Minded Security - Application Security Consulting

Advisories

Pending Disclosure:

  • Fckeditor - Risk: Medium - Status: Undisclosed
  • SAP Netweaver - Risk: Medium - Status: Undisclosed
  • Opera - Risk: Medium - Status: Undisclosed
  • Mozilla Firefox - Risk: Low - Status: Undisclosed
  • Adobe Reader - Risk: Low - Status: Undisclosed

    • Publicly Disclosed:

    • Advisory #MSA260209: New Atlanta Servlet Exec Multiple Security Issues.
    • Advisory #MSA100410: CA Oneview Monitor "DoSave.jsp" path manipulation.
    • Advisory #MSA130510: JForum <= 2.08 is vulnerable to Stored Cross Site Scripting in BBCode.
    • Advisory #MSA261009: Liferay Calendar "exportFileName" path manipulation
    • Advisory #MSA251009: Liferay Json Service Multiple Information Leakage
    • Advisory #MSA030409: JMX Console Authentication Bypass via Verb Tampering
    • Advisory #MSA210509: Yahoo! Classic Mail Client side HPP Vulnerability
    • Advisory #MSA01111108: Opera Xss leads to command execution.
    • Advisory #MSA080801: Apache Tomcat access and execution of arbitrary file.
    • Advisory #MSA02240108: Microsoft Internet Explorer allows overwriting of several headers leading to Http request Splitting and smuggling.
    • Advisory #MSA01240108: Microsoft Internet Explorer "Transfer-Encoding: chunked" allows Request Splitting/Smuggling.
    • Advisory #MSA01150108: Apache mod_negotiation Xss and Http Response Splitting
    • Advisory #MSA01110707: Flash Player/Plugin Video file parsing Remote Code Execution
    • IE and Firefox Digest Authentication Request Splitting (04/2007)
    • Php import_req_var globals overwrite Advisory (03/2007)
    • Acrobat Reader Plugin Multiple Vulnerabilities (01/2007)
    • MySQL Server COM_TABLE_DUMP Information Leakage and Arbitrary command execution.(04/2006)
    • MySQL Server Anonymous Login Handshake Information Leakage. (04/2006)
    • MySQL Server CREATE FUNCTION libc arbitrary code execution (03/2005)
    • MySQL Server CREATE FUNCTION mysql.func table arbitrary library injection (03/2005)
    • MySQL Server insecure temporary File Creation (03/2005)
    • Php RFC1867 Arbitrary File Upload (10/2004)
    • Php shmop safemode bypass and write to arbitrary locations (10/2004)
    Minded Security S.r.l. - P.Iva 05756380480 - All Rights Reserved