Advisories

During the course of penetration testing for clients, and in independent security research, VSR analysts occasionally uncover serious flaws in commercial and open source software products. Such flaws are then responsibly disclosed to the public after first working with software vendors to address them. See below for the current list of publicly released advisories.

2014

2014-09-17 Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

2013

2013-06-19 IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

2012

2012-04-20 HTC IQRD Android Permission Leakage
2012-03-24 libraptor - XXE in RDF/XML File Interpretation

2011

2011-06-03 VMware Tools Multiple Vulnerabilities
2011-03-22 Apple HFS+ Information Disclosure Vulnerability
2011-01-26 OpenOffice.org Multiple Memory Corruption Vulnerabilities

2010

2010-12-21 Citrix Access Gateway Command Injection Vulnerability
2010-10-19 Linux RDS Protocol Local Privilege Escalation
2010-08-16 Coda Filesystem Kernel Memory Disclosure
2010-07-13 WebLogic Plugin HTTP Injection via Encoded URLs
2010-07-02 Cisco CSS & ACE Certificate Spoofing and Header Manipulation
2010-04-09 TANDBERG VCS Arbitrary File Retrieval
2010-04-09 TANDBERG VCS Static SSH Host Keys
2010-04-09 TANDBERG VCS Authentication Bypass
2010-02-15 Chrome Password Manager Cross Origin Weakness

2008

2008-12-03 Sun JRE : Java Web Start File Inclusion via System Properties Override

2007

2007-04-27 AFFLIB™ Multiple Buffer Overflows
2007-04-27 AFFLIB™ Multiple Shell Metacharacter Injections
2007-04-27 AFFLIB™ Multiple Format String Injection

2006

2006-05-23 PDF Tools AG PDF Form Filling and Flattening Tool: Buffer Overflow
2006-05-08 WebSense Enterprise / Cisco Filtering Devices: Websense content filter bypass (Websense bypass proxy tool)
2006-02-03 IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in.

Copyright © 2004-2015. Virtual Security Research, LLC. All rights reserved. Design by Star Graphic Design