Security Advisories

Within the scope of our activities we often happen to find vulnerabilities which have not been known yet. We contact the manufacturers to inform them about these vulnerabilities in order to allow them to implement a patch or a fix. The cooperation with the manufacturers varies, but is usually good. We have already dealt with the following manufacturers:

  1. Microsoft
  2. SAP
  3. Nortel
  4. Finjan
  5. Linux community
  6. OpenCMS
  7. Various small software manufacturers

pdf  Vulnerability Disclosure Policy

 

Date Subject Link
     
CSNC-2012-024 Real Estate Manager (Joomla Extension) - SQL Injection Vulnerability  download
CSNC-2012-023 Real Estate Manager (Joomla Extension) - Multiple Cross-Site-Scripting Vulnerabilities  download
CSNC-2012-022 jNews Core (Joomla Extension) - Multiple XSS Vulnerabilities download
CSNC-2012-021 HikaShop (Joomla Extension) - Cross-Site-Scripting Vulnerability  download
CSNC-2012-020 HikaShop (Joomla Extension) - Redirection Vulnerability  download
CNSC-2012-017 ALFContact (Joomla Extension) - Cross-Site-Scripting Vulnerability download
CSNC-2012-016 Remository (Joomla Extension) - Cross-Site-Scripting Vulnerability download
CSNC-2012-014 K2 (Joomla Extension) - Cross-Site-Scripting Vulnerability  download
CSNC-2012-013 jDownloads (Joomla Extension) - Multiple Cross-Site-Scripting Vulnerabilities download
CSNC-2012-012 FLEXIcontent (Joomla Extension) - SQL Injection Vulnerability download
CSNC-2012-011 FLEXIcontent (Joomla Extension) - URL Redirection Vulnerability download
CSNC-2012-010 AcyMailing (Joomla Extension) - Redirection Vulnerability download
 1784770 SAP Business Objects Enterprise XI - Multiple Cross-Site Scripting Vulnerabilities download
CSNC-2012-026 Cross-Site-Scripting vulnerability in the SilverStripe blog module identified. download
CSNC-2012-025 Multiple Cross-Site-Scripting vulnerabilities in the SilverStripe CMS identified.  download
CVE-2013-1413 Multiple vulnerabilities identified in "i-doit" CMDB web application download
CSNC-2013-002 Drupal Module CurvyCorners - eine Cross-Site-Scripting Vulnerability download
CSNC-2013-001 iTop Web-Applikation - Vulnerability  
CSNC-2012-009 php File Manager - Unrestricted File Download (Authorization / Authentication Bypass)  
CSNC-2012-008 php File Manager - Backdoor Account  download
CSNC-2011-001 SAP eShop clientside denial of service download
CSNC-2012-004 Cross-site scripting (XSS) within 302 Redirections  
CSNC-2012-002 Cross-site Request Forgery based OS Command Execution   download
CSNC-2012-001 Privilege Escalation, Improper Access Control  download

2011-10-18

Oracle RDC Onsite XSS Vulnerability

 download
CVE-2011-1600
CVE-2011-1611

Grails Email Conf. plugin - Predictable Confirmation Token
Grails Email Conf. plugin - Case Insensitive Token Verif.

download
CVE-2011-1825
CVE-2011-1826
CA Arcot WebFort Versatile Authentication Server  download
CVE-2009-4505 OpenCMS OAMP Comments Module 1.0.0  
CVE-2009-1479 Camtasia Flash Vulnerability download
CVE-2009-1479 Boxalino Directory Traversal Vulnerability download
CVE-2009-1048 Authentication Bypass of Snom Phone Web Interface download
2009 Response Header Name Injection Attack  
CVE-2008-3358 SAP NetWeaver XSS Vulnerability download
CVE-2008-1547 MS OWA URL Redirection Vulnerability download
CVE-2008-0385 Urulu Web 2.0 SQL Injection
download
2008 OKI C5510MFP Printer Password Disclosure
CVE-2007-6340 LSrunasE, Supercrypt Weak Crypto
download
2007 VoIP Phone Audio Stream Rerouting Vulnerability download
2007 Nortel_IP_phone_flooding_denial_of_service download
2007 Nortel_IP_phone_forced_re-authentication download
2007 Nortel_IP_phone_surveillance_mode download
2007 Nortel_telephony_server_denial_of_service download
2007 Nortel_UNIStim_IP_softphone_buffer-overflow download
2007 DokuWiki XSS Vulnerability download
2007 SAP Internet Communication Framework (BC-MID-ICF) download
2007 SAP NetWeaver, Web Dynpro Java (BC-WD-JAV) download
CVE-2007-4018 Citrix - Redirection Vulnerability download
CVE-2007-0011 Citrix - Session Hijacking and Information Disclosure download
2007 Linux Kernel Buffer Overflow download
2006 Internet Explorer MS06-13 Vulnerability download
2004 OpenCMS Session Fixation  
2003 Finjan Content Bypass Vulnerability download

News

Vulnerability in ALFContact (Joomla Extension)
5/15/13 - Stefan Horlacher identified Cross-Site-Scripting Vulnerability

jNews Core (joomla Extension) - Multiple XSS Vulnerabilities
5/6/13 - Stefan Horlacher identified multiple XSS Vulnerabilities.

Web vulnerabilities in Remository, HikaShop and Real Estate Manager
4/9/13 - Stefan Horlacher identified several web vulnerabilities in different products und frameworks.

Web vulnerabilities in AcyMailing, FLEXIcontent, jDownloads and K2
4/9/13 - Stefan Horlacher identified serveral web vulnerabilities in different products and frameworks.

Multiple Cross-Site Scripting Vulnerabilities
4/9/13 - Axel Neumann identified Multiple Cross-Site Scripting Vulenerabilities in SAP Business Objects Enterprise XI