Convergence product.

14 april, 2010

SunOS 5.10_x86: ucode driver patch

6905530 processor microcode code can panic when retrieving microcode revision.

02 february, 2010