VSR Advisories

During the course of penetration testing for clients, and in independent security research, VSR analysts occasionally uncover serious flaws in commercial and open source software products. Such flaws are then responsibly disclosed to the public after first working with software vendors to address them. See below for the current list of publicly released advisories.


2013-06-19
IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

2012-04-20
HTC IQRD Android Permission Leakage

2012-03-24
libraptor - XXE in RDF/XML File Interpretation

2011-06-03
VMware Tools Multiple Vulnerabilities

2011-03-22
Apple HFS+ Information Disclosure Vulnerability

2011-01-26
OpenOffice.org Multiple Memory Corruption Vulnerabilities

2010-12-21
Citrix Access Gateway Command Injection Vulnerability

2010-10-19
Linux RDS Protocol Local Privilege Escalation

2010-08-16
Coda Filesystem Kernel Memory Disclosure

2010-07-13
WebLogic Plugin HTTP Injection via Encoded URLs

2010-07-02
Cisco CSS & ACE Certificate Spoofing and Header Manipulation

2010-04-09
TANDBERG VCS Arbitrary File Retrieval

2010-04-09
TANDBERG VCS Static SSH Host Keys

2010-04-09
TANDBERG VCS Authentication Bypass

2010-02-15
Chrome Password Manager Cross Origin Weakness

2008-12-03
Sun JRE : Java Web Start File Inclusion via System Properties Override

2007-04-27
AFFLIB™ Multiple Buffer Overflows

2007-04-27
AFFLIB™ Multiple Shell Metacharacter Injections

2007-04-27
AFFLIB™ Multiple Format String Injection

2006-05-23
PDF Tools AG PDF Form Filling and Flattening Tool: Buffer Overflow

2006-05-08
WebSense Enterprise / Cisco Filtering Devices: Websense content filter bypass (Websense bypass proxy tool)

2006-02-03
IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in.

2014-05-20
XML Schema, DTD, and Entity Attacks

2013-06-19
IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

2012-10-23
Timothy D. Morgan presents No Crack Required: Cryptanalysis in Real-World Applications at OWASP AppSecUSA 2012.

2012-07-29
Michael Coppola presents Owning the Network: Adventures in Router Rootkits at DEF CON 20 [slides].

more...

Contact us by phone,
fax or e-mail:

Phone: 617.933.8919
Fax: 617.933.8920
Email: inquiry@vsecurity.com