Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   Low (4.3) AV:N/AC:M/Au:N/C:P/I:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2009-43   Advisory published: 13.10.2009
CVE ID:   N/A   Fix issued: 12-03-2010
Discovered by:
Timur Yunusov, Positive Research
 
Severity:   Medium (7.0) AV:N/AC:M/Au:S/C:C/I:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2009-42   Advisory published: 13.10.2009
CVE ID:   N/A   Fix issued: 09-02-2010
Discovered by:
Timur Yunusov, Positive Research
 
Severity:   Low (6.4) AV:N/AC:L/Au:N/C:P/I:N/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Kayako
Product:   Kayako SupportSuite 3.x
 
Identifier:   PT-2009-41   Advisory published: 13.10.2009
CVE ID:   N/A   Fix issued: 12-03-2010
Discovered by:
Timur Yunusov, Positive Research
 
Severity:   Low (0.0) (AV:N/AC:L/Au:N/C:N/I:N/A:N/E:P/RL:W/RC:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Atlassian
Product:   JIRA 3.13.4
 
Identifier:   PT-2009-40   Advisory published: 02.06.2009
CVE ID:   N/A   Fix issued: 24-06-2009
Discovered by:
Dmitry Evteev, Positive Research
 
PT-2009-39 - Avaya
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Avaya
 
Timeline   08.04.2009 - Vendor notified 13.04.2009 - Vendor response 14.04.2009 - Sent detail information
 
Days sinse vendor notification: 3207
Discovered by:
Nikita Tarakanov, Positive Research
 
PT-2009-38 - Citrix
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Citrix
 
Timeline   10.04.2009 - Vendor notified 16.04.2009 - Vendor response 16.04.2009 - Sent detail information
 
Days sinse vendor notification: 3207
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-37 - Cisco
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Cisco
 
Timeline   10.04.2009 - Vendor notified
 
Days sinse vendor notification: 3207
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   Neo CMS
 
Identifier:   PT-2009-36   Advisory published: 27.03.2009
CVE ID:   N/A   Fix issued: 27-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-32 Cross-Site Scripting Vulnerability - N/A
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   N/A
 
Timeline   25.03.2009 - Vendor is notified
25.03.2009 - Vendor response
 
Days sinse vendor notification: 3223
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-35: SQL Injection Vulnerability - N/A
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   N/A
 
Timeline   25.03.2009 - Vendor is notified
26.03.2009 - Vendor response
 
Days sinse vendor notification: 3223
Discovered by:
Dmitry Evteev, Positive Technologies Research Team