Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako Web Solutions
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2011-03   Advisory published: 30.05.2011
CVE ID:   N/A   Fix issued: 25-08-2011
Discovered by:
Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako Web Solutions
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2011-02   Advisory published: 30.05.2011
CVE ID:   N/A   Fix issued: 25-08-2011
Discovered by:
Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako Web Solutions
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2011-01   Advisory published: 30.05.2011
CVE ID:   N/A   Fix issued: 25-08-2011
Discovered by:
Yuriy Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2010-11 - IrisvisiaCMS
Severity:   High (10.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   IrisvisiaCMS
 
Timeline   09.11.2010 - Sent email to vendor
 
Days sinse vendor notification: 2805
Discovered by:
Yuri Goltsev, Positive Research
 
PT-2010-09 - Newton CMS
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Newton CMS
 
Timeline   09.10.2010 - vendor notified
09.11.2010 - Status request sent
 
Days sinse vendor notification: 2865
Discovered by:
Yuri Goltsev, Positive Research
 
PT-2010-05 - OpenSSL Project
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   OpenSSL Project
 
Timeline   07.09.2010 - Vendor notified
 
Days sinse vendor notification: 2868
Discovered by:
Sergey Rublev, Positive Research
 
PT-2010-08 - Quantum Art
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Quantum Art
 
Timeline   19.08.2010 - Vendor notified
09.11.2010 - Status request sent
 
Days sinse vendor notification: 2887
Discovered by:
Dmitry Evteev, Positive Research
 
PT-2009-44: Multiple vulnerabilities in Kayako Support Suite - Kayako
Severity:   Medium (6.4) AV:N/AC:H/Au:M/C:C/I:C/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Kayako
 
Timeline   12.10.2009 - Vendor notified
13.10.2009 - Vendor response
 
Days sinse vendor notification: 3197
Discovered by:
Timur Yunusov, Positive Research
 
Severity:   Low (4.3) AV:N/AC:M/Au:N/C:P/I:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2009-43   Advisory published: 13.10.2009
CVE ID:   N/A   Fix issued: 12-03-2010
Discovered by:
Timur Yunusov, Positive Research
 
Severity:   Medium (7.0) AV:N/AC:M/Au:S/C:C/I:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2009-42   Advisory published: 13.10.2009
CVE ID:   N/A   Fix issued: 09-02-2010
Discovered by:
Timur Yunusov, Positive Research