Vulnerabilities 2007 Banner
Wednesday 14 May 2008

ProCheckNet's response-driven AI technology has allowed our security consultants to discover many security vulnerabilities during penetration testing assignments.

Security vulnerabilities in products from the following vendors have all been credited to ProCheckUp by CERT/CC and/or CPNI (previously the NISCC)

- RSA - Microsoft - Aruba Networks
- IBM - Novell - BEA Systems
- Whale Communications - Netscape - Axis Communications
- Hummingbird - Apache  
- GoAhead - F5 Networks  

Latest ProCheckUp Security Advisories

05/12/07

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection

30/11/07

PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method

28/11/07

PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script

PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script

26/11/07

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability

PR06-09: BEA Plumtree portal full version disclosure vulnerability

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users

15/11/07

PR07-26: Persistent XSS on Aruba 800 Mobility Controller's login page

PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter)

07/09/07

PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script

27/09/07

PR07-24, PR07-25, PR07-28: Owning Big Brother: Multiple vulnerabilities on Axis 2100 IP cameras

29/08/07

PR07-23: Non-persistent Cross-site Scripting (XSS) on Absolute Poll Manager XE admin page

24/07/07

PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)

PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)

PR07-20: Webroot disclosure on Webbler CMS

PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses

05/04/07

PR07-03: Microsoft ASP.NET request filtering can be bypassed allowing XSS and HTML injection attacks

22/01/07

PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability

 

In 2005, ProCheckUp agreed a framework for the validation and co-ordination of its security vulnerability research with the UK CPNI (previously the NISCC) in order that it can be used to assist in securing the Critical National Infrastructure (CNI), read the press release here.

 

ProCheckUp is not responsible for the content of external Internet sites.

Penetration Testing
PCI DSS Version 1.1
Press Releases
 
  Site Map
Privacy Policy
Terms and Conditions
© ProCheckUp Ltd 2006