Advisories
Vulnerability Database
PoC
Viruses
Research Lab

Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2012-07 - TimThumb

Vulnerability status: Unpatched

Timeline:
16.05.12 - Vendor is notified
16.05.12 - Vendor gets vulnerability details

Severity: High (7.1)
(AV:N/AC:H/Au:S/C:C/I:C/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


1

Discovered by: Alexey Moskvin, Positive Research Center (Positive Technologies Company)


PT-2012-06 - nginx

Vulnerability status: Unpatched

Timeline:
15.05.2012 - Vendor is notified
15.05.2012 - Vendor gets vulnerability details

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


2

Discovered by: Vladimir Kochetkov, Positive Research Center (Positive Technologies Company)


PT-2012-05 - Quercus on Resin 4.x

Vulnerability status: Unpatched

Timeline:
23.03.2012 - Vendor is notified
23.03.2012 - Vendor gets vulnerability details
19.04.2012 - Vulnerability details were sent to CERT

Severity: High (10)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
55

Discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)


PT-2012-04 - Cisco

Vulnerability status: Unpatched

Timeline:
13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details

Severity: Medium (4.0)
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
125

Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2012-03 - Cisco

Vulnerability status: Unpatched

Timeline:
13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
125

Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2012-02 - Cisco

Vulnerability status: Unpatched

Timeline:
13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
125

Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2012-01 - Cisco

Vulnerability status: Unpatched

Timeline:
13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
125

Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-48: Multiple Vulnerabilities in AtMail

Identifier: PT-2011-48

Vendor: AtMail

Product:
AtMail

Exploitation vector: Remote

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 06 december, 2011

Fix issued: 26-03-2012



Discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)


PT-2011-47 - SAP

Vulnerability status: Patched

Timeline:
02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details
08.05.12 - Vendor releases fixed version and details

Severity: Medium (7.8)
(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
167

Discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)


PT-2011-46 - SAP

Vulnerability status: Unpatched

Timeline:
02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
167

Discovered by: Ilya Smith, Maxim Tsoy, Kirill Mosolov, Evgeny Ryzhov, Positive Research Center (Positive Technologies Company)


PT-2011-45 - SAP

Vulnerability status: Patched

Timeline:
02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details
08.05.12 - Vendor releases fixed version and details

Severity: Medium (7.8)
(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
167

Discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)


PT-2011-44 - SAP

Vulnerability status: Patched

Timeline:
02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details
08.05.12 - Vendor releases fixed version and details

Severity: Medium (7.8)
(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
167

Discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)


PT-2011-43: Database information disclosure in Kayako Fusion

Identifier: PT-2011-43

Vendor: Kayako

Product:
Kayako Fusion

Exploitation vector: Remote

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 25 november, 2011

Fix issued: 25-11-2011



Discovered by: Yuri Goltsev, Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-42 - Citrix

Vulnerability status: Unpatched

Timeline:
10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
188

Discovered by: Kirill Mosolov, Positive Research Center (Positive Technologies Company)


PT-2011-41: Stored XSS vulnerability in Citrix License Administration Console

Identifier: PT-2011-41

Vendor: Citrix

Product:
Citrix License Administration Console 11.9

Exploitation vector: Remote

Severity: Medium (4.9)
(AV:N/AC:H/Au:S/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 11 november, 2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


PT-2011-40: Multiple CSRF vulnerabilities in Citrix License Administration Console

Identifier: PT-2011-40

Vendor: Citrix

Product:
Citrix License Administration Console 11.9

Exploitation vector: Remote

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 11 november, 2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


PT-2011-39: Denial of Service in Citrix XenServer Workload Balancer

Identifier: PT-2011-39

Vendor: Citrix

Product:
Citrix XenServer-6.0.0 WLB

Exploitation vector: Remote

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 11 november, 2011

Fix issued: 13-03-2012



Discovered by: Kirill Mosolov, Positive Research Center (Positive Technologies Company)


PT-2011-38: URL redirector abuse in Citrix XenServer Virtual Switch Controller

Identifier: PT-2011-38

Vendor: Citrix

Product:
Citrix XenServer Virtual Switch Controller 6.0.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 11 november, 2011

Fix issued: 13-03-2012



Discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-37: HTTP Response Splitting in Citrix XenServer Virtual Switch Controller

Identifier: PT-2011-37

Vendor: Citrix

Product:
Citrix XenServer Virtual Switch Controller 6.0.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 11 november, 2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-36: Insufficient authorization in Citrix XenServer Virtual Switch Controller

Identifier: PT-2011-36

Vendor: Citrix

Product:
Citrix XenServer Virtual Switch Controller 6.0.x

Exploitation vector: Local

Severity: High (9.0)
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 11 november, 2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)


PT-2011-35: Multiple CSRF vulnerabilities in Citrix XenServer Virtual Switch Controller

Identifier: PT-2011-35

Vendor: Citrix

Product:
Citrix XenServer Virtual Switch Controller 6.0.x

Exploitation vector: Remote

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 11 november, 2011

Fix issued: 13-03-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-34 - Citrix

Vulnerability status: Unpatched

Timeline:
10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
188

Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-33 - Citrix

Vulnerability status: Unpatched

Timeline:
10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
188

Discovered by: Ilya Smith, Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-32 - Citrix

Vulnerability status: Unpatched

Timeline:
10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details

Severity: Medium (4.9)
(AV:N/AC:H/Au:S/C:C/I:N/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
188

Discovered by: Kirill Mosolov, Positive Research Center (Positive Technologies Company)


PT-2011-31 - Citrix

Vulnerability status: Unpatched

Timeline:
10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details

Severity: High (7.1)
(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
188

Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-30: Disclosure of sensitive information in D-Link DIR-300 Router

Identifier: PT-2011-30

Vendor: D-Link

Product:
D-Link DIR-300

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:L/Au:S/C:C/I:N/A:N)

CVE ID: CVE-2011-4723

Vulnerability status: Patched

Advisory published: 09 september, 2011

Fix issued: 19-09-2011



Discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)


PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

Identifier: PT-2011-29

Vendor: D-Link

Product:
D-Link DIR-300

Exploitation vector: Remote

Severity: High (10.0)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 09 september, 2011

Fix issued: 19-09-2011



Discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)


PT-2011-27: Multiple Vulnerabilities in Cisco ACS Web Interface

Identifier: PT-2011-27

Vendor: Cisco

Product:
Cisco Secure ACS 5.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2011-3317

Vulnerability status: Patched

Advisory published: 28 july, 2011

Fix issued: 13-02-2012



Discovered by: Maxim Tsoy, Yuriy Goltsev, Alexander Zaitsev and Evgeniy Tolmachev, Positive Research Center (Positive Technologies Company)


PT-2011-26: Multiple Cross-Site Request Forgery and "Stored XSS" Vulnerabilities in Cisco ACS

Identifier: PT-2011-26

Vendor: Cisco

Product:
Cisco Secure ACS 5.x

Exploitation vector: Remote

Severity: Medium (6.8)
(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2011-3293

Vulnerability status: Patched

Advisory published: 19 july, 2011

Fix issued: 13-02-2012



Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-25: SQL injection vulnerabilities in Support Incident Tracker

Identifier: PT-2011-25

Vendor: Support Incident Tracker

Product:
Support Incident Tracker 3.x

Exploitation vector: Remote

Severity: High (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 13 july, 2011

Fix issued: 17-07-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-24 - Arbor Networks

Vulnerability status: Unpatched

Timeline:
12.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details

Severity: High (6.8)
(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
310

Discovered by: Dmitriy Gutsko, Positive Research Center (Positive Technologies Company)


PT-2011-23: Database information disclosure in GLPI

Identifier: PT-2011-23

Vendor: GLPI

Product:
GLPI 0.x

Exploitation vector: Remote

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 11 july, 2011

Fix issued: 21-07-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-21: SQL injection vulnerability in OneOrZero AIMS

Identifier: PT-2011-21

Vendor: OneOrZero

Product:
OneOrZero AIMS 2.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Advisory published: 08 july, 2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-20: Authorization bypass vulnerability in OneOrZero AIMS

Identifier: PT-2011-20

Vendor: OneOrZero

Product:
OneOrZero AIMS 2.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Advisory published: 08 july, 2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-19: SQL injection vulnerability in Help Request System

Identifier: PT-2011-19

Vendor: Help Request System

Product:
Help Request System 1.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 07 july, 2011

Fix issued: 16-07-2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-18 - Arbor Networks

Vulnerability status: Unpatched

Timeline:
01.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
321

Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-17 - Arbor Networks

Vulnerability status: Unpatched

Timeline:
01.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details

Severity: Medium (7.0)
(AV:N/AC:M/Au:S/C:C/I:P/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
321

Discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)


PT-2011-16: Denial Of Service in Mozilla Firefox

Identifier: PT-2011-16

Vendor: Mozilla

Product:
Mozilla Firefox 3.6.x
Mozilla Firefox 4.0.x
Mozilla Firefox 5.x
Mozilla Firefox 6.0.x
Mozilla Firefox 7.x

Exploitation vector: Remote

Severity: Low (5)
(AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Advisory published: 29 june, 2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-15 - BoonEx

Vulnerability status: Unpatched

Timeline:
29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT

Severity: High (7.1)
(AV:N/AC:H/Au:S/C:C/I:C/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
323

Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-14: SQL injection vulnerability in BoonEx Dolphin

Identifier: PT-2011-14

Vendor: BoonEx

Product:
Dolphin 6.x

Exploitation vector: Remote

Severity: High (7.5)
(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Unpatched

Advisory published: 29 june, 2011



Discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-22: Buffer overflow in Adobe Flash Player

Identifier: PT-2011-22

Vendor: Adobe Systems

Product:
Adobe Flash Player 10.x

Exploitation vector: Remote

Severity: High (10)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2011-2137

Vulnerability status: Patched

Advisory published: 28 june, 2011

Fix issued: 09-08-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0

Identifier: PT-2011-13

Vendor: ManageEngine ServiceDesk Plus 8.x

Product:
ManageEngine ServiceDesk Plus 8.x

Exploitation vector: Remote

Severity: Medium (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 24 june, 2011

Fix issued: 29-03-2012



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-12: Information Disclosure in ManageEngine ServiceDesk Plus 8.0

Identifier: PT-2011-12

Vendor: ManageEngine ServiceDesk Plus 8.x

Product:
ManageEngine ServiceDesk Plus 8.x

Exploitation vector: Remote

Severity: Medium (6.3)
(AV:N/AC:M/Au:S/C:C/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 24 june, 2011

Fix issued: 29-11-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-11 - ManageEngine ServiceDesk Plus 8.x

Vulnerability status: Patched

Timeline:
24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
13.10.2011 - Vendor releases fixed version and details

Severity: High (7.8)
(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
328

Discovered by: Dmitry Evteev, Positive Research Center (Positive Technologies Company)


PT-2011-10 - ManageEngine ServiceDesk Plus 8.x

Vulnerability status: Unpatched

Timeline:
24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details

Severity: High (8.5)
(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
328

Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0

Identifier: PT-2011-09

Vendor: ManageEngine ServiceDesk Plus 8.x

Product:
ManageEngine ServiceDesk Plus 8.x

Exploitation vector: Remote

Severity: High (8.5)
(AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 24 june, 2011

Fix issued: 29-03-2012



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-08: Multiple vulnerabilities in Dlink DPH 150SE/E/F1

Identifier: PT-2011-08

Vendor: D-Link

Product:
D-Link DPH 150s IP Phone

Exploitation vector: Remote

Severity: High (9.7)
(AV:N/AC:L/Au:N/C:P/I:C/A:C)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 24 june, 2011

Fix issued: 20-07-2011



Discovered by: Alexander Zaitsev, Gleb Gritsai and Yuri Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-07 - Cisco

Vulnerability status: Unpatched

Timeline:
23.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details

Severity: Medium (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
329

Discovered by: Alexander Zaitsev and Gleb Gritsai, Positive Research Center (Positive Technologies Company)


PT-2011-06 - VMWare

Vulnerability status: Unpatched

Timeline:
20.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details

Severity: Medium (5.8)
(AV:N/AC:M/Au:N/C:N/I:P/A:P)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
332

Discovered by: Denis Baranov, Positive Research Center (Positive Technologies Company)


PT-2011-05: Cross-Site Scripting in Koha Library Software

Identifier: PT-2011-05

Vendor: Koha Library Software

Product:
Koha 3.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 31 may, 2011

Fix issued: 19-06-2011



Discovered by: Yuriy Goltsev, Positive Research Center (Positive Technologies Company)


PT-2011-04: Cross-Site Scripting in Kayako Support Suite

Identifier: PT-2011-04

Vendor: Kayako Web Solutions

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 30 may, 2011

Fix issued: 25-08-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-03: Information disclosure in Kayako Support Suite

Identifier: PT-2011-03

Vendor: Kayako Web Solutions

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Low (5.0)
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 30 may, 2011

Fix issued: 25-08-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-02: PHP code Injection in Kayako Support Suite

Identifier: PT-2011-02

Vendor: Kayako Web Solutions

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: High (6.5)
(AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 30 may, 2011

Fix issued: 25-08-2011



Discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


PT-2011-01: Cross-Site Scripting in Kayako Support Suite

Identifier: PT-2011-01

Vendor: Kayako Web Solutions

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Medium (4.3)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 30 may, 2011

Fix issued: 25-08-2011



Discovered by: Yuriy Goltsev, Positive Research Center (Positive Technologies Company)


PT-2010-11 - IrisvisiaCMS

Vulnerability status: Unpatched

Timeline:
11.09.2010 - Sent email to vendor

Severity: High (10.0)
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
555

Discovered by: Yuri Goltsev, Positive Research


PT-2010-09 - Newton CMS

Vulnerability status: Unpatched

Timeline:
10.09.2010 - vendor notified
11.09.2010 - Status request sent

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
615

Discovered by: Yuri Goltsev, Positive Research


PT-2010-05 - OpenSSL Project

Vulnerability status: Unpatched

Timeline:
09/07/2010 - Vendor notified

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
618

Discovered by: Sergey Rublev, Positive Research


PT-2010-08 - Quantum Art

Vulnerability status: Unpatched

Timeline:
08.19.2010 - Vendor notified
11.09.2010 - Status request sent

Severity: Medium (6.4)
(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitation vector: Remote


Days sinse vendor notification:


30
60
637

Discovered by: Dmitry Evteev, Positive Research


PT-2009-44: Multiple vulnerabilities in Kayako Support Suite - Kayako

Vulnerability status: Unpatched

Timeline:
10/12/2009 - Vendor notified
10/13/2009 - Vendor response

Severity: Medium (6.4)
AV:N/AC:H/Au:M/C:C/I:C/A:P

Exploitation vector: Remote


Days sinse vendor notification:


30
60
947

Discovered by: Timur Yunusov, Positive Research


PT-2009-43: Session predictability in Kayako Support Suite

Identifier: PT-2009-43

Vendor: Kayako

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Low (4.3)
AV:N/AC:M/Au:N/C:P/I:N

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 13 october, 2009

Fix issued: 12-03-2010



Discovered by: Timur Yunusov, Positive Research


PT-2009-42: Cross-Site Request Forgery in Kayako Support Suite

Identifier: PT-2009-42

Vendor: Kayako

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Medium (7.0)
AV:N/AC:M/Au:S/C:C/I:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 13 october, 2009

Fix issued: 09-02-2010



Discovered by: Timur Yunusov, Positive Research


PT-2009-41: Multiple vulnerabilities in Kayako Support Suite

Identifier: PT-2009-41

Vendor: Kayako

Product:
Kayako SupportSuite 3.x

Exploitation vector: Remote

Severity: Low (6.4)
AV:N/AC:L/Au:N/C:P/I:N/A:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 13 october, 2009

Fix issued: 12-03-2010



Discovered by: Timur Yunusov, Positive Research


PT-2009-40: JIRA sensitive information disclosure

Identifier: PT-2009-40

Vendor: Atlassian

Product:
JIRA 3.13.4

Exploitation vector: Remote

Severity: Low (0.0)
(AV:N/AC:L/Au:N/C:N/I:N/A:N/E:P/RL:W/RC:C)

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 02 june, 2009

Fix issued: 24-06-2009



Discovered by: Dmitry Evteev, Positive Research


PT-2009-39 - Avaya

Vulnerability status: Unpatched

Timeline:
04.08.2009 - Vendor notified 04.13.2009 - Vendor response 04.14.2009 - Sent detail information

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1133

Discovered by: Nikita Tarakanov, Positive Research


PT-2009-38 - Citrix

Vulnerability status: Unpatched

Timeline:
04.10.2009 - Vendor notified 04.16.2009 - Vendor response 04.16.2009 - Sent detail information

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1133

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-37 - Cisco

Vulnerability status: Unpatched

Timeline:
04.10.2009 - Vendor notified

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1133

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-36: Neo CMS SQL Injection Vulnerability

Identifier: PT-2009-36

Product:
Neo CMS

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 27 march, 2009

Fix issued: 27-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-32 Cross-Site Scripting Vulnerability - N/A

Vulnerability status: Unpatched

Timeline:
03/25/2009 - Vendor is notified
03/25/2009 - Vendor response

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1149

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-35: SQL Injection Vulnerability - N/A

Vulnerability status: Unpatched

Timeline:
03/25/2009 - Vendor is notified
03/26/2009 - Vendor response

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1149

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-34: AKmedia CMS SQL Injection Vulnerability

Identifier: PT-2009-34

Product:
AKmedia CMS

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 25 march, 2009

Fix issued: 26-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-33 iNTERNET.cms Cross-Site Scripting Vulnerability

Identifier: PT-2009-33

Product:
iNTERNET.cms

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 25 march, 2009

Fix issued: 18-05-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-29: Tribiq CMS Multiple Vulnerabilities

Identifier: PT-2009-29

Product:
Tribiq CMS 5.0.11

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 24 march, 2009

Fix issued: 29-09-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-28: SQL Injection Vulnerability - N/A

Vulnerability status: Unpatched

Timeline:
03/24/2009 - Vendor is notified
03/24/2009 - Vendor response

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1150

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-27: Multiple Vulnerabilities - Huberspace

Vulnerability status: Unpatched

Timeline:
03/24/2009 - Vendor notified

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1150

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-30: Multiple Vulnerabilities - N/A

Vulnerability status: Patched

Timeline:
03.12.2009 - Vendor notified
no response
03.24.2009 - Second notification

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1162

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-31: Multiple Vulnerabilities - N/A

Vulnerability status: Unpatched

Timeline:
03.11.2009 - Vendor notified
no response
03.24.2009 - Second notification

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1163

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-26 Cross-Site Scripting Vulnerability - Cupid Systems

Vulnerability status: Unpatched

Timeline:
03/11/2009 - Vendor is notified
03/11/2009 - Vendor response
03/24/2009 - Requested status update from vendor

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1163

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-25: Multiple Vulnerabilities - N/A

Vulnerability status: Unpatched

Timeline:
03/11/2009 - Vendor notified
03/11/2009 - Vendor response
03/24/2009 - Requested status update from vendor

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1163

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-19 - Cisco

Vulnerability status: Unpatched

Timeline:
03.10.2009 - Vendor notified

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1164

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-24: ELDORADO CMS Multiple Vulnerabilities

Identifier: PT-2009-24

Product:
ELDORADO CMS 3.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 04 march, 2009

Fix issued: 13-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-13: TinX CMS SQL Injection Vulnerability

Identifier: PT-2009-13

Product:
TinX/cms 3.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: CVE-2009-0825

Vulnerability status: Patched

Advisory published: 04 march, 2009

Fix issued: 05-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-23: Multiple Vulnerabilities - N/A

Vulnerability status: Unpatched

Timeline:
03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation vector: Remote


Days sinse vendor notification:


30
60
1170

Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-16: Subrion CMS Multiple Vulnerabilities

Identifier: PT-2009-16

Product:
Subrion CMS 1.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 04 march, 2009

Fix issued: 25-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-12: UMI.CMS Cross-Site Scripting Vulnerability

Identifier: PT-2009-12

Vendor: Umisoft

Product:
UMI.CMS 2.x

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 04 march, 2009

Fix issued: 06-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-22: EXcms Root directory disclosure vulnerability

Identifier: PT-2009-22

Product:
EXcms 2.x

Exploitation vector: Remote

Severity: Low (0.0)
AV:N/AC:L/Au:N/C:N/I:N/A:N

CVE ID: N/A

Vulnerability status: Unpatched

Advisory published: 03 march, 2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-15 Living CMS Cross-Site Scripting Vulnerability

Identifier: PT-2009-15

Product:
Living CMS 1.x

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 03 march, 2009

Fix issued: 11-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-14: BLOG CMS Cross-Site Scripting Vulnerability

Identifier: PT-2009-14

Product:
BLOG:CMS 4.x

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 03 march, 2009

Fix issued: 03-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-21: CMS.Pilot SQL Injection Vulnerability

Identifier: PT-2009-21

Product:
CMS.Pilot 1.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Unpatched

Advisory published: 02 march, 2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-20: A.CMS Multiple Vulnerabilities

Identifier: PT-2009-20

Product:
A.CMS 1.x

Exploitation vector: Remote

Severity: Medium (4.3)
AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 02 march, 2009

Fix issued: 04-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-18: Cetera CMS SQL Injection Vulnerability

Identifier: PT-2009-18

Product:
Cetera CMS

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 02 march, 2009

Fix issued: 24-03-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-17: ABO.CMS Multiple Vulnerabilities

Identifier: PT-2009-17

Product:
ABO.CMS 5.x

Exploitation vector: Remote

Severity: High (7.5)
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE ID: N/A

Vulnerability status: Patched

Advisory published: 02 march, 2009

Fix issued: 05-04-2009



Discovered by: Dmitry Evteev, Positive Technologies Research Team


PT-2009-11: SlySoft Multiple Products ElbyCDIO.sys Denial of Service

Identifier: PT-2009-11

Vendor: SlySoft

Product:
AnyDVD 6.x
Virtual CloneDrive 5.x
CloneDVD 2.x
CloneCD 5.x

Exploitation vector: Local

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

CVE ID: CVE-2009-0824

Vulnerability status: Patched

Advisory published: 11 february, 2009

Fix issued: 06-03-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-09: Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities

Identifier: PT-2009-09

Vendor: Trend Micro

Product:
Trend Micro Internet Security Pro 2009
Trend Micro Internet Security 2008
Trend Micro Internet Security Pro 2008

Exploitation vector: Local

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

CVE ID: CVE-2009-0686

Vulnerability status: Unpatched

Advisory published: 04 february, 2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-08 - Sunbelt Software

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
no response
02.12.2009 - Second notification
no response

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1198

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-07 - PC Tools

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.11.2009 - Vendor replied
02.24.2009 - Sent detailed information

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1198

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-06 - F-Secure

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.11.2009 - Vendor replied
02.16.2009 - Sent detailed information
02.16.2009 - Vendor replied

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1198

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-05: CA Internet Security Suite Denial of Service Vulnerability

Identifier: PT-2009-05

Vendor: Computer Associates (CA)

Product:
CA Internet Security Suite Plus 2009
CA Internet Security Suite Plus 2008
CA Internet Security Suite 2007

Exploitation vector: Local

Severity: Medium (4.9)
AV:L/AC:L/Au:N/C:N/I:N/A:C

CVE ID: CVE-2009-0682

Vulnerability status: Patched

Advisory published: 04 february, 2009

Fix issued: 18-08-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-04 - Tall Emu

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information

Severity: Medium (6.9)
AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1198

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-03 - Tall Emu

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1198

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-02 - Tall Emu

Vulnerability status: Unpatched

Timeline:
02.04.2009 - Vendor notified
02.04.2009 - Sent detailed information

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1198

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2009-01: PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities

Identifier: PT-2009-01

Vendor: PGP

Product:
PGP Corporate Desktop 9.x

Exploitation vector: Local

Severity: Medium (6.2)
AV:L/AC:H/Au:N/C:C/I:C/A:C

CVE ID: CVE-2009-0681

Vulnerability status: Patched

Advisory published: 04 february, 2009

Fix issued: 02-04-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2008-09: Microsoft Windows MSMQ Privilege Escalation Vulnerability

Identifier: PT-2008-09

Vendor: Microsoft

Product:
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista

Exploitation vector: Local

Severity: High (7.2)
AV:L/AC:M/Au:S/C:C/I:C/A:C

CVE ID: CVE-2009-1922

Vulnerability status: Patched

Advisory published: 19 november, 2008

Fix issued: 11-08-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2008-08 - Microsoft

Vulnerability status: Unpatched

Timeline:
11.19.2008 - Vendor notified
11.21.2008 - Vendor replied

Severity: Medium (4.7)
AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1275

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2008-07: VMware Multiple Products hcmon.sys Denial of Service Vulnerability

Identifier: PT-2008-07

Vendor: VMWare

Product:
VMware Workstation 6.x
VMWare Player 2.x
VMWare ACE 2.x
VMware Server 2.x

Exploitation vector: Local

Severity: Medium (4.4)
AV:L/AC:M/Au:S/C:N/I:N/A:C

CVE ID: CVE-2009-1146

Vulnerability status: Patched

Advisory published: 14 october, 2008

Fix issued: 31-03-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2008-06 VMware Multiple Products Denial of Service Vulnerability - VMWare

Vulnerability status: Patched

Timeline:
10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
05.28.2009 - Vendor releases fixed version and details

Severity: Medium (4.4)
AV:L/AC:M/Au:S/C:N/I:N/A:C

Exploitation vector: Local


Days sinse vendor notification:


30
60
1311

Discovered by: Nikita Tarakanov, Positive Technologies Research Team


PT-2008-05: VMware Multiple Products vmci.sys Privilege Escalation Vulnerability

Identifier: PT-2008-05

Vendor: VMWare

Product:
VMware Workstation 6.x
VMWare Player 2.x
VMware Server 2.x
VMWare ACE 2.x

Exploitation vector: Local

Severity: Medium (6.6)
AV:L/AC:M/Au:S/C:C/I:C/A:C

CVE ID: CVE-2009-1147

Vulnerability status: Patched

Advisory published: 14 october, 2008

Fix issued: 03-04-2009



Discovered by: Nikita Tarakanov, Positive Technologies Research Team


Search
Cisco

Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities

Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to ...

27 october, 2011

Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras

A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 24 ...

27 october, 2011

Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive ...

27 october, 2011

Microsoft

MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

This security update resolves two privately reported vulnerabilities in the .NET Framework.

09 may, 2012

MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

This security update resolves three publicly disclosed vulnerabilities and seven privately reported ...

08 may, 2012

MS12-033: Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

This security update resolves a privately reported vulnerability in Microsoft Windows.

08 may, 2012

Sun Microsystems

This Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product

This Sun Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product.

14 april, 2010

This Alert Covers CVE-2010-0893 for the Mail Component of the Sun Convergence Product

This Alert covers CVE-2010-0893 for the mail component of the Sun Convergence product.

14 april, 2010

SunOS 5.10_x86: ucode driver patch

6905530 processor microcode code can panic when retrieving microcode revision.

02 february, 2010

AdvertismentAbout ProjectContact UsCopyrightExportRSSMy SettingsMap