During the course of penetration testing for clients, and in independent security research, VSR analysts occasionally uncover serious flaws in commercial and open source software products. Such flaws are then responsibly disclosed to the public after first working with software vendors to address them. See below for the current list of publicly released advisories.


2014-09-17 Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability


2013-06-19 IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA


2012-04-20 HTC IQRD Android Permission Leakage
2012-03-24 libraptor - XXE in RDF/XML File Interpretation


2011-06-03 VMware Tools Multiple Vulnerabilities
2011-03-22 Apple HFS+ Information Disclosure Vulnerability
2011-01-26 Multiple Memory Corruption Vulnerabilities


2010-12-21 Citrix Access Gateway Command Injection Vulnerability
2010-10-19 Linux RDS Protocol Local Privilege Escalation
2010-08-16 Coda Filesystem Kernel Memory Disclosure
2010-07-13 WebLogic Plugin HTTP Injection via Encoded URLs
2010-07-02 Cisco CSS & ACE Certificate Spoofing and Header Manipulation
2010-04-09 TANDBERG VCS Arbitrary File Retrieval
2010-04-09 TANDBERG VCS Static SSH Host Keys
2010-04-09 TANDBERG VCS Authentication Bypass
2010-02-15 Chrome Password Manager Cross Origin Weakness


2008-12-03 Sun JRE : Java Web Start File Inclusion via System Properties Override


2007-04-27 AFFLIB™ Multiple Buffer Overflows
2007-04-27 AFFLIB™ Multiple Shell Metacharacter Injections
2007-04-27 AFFLIB™ Multiple Format String Injection


2006-05-23 PDF Tools AG PDF Form Filling and Flattening Tool: Buffer Overflow
2006-05-08 WebSense Enterprise / Cisco Filtering Devices: Websense content filter bypass (Websense bypass proxy tool)
2006-02-03 IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in.

Copyright © 2004-2015. Virtual Security Research, LLC. All rights reserved. Design by Star Graphic Design