Code
Advisories

MSA110615-3

Advisory

MSA110615-3

Concrete5 <= 5.7.3.1 SQL Injection

MSA110615-2

Advisory

MSA110615-2

Concrete5 <= 5.7.3.1 Multiple Reflected Cross Site Scripting

MSA110615-1

Advisory

MSA110615-1

Concrete5 <= 5.7.3.1 Sendmail Remote Code Execution

Chrome cross window & cross domain object access

Advisory

Chrome cross window & cross domain object access

(more information on Bounty Winner)

SAP vulnerability id 1548548

Advisory

SAP vulnerability id 1548548

(for SAP customers only)

Java Applet Same IP Host Access

Advisory

Java Applet Same IP Host Access

DNS Rebinding on Java Applets

Advisory

DNS Rebinding on Java Applets

Http Request Splitting and Header Abuse with Java AddRequestProperty

Advisory

Http Request Splitting and Header Abuse with Java AddRequestProperty

Java-JNLP-Applet User Assisted Arbitrary Code Execution

Advisory

Java-JNLP-Applet User Assisted Arbitrary Code Execution

Get Internal Network Information with Java Applets

Advisory

Get Internal Network Information with Java Applets

#MSA260209

Advisory

#MSA260209

New Atlanta Servlet Exec Multiple Security Issues.

#MSA100410

Advisory

#MSA100410

CA Oneview Monitor “DoSave.jsp” path manipulation.

#MSA130510

Advisory

#MSA130510

JForum <= 2.08 is vulnerable to Stored Cross Site Scripting in BBCode.

#MSA261009

Advisory

#MSA261009

Liferay Calendar “exportFileName” path manipulation

#MSA251009

Advisory

#MSA251009

Liferay Json Service Multiple Information Leakage

#MSA030409

Advisory

#MSA030409

JMX Console Authentication Bypass via Verb Tampering

#MSA210509

Advisory

#MSA210509

Yahoo! Classic Mail Client side HPP Vulnerability

#MSA01111108

Advisory

#MSA01111108

Opera Xss leads to command execution.

#MSA080801

Advisory

#MSA080801

Apache Tomcat access and execution of arbitrary file.

#MSA02240108

Advisory

#MSA02240108

Microsoft Internet Explorer allows overwriting of several headers leading to Http request Splitting and smuggling.

#MSA01240108

Advisory

#MSA01240108

Microsoft Internet Explorer “Transfer-Encoding: chunked” allows Request Splitting/Smuggling.

#MSA01150108

Advisory

#MSA01150108

Apache mod_negotiation Xss and Http Response Splitting.

MSXML Header Request Vulnerability (CVE-2008-4033)

Advisory

MSXML Header Request Vulnerability (CVE-2008-4033)

Plain Old Webserver Directory Traversal Vulnerability.

Advisory

Plain Old Webserver Directory Traversal Vulnerability.

#MSA01110707

Advisory

#MSA01110707

Flash Player/Plugin Video file parsing Remote Code Execution

Advisory

IE and Firefox Digest Authentication Request Splitting (04/2007)

Php import_req_var globals overwrite Advisory (03/2007)

Advisory

Php import_req_var globals overwrite Advisory (03/2007)

Advisory

Acrobat Reader Plugin Multiple Vulnerabilities (01/2007)

Advisory

MySQL Server COM_TABLE_DUMP Information Leakage and Arbitrary command execution.(04/2006)

Advisory

MySQL Server Anonymous Login Handshake Information Leakage. (04/2006)

Advisory

MySQL Server CREATE FUNCTION libc arbitrary code execution (03/2005)

Advisory

MySQL Server CREATE FUNCTION mysql.func table arbitrary library injection (03/2005)

Advisory

MySQL Server insecure temporary File Creation (03/2005)

Advisory

Php RFC1867 Arbitrary File Upload (10/2004)

Advisory

Php shmop safemode bypass and write to arbitrary locations (10/2004)

Automation

Implement the right DevSecOps automation and Continuous Web Application Scanning for your needs.

consulting minded security

Consulting

We are a Consultancy Company focused in supporting Companies to develop secure products.

testing minded security

Testing

We performs software security analysis in white box mode and black box mode.

training minded security

Training

Training and awareness in software security is critical for information security.