ProCheckUp - Security Vulnerabilities

Friday 16 May 2008

ProCheckNet's response-driven AI technology has allowed our security consultants to discover many security vulnerabilities during penetration testing assignments.

Over the years, ProCheckUp have been credited with finding vulnerabilities in products from the following vendors:

- RSA	- Microsoft	- Aruba Networks
- IBM	- Novell	- BEA Systems
- Whale Communications	- Netscape	- Axis Communications
- Hummingbird	- Apache
- GoAhead	- F5 Networks

2008
23/04/08	PR07-44	XSS on RSA Authentication Agent login page
23/04/08	PR07-43	Cross-domain redirect on RSA Authentication Agent
13/03/08	PR08-02	Plone CMS Security Research: the Art of Plowning
28/02/08	PR07-41	XSS on Juniper Networks Secure Access 2000
	PR07-42	Webroot disclosure on Juniper Networks Secure Access 2000
20/02/08	PR08-05	ZyXEL Gateways Vulnerability Research
19/02/08	PR08-01	Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP)
	PR06-12	XSS on BEA Plumtree Foundation and AquaLogic Interaction portals
22/01/08	PR07-38	XSS on sIFR
08/01/08	PR07-12	Cross-domain redirect on Sun Java System Identity Manager 6.0/7.x
	PR07-10	Frame Injection on Sun Java System Identity Manager 6.0/7.x "helpUrl" parameter
	PR07-09	XSS on Sun Java System Identity Manager 6.0/7.x "activeControl" parameter
	PR07-08	XSS on Sun Java System Identity Manager 6.0/7.x "resultsForm" parameter
	PR07-07	XSS on Sun Java System Identity Manager 6.0/7.x login page "lang" parameter
	PR07-06	HTML Injection on Sun Java System Identity Manager 6.0 /7.x login page "cntry" parameter

2007
05/12/07	PR07-39	Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection
30/11/07	PR07-37	XSS on Apache HTTP Server 413 error pages via malformed HTTP method
28/11/07	PR07-14	Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script
	PR07-15	Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script
26/11/07	PR06-08	BEA Plumtree portal internal hostname disclosure vulnerability
	PR06-09	BEA Plumtree portal full version disclosure vulnerability
	PR06-11	BEA Plumtree portal search facility leaks usernames to unauthenticated users
15/11/07	PR07-26	Persistent XSS on Aruba 800 Mobility Controller's login page
	PR07-02	XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter)
07/09/07	PR07-13	Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script
27/09/09	PR07-24 PR07-25 PR07-28	Owning Big Brother: Multiple vulnerabilities on Axis 2100 IP cameras
29/08/07	PR07-23	Non-persistent Cross-site Scripting (XSS) on Absolute Poll Manager XE admin page
24/07/07	PR07-18	Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)
	PR07-19	Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)
	PR07-20	Webroot disclosure on Webbler CMS
	PR07-21	Webbler CMS forms are susceptible to spamming and phishing abuses
05/04/07	PR07-03	Microsoft ASP.NET request filtering can be bypassed allowing XSS and HTML injection attacks
22/01/07	PR06-14	IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability

2006
07/11/06	PR05-06	Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie
31/10/06	PR05-04	Cross Site Scripting Vulnerability In IBM Websphere
20/10/06		Security implications of failing to correctly use filtering in .NET web applications
27/09/06	PR06-03b	F5 Firepass 1000 SSL VPN version 5.5 vulnerable to Cross-Site Scripting
25/05/06	PR06-01	SiteScape Forum webroot disclosure
	PR06-02	SiteScape Forum username enumeration

2005
09/11/05	PR05-11	Mambo CMS vulnerable to a remote file downloading attack
01/11/05	PR04-12	Ringtail Casebook 6.1.0 Cross-Site Scripting vulnerability
	PR04-13	Ringtail Casebook 6.1.0 Information Disclosure vulnerability

2004
03/11/04	PR04-08	MailPost vulnerable file system information disclosure via HTTP GET request
	PR04-09	MailPost discloses sensitive system information when operating in debug mode
	PR04-10	MailPost vulnerable to cross-site scripting in the 'append' variable passed to the file as part of an HTTP GET request
	PR04-11	MailPost vulnerable to cross-site scripting via an executable requested with a trailing slash appended to the filename
14/01/04	PR03-07	Whale Communications e-Gap security appliance discloses source code via HTTP TRACE Method

2003
07/10/03	PR03-02	Hummingbird CyberDOCS sets insecure permissions on script source code files
	PR03-03	Hummingbird CyberDOCS error page discloses web server installation path
	PR03-04	Hummingbird CyberDOCS vulnerable to SQL injection
	PR03-05	Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities
13/05/03	PR03-01	Phorum Download File Disclosure Vulnerability (BID 7569)
		Phorum Multiple Path Disclosure Vulnerabilities (BID 7571)
		Phorum Register.PHP Cross-Site Scripting Vulnerability (BID 7572)
		Phorum Post.PHP Cross-Site Scripting Vulnerability (BID 7573)
		Phorum Edit User Profile Arbitrary Command Execution Vulnerability (BID 7574)
		Phorum Common.PHP Cross-Site Scripting Vulnerability (BID 7576)
		Phorum login.PHP Cross Site Scripting Vulnerability (BID 7577)
		Phorum UserAdmin Arbitrary Command Execution Vulnerability (BID 7578)
		Phorum Stats Program Arbitrary Command Execution Vulnerability (BID 7579)
		Phorum Register.PHP Connection Proxying Vulnerability (BID 7581)
		Phorum Login.PHP Connection Proxying Vulnerability (BID 7583)
		Phorum Register.PHP Existing User HTML Injection Vulnerability (BID 7584)

2002
17/12/02	PR02-13	GoAhead Web Server discloses source code of ASP files via crafted URL
04/12/02	PR02-15	Netscape Enterprise Server Manager web log viewer delayed JavaScript execution
29/05/02	PR02-05 PR02-06 PR02-07	Apache Tomcat default installation contains sample files that disclose sensitive server information
29/05/02	PR02-01 PR02-03	Novell NetWare default installation contains sample files that disclose sensitive server information
15/03/02	PR02-08	XDMCP allows remote control access
08/01/02	PR01-04	Netscape ?wp-html-rend denial of service attack
08/01/02	PR01-05	Netscape publishing wp-force-auth command

2001
20/11/01	PR01-07	Linux-Mandrake Apache default configuration sample programs disclose server information
	PR01-06	Linux-Mandrake Apache default configuration enables management interface on 8200/tcp
	PR01-03	Linux-Mandrake Apache default configuration enables directory browsing
22/10/01	PR01-02	Debug mode flaw in RSA SecurID WebID
	PR01-01	Unicode directory transversal in RSA SecurID WebID

In 2005, ProCheckUp agreed a framework for the validation and co-ordination of its security vulnerability research with the UK CPNI (previously the NISCC) in order that it can be used to assist in securing the Critical National Infrastructure (CNI), read the press release here.

ProCheckUp is not responsible for the content of external Internet sites.


	Site Map
	Privacy Policy

	Terms and Conditions