Positive Technologies
    Home         Contacts         Russian
MaxPatrol
Services
Research
Downloads
Company
Research
Advisories
Whitepapers
Positive Research BLOG
SecurityLab
  
 
Advisory
All vulnerabilities published here were discovered automatically by Positive Technologies Research Team with help full-featured commercial version of MaxPatrol. Free Demo version available for download has limitations in detection of such vulnerabilities.
PT-2012-07 - TimThumb
Severity:   High (7.1) (AV:N/AC:H/Au:S/C:C/I:C/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   TimThumb
 
Notification status:   16.05.12 - Vendor is notified
16.05.12 - Vendor gets vulnerability details
Vulnerability discovered by: Alexey Moskvin, Positive Research Center (Positive Technologies Company)
 
PT-2012-06 - nginx
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   nginx
 
Notification status:   15.05.2012 - Vendor is notified
15.05.2012 - Vendor gets vulnerability details
Vulnerability discovered by: Vladimir Kochetkov, Positive Research Center (Positive Technologies Company)
 
PT-2012-05 - Quercus on Resin 4.x
Severity:   High (10) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   Quercus on Resin 4.x
 
Notification status:   23.03.2012 - Vendor is notified
23.03.2012 - Vendor gets vulnerability details
19.04.2012 - Vulnerability details were sent to CERT
Vulnerability discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)
 
PT-2012-04 - Cisco
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Cisco
 
Notification status:   13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details
Vulnerability discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2012-03 - Cisco
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Cisco
 
Notification status:   13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details
Vulnerability discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2012-02 - Cisco
Severity:   High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   Cisco
 
Notification status:   13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details
Vulnerability discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2012-01 - Cisco
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Cisco
 
Notification status:   13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details
Vulnerability discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-48: Multiple Vulnerabilities in AtMail
Severity:   High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   26.03.2012
Vector:   Remote
Systems affected:   AtMail
 
Notification status:   06.12.2011 - Vendor is notified
06.02.2012 - Vulnerability details were sent to CERT
26.03.2012 - Vendor releases fixed version and details
26.03.2012 - Public disclosure
Vulnerability discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)
 
PT-2011-47 - SAP
Severity:   Medium (7.8) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   SAP
 
Notification status:   02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details
08.05.12 - Vendor releases fixed version and details
Vulnerability discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)
 
PT-2011-46 - SAP
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   SAP
 
Notification status:   02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details
Vulnerability discovered by: Ilya Smith, Maxim Tsoy, Kirill Mosolov, Evgeny Ryzhov, Positive Research Center (Positive Technologies Company)
 
PT-2011-45 - SAP
Severity:   Medium (7.8) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   SAP
 
Notification status:   02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details
08.05.12 - Vendor releases fixed version and details
Vulnerability discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)
 
PT-2011-44 - SAP
Severity:   Medium (7.8) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   SAP
 
Notification status:   02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details
08.05.12 - Vendor releases fixed version and details
Vulnerability discovered by: Vladimir Zarichny, Positive Research Center (Positive Technologies Company)
 
PT-2011-43: Database information disclosure in Kayako Fusion
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   25.11.2011
Vector:   Remote
Systems affected:   Kayako Fusion
 
Notification status:   25.11.2011 - Vendor is notified
25.11.2011 - Vendor gets vulnerability details
25.11.2011 - Vendor releases fixed version and details
02.12.2011 - Public disclosure
Vulnerability discovered by: Yuri Goltsev, Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-42 - Citrix
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Citrix
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Kirill Mosolov, Positive Research Center (Positive Technologies Company)
 
PT-2011-41: Stored XSS vulnerability in Citrix License Administration Console
Severity:   Medium (4.9) (AV:N/AC:H/Au:S/C:C/I:N/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix License Administration Console 11.9
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
Vulnerability discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)
 
PT-2011-40: Multiple CSRF vulnerabilities in Citrix License Administration Console
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix License Administration Console 11.9
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
Vulnerability discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)
 
PT-2011-39: Denial of Service in Citrix XenServer Workload Balancer
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer-6.0.0 WLB
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
Vulnerability discovered by: Kirill Mosolov, Positive Research Center (Positive Technologies Company)
 
PT-2011-38: URL redirector abuse in Citrix XenServer Virtual Switch Controller
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer Virtual Switch Controller 6.0.x
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
Vulnerability discovered by: Kirill Mosolov, Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-37: HTTP Response Splitting in Citrix XenServer Virtual Switch Controller
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer Virtual Switch Controller 6.0.x
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
Vulnerability discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-36: Insufficient authorization in Citrix XenServer Virtual Switch Controller
Severity:   High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   13.03.2012
Vector:   Local
Systems affected:   Citrix XenServer Virtual Switch Controller 6.0.x
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
Vulnerability discovered by: Maxim Tsoy, Kirill Mosolov, Positive Research Center (Positive Technologies Company)
 
PT-2011-35: Multiple CSRF vulnerabilities in Citrix XenServer Virtual Switch Controller
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer Virtual Switch Controller 6.0.x
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
Vulnerability discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-34 - Citrix
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Citrix
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-33 - Citrix
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Citrix
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Ilya Smith, Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-32 - Citrix
Severity:   Medium (4.9) (AV:N/AC:H/Au:S/C:C/I:N/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Citrix
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Kirill Mosolov, Positive Research Center (Positive Technologies Company)
 
PT-2011-31 - Citrix
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Citrix
 
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-30: Disclosure of sensitive information in D-Link DIR-300 Router
Severity:   Medium (6.8) (AV:N/AC:L/Au:S/C:C/I:N/A:N)
Fix date:   19.09.2011
Vector:   Remote
Systems affected:   D-Link DIR-300
 
Notification status:   09.09.2011 - Vendor is notified
09.09.2011 - Vendor gets vulnerability details
19.09.2011 - Vendor releases fixed version and details
20.10.2011 - Public disclosure
Vulnerability discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)
 
PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300
Severity:   High (10.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   19.09.2011
Vector:   Remote
Systems affected:   D-Link DIR-300
 
Notification status:   09.09.2011 - Vendor is notified
09.09.2011 - Vendor gets vulnerability details
19.09.2011 - Vendor releases fixed version and details
20.10.2011 - Public disclosure
Vulnerability discovered by: Sergey Scherbel, Positive Research Center (Positive Technologies Company)
 
PT-2011-27: Multiple Vulnerabilities in Cisco ACS Web Interface
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   13.02.2012
Vector:   Remote
Systems affected:   Cisco Secure ACS 5.x
 
Notification status:   28.07.2011 - Vendor is notified
28.07.2011 - Vendor gets vulnerability details
13.02.2012 - Vendor releases fixed version and details 
20.02.2012 - Public disclosure
Vulnerability discovered by: Maxim Tsoy, Yuriy Goltsev, Alexander Zaitsev and Evgeniy Tolmachev, Positive Research Center (Positive Technologies Company)
 
PT-2011-26: Multiple Cross-Site Request Forgery and "Stored XSS" Vulnerabilities in Cisco ACS
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   13.02.2012
Vector:   Remote
Systems affected:   Cisco Secure ACS 5.x
 
Notification status:   19.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
13.02.2012 - Vendor releases fixed version and details
20.02.2012 - Public disclosure
Vulnerability discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-25: SQL injection vulnerabilities in Support Incident Tracker
Severity:   High (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   17.07.2011
Vector:   Remote
Systems affected:   Support Incident Tracker 3.x
 
Notification status:   13.07.2011 - Vendor is notified
13.07.2011 - Vendor gets vulnerability details
17.07.2011 - Vendor releases fixed version and details
22.07.2011 - Public disclosure
Vulnerability discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-24 - Arbor Networks
Severity:   High (6.8) (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   Arbor Networks
 
Notification status:   12.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Dmitriy Gutsko, Positive Research Center (Positive Technologies Company)
 
PT-2011-23: Database information disclosure in GLPI
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   21.07.2011
Vector:   Remote
Systems affected:   GLPI 0.x
 
Notification status:   11.07.2011 - Vendor is notified
20.07.2011 - Vendor gets vulnerability details
21.07.2011 - Vendor releases fixed version and details
03.08.2011 - Public disclosure
Vulnerability discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-22: Buffer overflow in Adobe Flash Player
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   09.08.2011
Vector:   Remote
Systems affected:   Adobe Flash Player 10.x
 
Notification status:   28.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
09.08.2011 - Vendor releases fixed version and details
28.03.2012 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-21: SQL injection vulnerability in OneOrZero AIMS - OneOrZero
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   no fix available
Vector:   Remote
Vendor:   OneOrZero
 
Notification status:   08.07.2011 - Vendor is notified
23.08.2011 - Vulnerability details were sent to CERT
19.10.2011 - Public disclosure
Vulnerability discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-20: Authorization bypass vulnerability in OneOrZero AIMS - OneOrZero
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   no fix available
Vector:   Remote
Vendor:   OneOrZero
 
Notification status:   08.07.2011 - Vendor is notified
23.08.2011 - Vulnerability details were sent to CERT
19.10.2011 - Public disclosure
Vulnerability discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-19: SQL injection vulnerability in Help Request System
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   16.07.2011
Vector:   Remote
Systems affected:   Help Request System 1.x
 
Notification status:   07.07.2011 - Vendor is notified
15.07.2011 - Vendor gets vulnerability details
16.07.2011 - Vendor releases fixed version and details
24.08.2011 - Public disclosure
Vulnerability discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-18 - Arbor Networks
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Arbor Networks
 
Notification status:   01.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-17 - Arbor Networks
Severity:   Medium (7.0) (AV:N/AC:M/Au:S/C:C/I:P/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Arbor Networks
 
Notification status:   01.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Maxim Tsoy, Positive Research Center (Positive Technologies Company)
 
PT-2011-16: Denial Of Service in Mozilla Firefox - Mozilla
Severity:   Low (5) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date:   no fix available
Vector:   Remote
Vendor:   Mozilla
 
Notification status:   29.06.2011 - Vendor is notified
15.07.2011 - Vendor gets vulnerability details
14.09.2011 - Vulnerability details were sent to CERT
18.10.2011 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-15 - BoonEx
Severity:   High (7.1) (AV:N/AC:H/Au:S/C:C/I:C/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   BoonEx
 
Notification status:   29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT
Vulnerability discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-14: SQL injection vulnerability in BoonEx Dolphin - BoonEx
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   no fix available
Vector:   Remote
Vendor:   BoonEx
 
Notification status:   29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT
14.09.2011 - Public disclosure
Vulnerability discovered by: Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   29.03.2012
Vector:   Remote
Systems affected:   ManageEngine ServiceDesk Plus 8.x
 
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.03.2012 - Vendor releases fixed version and details
23.04.2012 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-12: Information Disclosure in ManageEngine ServiceDesk Plus 8.0
Severity:   Medium (6.3) (AV:N/AC:M/Au:S/C:C/I:N/A:N)
Fix date:   29.11.2011
Vector:   Remote
Systems affected:   ManageEngine ServiceDesk Plus 8.x
 
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.11.2011 - Vendor releases fixed version and details
27.01.2012 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-11 - ManageEngine ServiceDesk Plus 8.x
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   ManageEngine ServiceDesk Plus 8.x
 
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
13.10.2011 - Vendor releases fixed version and details
Vulnerability discovered by: Dmitry Evteev, Positive Research Center (Positive Technologies Company)
 
PT-2011-10 - ManageEngine ServiceDesk Plus 8.x
Severity:   High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   ManageEngine ServiceDesk Plus 8.x
 
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0
Severity:   High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Fix date:   29.03.2012
Vector:   Remote
Systems affected:   ManageEngine ServiceDesk Plus 8.x
 
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.03.2012 - Vendor releases fixed version and details
23.04.2012 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-08: Multiple vulnerabilities in Dlink DPH 150SE/E/F1
Severity:   High (9.7) (AV:N/AC:L/Au:N/C:P/I:C/A:C)
Fix date:   20.07.2011
Vector:   Remote
Systems affected:   D-Link DPH 150s IP Phone
 
Notification status:   24.06.2011 - Vendor is notified
27.06.2011 - Vendor gets vulnerability details
20.07.2011 - Vendor releases fixed version and details
22.07.2011 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Gleb Gritsai and Yuri Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-07 - Cisco
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Cisco
 
Notification status:   23.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Alexander Zaitsev and Gleb Gritsai, Positive Research Center (Positive Technologies Company)
 
PT-2011-06 - VMWare
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Fix date:   no fix available
Vector:   Remote
Vendor:   VMWare
 
Notification status:   20.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details
Vulnerability discovered by: Denis Baranov, Positive Research Center (Positive Technologies Company)
 
PT-2011-05: Cross-Site Scripting in Koha Library Software
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   19.06.2011
Vector:   Remote
Systems affected:   Koha 3.x
 
Notification status:   31.05.2011 - Vendor is notified
15.06.2011 - Vendor gets vulnerability details
19.06.2011 - Vendor releases fixed version and details
06.07.2011 - Public disclosure
Vulnerability discovered by: Yuriy Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-04: Cross-Site Scripting in Kayako Support Suite
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   25.08.2011
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
 
Notification status:   30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-03: Information disclosure in Kayako Support Suite
Severity:   Low (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   25.08.2011
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
 
Notification status:   30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-02: PHP code Injection in Kayako Support Suite
Severity:   High (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   25.08.2011
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
 
Notification status:   30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
Vulnerability discovered by: Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
 
PT-2011-01: Cross-Site Scripting in Kayako Support Suite
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   25.08.2011
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
 
Notification status:   30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
Vulnerability discovered by: Yuriy Goltsev, Positive Research Center (Positive Technologies Company)
 
PT-2010-11 - IrisvisiaCMS
Severity:   High (10.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   no fix available
Vector:   Remote
Vendor:   IrisvisiaCMS
 
Notification status:   11.09.2010 - Sent email to vendor
Vulnerability discovered by: Yuri Goltsev, Positive Research
 
PT-2010-09 - Newton CMS
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Newton CMS
 
Notification status:   10.09.2010 - vendor notified
11.09.2010 - Status request sent
Vulnerability discovered by: Yuri Goltsev, Positive Research
 
PT-2010-08 - Quantum Art
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   Quantum Art
 
Notification status:   08.19.2010 - Vendor notified
11.09.2010 - Status request sent
Vulnerability discovered by: Dmitry Evteev, Positive Research
 
PT-2010-05 - OpenSSL Project
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   no fix available
Vector:   Remote
Vendor:   OpenSSL Project
 
Notification status:   09/07/2010 - Vendor notified
Vulnerability discovered by: Sergey Rublev, Positive Research
 
PT-2009-44: Multiple vulnerabilities in Kayako Support Suite - Kayako
Severity:   Medium (6.4) AV:N/AC:H/Au:M/C:C/I:C/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:   Kayako
 
Notification status:   10/12/2009 - Vendor notified
10/13/2009 - Vendor response
Vulnerability discovered by: Timur Yunusov, Positive Research
 
PT-2009-43: Session predictability in Kayako Support Suite
Severity:   Low (4.3) AV:N/AC:M/Au:N/C:P/I:N
Fix date:   12.03.2010
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
 
Notification status:   10/12/2009 - Vendor notified
10/13/2009 - Vendor response
02/09/2010 - The vendor confirmed the vulnerability and issued a workaround decision
03/12/2010 - Requested status update from vendor
04/08/2010 - Public disclosure
Vulnerability discovered by: Timur Yunusov, Positive Research
 
PT-2009-42: Cross-Site Request Forgery in Kayako Support Suite
Severity:   Medium (7.0) AV:N/AC:M/Au:S/C:C/I:P
Fix date:   09.02.2010
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
 
Notification status:   10/12/2009 - Vendor notified
10/13/2009 - Vendor response
01/19/2010 - The vendor confirmed the vulnerability and issued a workaround decision
02/09/2010 - Requested status update from vendor
04/08/2010 - Public disclosure
Vulnerability discovered by: Timur Yunusov, Positive Research
 
PT-2009-41: Multiple vulnerabilities in Kayako Support Suite
Severity:   Low (6.4) AV:N/AC:L/Au:N/C:P/I:N/A:P
Fix date:   12.03.2010
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
 
Notification status:   10/12/2009 - Vendor notified
10/13/2009 - Vendor response
01/26/2010 - The vendor confirmed the vulnerability and issued a workaround decision
03/12/2010 - Requested status update from vendor
04/08/2010 - Public disclosure
Vulnerability discovered by: Timur Yunusov, Positive Research
 
PT-2009-40: JIRA sensitive information disclosure
Severity:   Low (0.0) (AV:N/AC:L/Au:N/C:N/I:N/A:N/E:P/RL:W/RC:C)
Fix date:   24.06.2009
Vector:   Remote
Systems affected:   JIRA 3.13.4
 
Notification status:   06/02/2009 - Vendor notified
06/03/2009 - Vendor response
06/04/2009 - The vendor confirmed the vulnerability and issued a workaround decision
06/24/2009 - Requested status update from vendor
06/24/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Research
 
PT-2009-36: Neo CMS SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   27.03.2009
Vector:   Remote
Systems affected:   Neo CMS
 
Notification status:   03/26/2009 - Vendor notified
03/26/2009 - Vendor response
03/27/2009 – Vendor releases the update
05/26/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-34: AKmedia CMS SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   26.03.2009
Vector:   Remote
Systems affected:   AKmedia CMS
 
Notification status:   03/25/2009 - Vendor is notified
03/25/2009 - Vendor response
03/26/2009 – Vendor releases the update
05/26/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-33 iNTERNET.cms Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   18.05.2009
Vector:   Remote
Systems affected:   iNTERNET.cms
 
Notification status:   03/25/2009 - Vendor is notified
03/26/2009 - Vendor response
05/18/2009 - Vendor releases fixed version
05/26/2009 - Requested status update from vendor
05/27/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-29: Tribiq CMS Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   29.09.2009
Vector:   Remote
Systems affected:   Tribiq CMS 5.0.11
 
Notification status:   03/24/2009 - Vendor notified
03/24/2009 - Vendor response
09/29/2009 - Vendor issues the fixed version
10/07/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-24: ELDORADO CMS Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   13.03.2009
Vector:   Remote
Systems affected:   ELDORADO CMS 3.x
 
Notification status:   03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/24/2009 - Requested status update from vendor
03/13/2009 – Vendor releases the update
05/26/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-23: Multiple Vulnerabilities -
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor

Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-22: EXcms Root directory disclosure vulnerability -
Severity:   Low (0.0) AV:N/AC:L/Au:N/C:N/I:N/A:N
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03/03/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor
05/26/2009 - Second requested status update from vendor
05/26/2009 - Vendor response
05/27/2009 - Public disclosure


Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-21: CMS.Pilot SQL Injection Vulnerability -
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03/02/2009 - Vendor notified
no response
03/10/2009 - Second notification
no response
03/24/2009 - Second notification
no response
05/27/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-20: A.CMS Multiple Vulnerabilities
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   04.03.2009
Vector:   Remote
Systems affected:   A.CMS 1.x
 
Notification status:   03/02/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Vendor issues the fixed version
03/10/2009 - Requested status update from vendor

Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-19 - Cisco
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Cisco
 
Notification status:   03.10.2009 - Vendor notified
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-18: Cetera CMS SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   24.03.2009
Vector:   Remote
Systems affected:   Cetera CMS
 
Notification status:   02/03/2009 - Vendor is notified
02/03/2009 - Vendor response
03/03/2009 - Requested status update from vendor
03/24/2009 - Requested status update from vendor
03/24/2009 - Vendor releases fixed version and details
05/26/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-17: ABO.CMS Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   05.04.2009
Vector:   Remote
Systems affected:   ABO.CMS 5.x
 
Notification status:   03/02/2009 - Vendor notified
03/03/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-16: Subrion CMS Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   25.03.2009
Vector:   Remote
Systems affected:   Subrion CMS 1.x
 
Notification status:   03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/10/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor
03/25/2009 – Vendor releases the update
05/26/2009 - Public disclosure
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-15 Living CMS Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   11.03.2009
Vector:   Remote
Systems affected:   Living CMS 1.x
 
Notification status:   03/03/2009 - Vendor notified
03/04/2009 - Vendor response
03/10/2009 - Requested status update from vendor

Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-14: BLOG CMS Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   03.03.2009
Vector:   Remote
Systems affected:   BLOG:CMS 4.x
 
Notification status:   03/03/2009 - Vendor is notified
03/03/2009 - Vendor response
03/03/2009 - Requested status update from vendor
03/03/2009 - Vendor issues the fixed version

Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-13: TinX CMS SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   05.03.2009
Vector:   Remote
Systems affected:   TinX/cms 3.x
 
Notification status:   03/04/2009 - Vendor is notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/05/2009 - Vendor releases fixed version and details
03/06/2009 - Public disclosure

Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-12: UMI.CMS Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   06.03.2009
Vector:   Remote
Systems affected:   UMI.CMS 2.x
 
Notification status:   03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/06/2009 - Vendor releases fixed version and details
03/06/2009 - Public disclosure

Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-11: SlySoft Multiple Products ElbyCDIO.sys Denial of Service
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   06.03.2009
Vector:   Local
Systems affected:   AnyDVD 6.x
Virtual CloneDrive 5.x
CloneDVD 2.x
CloneCD 5.x
 
Notification status:   02.11.2009 - Vendor notified
02.11.2009 - Vendor replied
02.12.2009 - Sent detailed information
03.06.2009 - Vendor released fixed version
03.12.2009 - Public disclosure
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-09: Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities - Trend Micro
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Trend Micro
 
Notification status:   02.04.2009 - Vendor notified
no response
02.12.2009 - Second notification
no response
03.31.2009 - Vulnerability details disclosed by third party
03.31.2009 - Public disclosure
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-08 - Sunbelt Software
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Sunbelt Software
 
Notification status:   02.04.2009 - Vendor notified
no response
02.12.2009 - Second notification
no response
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-07 - PC Tools
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   PC Tools
 
Notification status:   02.04.2009 - Vendor notified
02.11.2009 - Vendor replied
02.24.2009 - Sent detailed information

Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-06 - F-Secure
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   F-Secure
 
Notification status:   02.04.2009 - Vendor notified
02.11.2009 - Vendor replied
02.16.2009 - Sent detailed information
02.16.2009 - Vendor replied

Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-05: CA Internet Security Suite Denial of Service Vulnerability
Severity:   Medium (4.9) AV:L/AC:L/Au:N/C:N/I:N/A:C
Fix date:   18.08.2009
Vector:   Local
Systems affected:   CA Internet Security Suite Plus 2009
CA Internet Security Suite Plus 2008
CA Internet Security Suite 2007
 
Notification status:   02/04/2009 - Vendor notified
02/04/2009 - Vendor response
02/04/2009 - Details sent
08/18/2009 - Vendor releases fixed version and details
08/25/2009 - Public disclosure
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-04 - Tall Emu
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Tall Emu
 
Notification status:   02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-03 - Tall Emu
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Tall Emu
 
Notification status:   02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-02 - Tall Emu
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Tall Emu
 
Notification status:   02.04.2009 - Vendor notified
02.04.2009 - Sent detailed information
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-01: PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities
Severity:   Medium (6.2) AV:L/AC:H/Au:N/C:C/I:C/A:C
Fix date:   02.04.2009
Vector:   Local
Systems affected:   PGP Corporate Desktop 9.x
 
Notification status:   02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information
04.02.2009 - Vendor released fixed versions
04.13.2009 - Public disclosure
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2008-09: Microsoft Windows MSMQ Privilege Escalation Vulnerability
Severity:   High (7.2) AV:L/AC:M/Au:S/C:C/I:C/A:C
Fix date:   11.08.2009
Vector:   Local
Systems affected:   Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
 
Notification status:   11.19.2008 - Vendor notified
11.21.2008 - Vendor replied
08.11.2009 - Vendor released patches
08.12.2009 - Public disclosur
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2008-08 - Microsoft
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Microsoft
 
Notification status:   11.19.2008 - Vendor notified
11.21.2008 - Vendor replied

Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2008-07: VMware Multiple Products hcmon.sys Denial of Service Vulnerability
Severity:   Medium (4.4) AV:L/AC:M/Au:S/C:N/I:N/A:C
Fix date:   31.03.2009
Vector:   Local
Systems affected:   VMware Workstation 6.x
VMWare Player 2.x
VMWare ACE 2.x
VMware Server 2.x
 
Notification status:   10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
03.31.2009 - Vendor released fixed versions
04.06.2009 - Public disclosure
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2008-06 VMware Multiple Products Denial of Service Vulnerability
Severity:   Medium (4.4) AV:L/AC:M/Au:S/C:N/I:N/A:C
Fix date:   28.05.2009
Vector:   Local
Systems affected:   VMware Workstation 6.x
VMWare Player 2.x
 
Notification status:   10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
05.28.2009 - Vendor releases fixed version and details
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2008-05: VMware Multiple Products vmci.sys Privilege Escalation Vulnerability
Severity:   Medium (6.6) AV:L/AC:M/Au:S/C:C/I:C/A:C
Fix date:   03.04.2009
Vector:   Local
Systems affected:   VMware Workstation 6.x
VMWare Player 2.x
VMware Server 2.x
VMWare ACE 2.x
 
Notification status:   10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
04.03.2009 - Vendor released fixed versions
04.06.2009 - Public disclosure
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-25: Multiple Vulnerabilities -
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03/11/2009 - Vendor notified
03/11/2009 - Vendor response
03/24/2009 - Requested status update from vendor
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-26 Cross-Site Scripting Vulnerability - Cupid Systems
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   no fix available
Vector:   Remote
Vendor:   Cupid Systems
 
Notification status:   03/11/2009 - Vendor is notified
03/11/2009 - Vendor response
03/24/2009 - Requested status update from vendor
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-31: Multiple Vulnerabilities -
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03.11.2009 - Vendor notified
no response
03.24.2009 - Second notification
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-30: Multiple Vulnerabilities -
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03.12.2009 - Vendor notified
no response
03.24.2009 - Second notification
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-27: Multiple Vulnerabilities - Huberspace
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:   Huberspace
 
Notification status:   03/24/2009 - Vendor notified
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-28: SQL Injection Vulnerability -
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03/24/2009 - Vendor is notified
03/24/2009 - Vendor response
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-35: SQL Injection Vulnerability -
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03/25/2009 - Vendor is notified
03/26/2009 - Vendor response
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-32 Cross-Site Scripting Vulnerability -
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   no fix available
Vector:   Remote
Vendor:  
 
Notification status:   03/25/2009 - Vendor is notified
03/25/2009 - Vendor response
Vulnerability discovered by: Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-37 - Cisco
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Cisco
 
Notification status:   04.10.2009 - Vendor notified
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-38 - Citrix
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Citrix
 
Notification status:   04.10.2009 - Vendor notified
04.16.2009 - Vendor response
04.16.2009 - Sent detail information
Vulnerability discovered by: Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-39 - Avaya
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   no fix available
Vector:   Local
Vendor:   Avaya
 
Notification status:   04.08.2009 - Vendor notified
04.13.2009 - Vendor response
04.14.2009 - Sent detail information
Vulnerability discovered by: Nikita Tarakanov, Positive Research
   
 
 
Copyright © 2002-2012 Positive Technologies