Security Advisories

Within the scope of our activities we often happen to find vulnerabilities which have not been known yet. We contact the manufacturers to inform them about these vulnerabilities in order to allow them to implement a patch or a fix. The cooperation with the manufacturers varies, but is usually good. We have already dealt with the following manufacturers:

1. Microsoft
2. SAP
3. Nortel
4. Finjan
5. Linux community
6. OpenCMS
7. Various small software manufacturers

  Vulnerability Disclosure Policy

Date	Subject	Link
CSNC-2012-024	Real Estate Manager (Joomla Extension) - SQL Injection Vulnerability
CSNC-2012-023	Real Estate Manager (Joomla Extension) - Multiple Cross-Site-Scripting Vulnerabilities
CSNC-2012-022	jNews Core (Joomla Extension) - Multiple XSS Vulnerabilities
CSNC-2012-021	HikaShop (Joomla Extension) - Cross-Site-Scripting Vulnerability
CSNC-2012-020	HikaShop (Joomla Extension) - Redirection Vulnerability
CNSC-2012-017	ALFContact (Joomla Extension) - Cross-Site-Scripting Vulnerability
CSNC-2012-016	Remository (Joomla Extension) - Cross-Site-Scripting Vulnerability
CSNC-2012-014	K2 (Joomla Extension) - Cross-Site-Scripting Vulnerability
CSNC-2012-013	jDownloads (Joomla Extension) - Multiple Cross-Site-Scripting Vulnerabilities
CSNC-2012-012	FLEXIcontent (Joomla Extension) - SQL Injection Vulnerability
CSNC-2012-011	FLEXIcontent (Joomla Extension) - URL Redirection Vulnerability
CSNC-2012-010	AcyMailing (Joomla Extension) - Redirection Vulnerability
1784770	SAP Business Objects Enterprise XI - Multiple Cross-Site Scripting Vulnerabilities
CSNC-2012-026	Cross-Site-Scripting vulnerability in the SilverStripe blog module identified.
CSNC-2012-025	Multiple Cross-Site-Scripting vulnerabilities in the SilverStripe CMS identified.
CVE-2013-1413	Multiple vulnerabilities identified in "i-doit" CMDB web application
CSNC-2013-002	Drupal Module CurvyCorners - eine Cross-Site-Scripting Vulnerability
CSNC-2013-001	iTop Web-Applikation - Vulnerability
CSNC-2012-009	php File Manager - Unrestricted File Download (Authorization / Authentication Bypass)
CSNC-2012-008	php File Manager - Backdoor Account
CSNC-2011-001	SAP eShop clientside denial of service
CSNC-2012-004	Cross-site scripting (XSS) within 302 Redirections
CSNC-2012-002	Cross-site Request Forgery based OS Command Execution
CSNC-2012-001	Privilege Escalation, Improper Access Control
2011-10-18	Oracle RDC Onsite XSS Vulnerability
CVE-2011-1600 CVE-2011-1611	Grails Email Conf. plugin - Predictable Confirmation Token Grails Email Conf. plugin - Case Insensitive Token Verif.
CVE-2011-1825 CVE-2011-1826	CA Arcot WebFort Versatile Authentication Server
CVE-2009-4505	OpenCMS OAMP Comments Module 1.0.0
CVE-2009-1479	Camtasia Flash Vulnerability
CVE-2009-1479	Boxalino Directory Traversal Vulnerability
CVE-2009-1048	Authentication Bypass of Snom Phone Web Interface
2009	Response Header Name Injection Attack
CVE-2008-3358	SAP NetWeaver XSS Vulnerability
CVE-2008-1547	MS OWA URL Redirection Vulnerability
CVE-2008-0385	Urulu Web 2.0 SQL Injection
2008	OKI C5510MFP Printer Password Disclosure
CVE-2007-6340	LSrunasE, Supercrypt Weak Crypto
2007	VoIP Phone Audio Stream Rerouting Vulnerability
2007	Nortel_IP_phone_flooding_denial_of_service
2007	Nortel_IP_phone_forced_re-authentication
2007	Nortel_IP_phone_surveillance_mode
2007	Nortel_telephony_server_denial_of_service
2007	Nortel_UNIStim_IP_softphone_buffer-overflow
2007	DokuWiki XSS Vulnerability
2007	SAP Internet Communication Framework (BC-MID-ICF)
2007	SAP NetWeaver, Web Dynpro Java (BC-WD-JAV)
CVE-2007-4018	Citrix - Redirection Vulnerability
CVE-2007-0011	Citrix - Session Hijacking and Information Disclosure
2007	Linux Kernel Buffer Overflow
2006	Internet Explorer MS06-13 Vulnerability
2004	OpenCMS Session Fixation
2003	Finjan Content Bypass Vulnerability