Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2009-19 - Cisco
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Cisco
 
Timeline   10.03.2009 - Vendor notified
 
Days sinse vendor notification: 3566
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   ELDORADO CMS 3.x
 
Identifier:   PT-2009-24   Advisory published: 04.03.2009
CVE ID:   N/A   Fix issued: 13-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   TinX/cms 3.x
 
Identifier:   PT-2009-13   Advisory published: 04.03.2009
CVE ID:   CVE-2009-0825   Fix issued: 05-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-23: Multiple Vulnerabilities - N/A
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   N/A
 
Timeline   04.03.2009 - Vendor notified
04.03.2009 - Vendor response
04.03.2009 - Requested status update from vendor
24.03.2009 - Second requested status update from vendor
 
Days sinse vendor notification: 3572
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   Subrion CMS 1.x
 
Identifier:   PT-2009-16   Advisory published: 04.03.2009
CVE ID:   N/A   Fix issued: 25-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Umisoft
Product:   UMI.CMS 2.x
 
Identifier:   PT-2009-12   Advisory published: 04.03.2009
CVE ID:   N/A   Fix issued: 06-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   Low (0.0) AV:N/AC:L/Au:N/C:N/I:N/A:N
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Product:   EXcms 2.x
 
Identifier:   PT-2009-22   Advisory published: 03.03.2009
CVE ID:   N/A   Fix issued:
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   Living CMS 1.x
 
Identifier:   PT-2009-15   Advisory published: 03.03.2009
CVE ID:   N/A   Fix issued: 11-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   BLOG:CMS 4.x
 
Identifier:   PT-2009-14   Advisory published: 03.03.2009
CVE ID:   N/A   Fix issued: 03-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Product:   CMS.Pilot 1.x
 
Identifier:   PT-2009-21   Advisory published: 02.03.2009
CVE ID:   N/A   Fix issued:
Discovered by:
Dmitry Evteev, Positive Technologies Research Team