VSR Advisories
During the course of penetration testing for clients, and in independent security research, VSR analysts occasionally uncover serious flaws in commercial and open source software products. Such flaws are then responsibly disclosed to the public after first working with software vendors to address them. See below for the current list of publicly released advisories.
- 2010-08-16 - Coda Filesystem Kernel Memory Disclosure
- 2010-07-13 - WebLogic Plugin HTTP Injection via Encoded URLs
- 2010-07-02 - Cisco CSS & ACE Certificate Spoofing and Header Manipulation
- 2010-04-09 - TANDBERG VCS Arbitrary File Retrieval
- 2010-04-09 - TANDBERG VCS Static SSH Host Keys
- 2010-04-09 - TANDBERG VCS Authentication Bypass
- 2010-02-15 - Chrome Password Manager Cross Origin Weakness
- 2008-12-03 - Sun Java™ Runtime Environment: Java Web Start File Inclusion via System Properties Override
- 2007-04-27 - AFFLIB™ Multiple Buffer Overflows
- 2007-04-27 - AFFLIB™ Multiple Shell Metacharacter Injections
- 2007-04-27 - AFFLIB™ Multiple Format String Injections
- 2006-05-23 - PDF Tools AG PDF Form Filling and Flattening Tool: Buffer Overflow
- 2006-05-08 - WebSense Enterprise / Cisco Filtering Devices: Websense content filter bypass (Websense bypass proxy tool)
- 2006-02-03 - IBM Tivoli Access Manager: Remote Directory Traversal and File Retrieval via web server plug-in.
