Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   ManageEngine ServiceDesk Plus 8.x
Product:   ManageEngine ServiceDesk Plus 8.x
 
Identifier:   PT-2011-13   Advisory published: 24.06.2011
CVE ID:   N/A   Fix issued: 29-03-2012
Discovered by:
Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.3) (AV:N/AC:M/Au:S/C:C/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   ManageEngine ServiceDesk Plus 8.x
Product:   ManageEngine ServiceDesk Plus 8.x
 
Identifier:   PT-2011-12   Advisory published: 24.06.2011
CVE ID:   N/A   Fix issued: 29-11-2011
Discovered by:
Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   ManageEngine ServiceDesk Plus 8.x
Product:   ManageEngine ServiceDesk Plus 8.x
 
Identifier:   PT-2011-11   Advisory published: 24.06.2011
CVE ID:   N/A   Fix issued: 23-04-2012
Discovered by:
Dmitry Evteev, Positive Research Center (Positive Technologies Company)
 
Severity:   High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   ManageEngine ServiceDesk Plus 8.x
Product:   ManageEngine ServiceDesk Plus 8.x
 
Identifier:   PT-2011-10   Advisory published: 24.06.2011
CVE ID:   N/A   Fix issued: 23-04-2012
Discovered by:
Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
Severity:   High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   ManageEngine ServiceDesk Plus 8.x
Product:   ManageEngine ServiceDesk Plus 8.x
 
Identifier:   PT-2011-09   Advisory published: 24.06.2011
CVE ID:   N/A   Fix issued: 29-03-2012
Discovered by:
Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.7) (AV:N/AC:L/Au:N/C:P/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   D-Link
Product:   D-Link DPH 150s IP Phone
 
Identifier:   PT-2011-08   Advisory published: 24.06.2011
CVE ID:   N/A   Fix issued: 20-07-2011
Discovered by:
Alexander Zaitsev, Gleb Gritsai and Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Cisco
Product:   Cisco SPA8000 8-port IP Telephony Gateway 6.x
Cisco SPA8800 IP Telephony Gateway 6.x
Cisco SPA2102 Phone Adapter with Router 5.x
Cisco SPA3102 Voice Gateway with Router 5.x
Cisco Small Business SPA500 Series IP Phones 7.x
 
Identifier:   PT-2011-07   Advisory published: 23.06.2011
CVE ID:   CVE-2011-2545   Fix issued: 12-06-2012
Discovered by:
Alexander Zaitsev, Gleb Gritsai, Positive Research Center (Positive Technologies Company)
 
PT-2011-06 - VMWare
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   VMWare
 
Timeline   20.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details
 
Days sinse vendor notification: 2582
Discovered by:
Denis Baranov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Koha Library Software
Product:   Koha 3.x
 
Identifier:   PT-2011-05   Advisory published: 31.05.2011
CVE ID:   N/A   Fix issued: 19-06-2011
Discovered by:
Yuriy Goltsev, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako Web Solutions
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2011-04   Advisory published: 30.05.2011
CVE ID:   N/A   Fix issued: 25-08-2011
Discovered by:
Alexander Zaitsev, Positive Research Center (Positive Technologies Company)