Technical Advisory – Authorization Bypass Allows for Pinboard Corruption

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: ThoughtSpot - Authorization Bypass Allows for Pinboard Corruption Release Date: 2019-06-10 Application: ThoughtSpot Versions: 5.x before 5.1.2 4.4.1.x onwards Severity: Medium Author: Will Enright Vendor Status: Update Released [2] CVE Candidate: CVE-2019-12782 Reference: https://www.vsecurity.com/resources/advisory/201912782-1.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~-----------------~ From ThoughtSpot's website [1]: "ThoughtSpot is a … Continue reading Technical Advisory – Authorization Bypass Allows for Pinboard Corruption

Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Deltek Vision - Arbitrary SQL Execution Release Date: 2019-04-09 Application: Deltek Vision Versions: 7.x before 7.6 March 2019 CU (Cumulative Update) Severity: High Author: Robert Wessen Vendor Status: Updates available, see vendor for information. CVE Candidate: CVE-2018-18251 Reference: https://www.vsecurity.com/download/advisories/2018-18251.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~-----------------~ From Deltek's … Continue reading Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)

Technical Advisory – Bomgar Remote Support – Local Privilege Escalation

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Bomgar Remote Support - Local Privilege Escalation Release Date: 2017-10-26 Application: Bomgar Remote Support Versions: 15.2.x before 15.2.3 16.1.x before 16.1.5 16.2.x before 16.2.4 Severity: High/Medium Author: Robert Wessen Author: Mitch Kucia Vendor Status: Update Released [2] CVE Candidate: CVE-2017-5996 Reference: https://www.vsecurity.com/download/advisories/20171026-1.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description … Continue reading Technical Advisory – Bomgar Remote Support – Local Privilege Escalation

Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Flaw Release Date: 2014-09-17 Application: Apple iOS Foundation Framework Apple OS X Foundation Framework Versions: iOS 7.0, 7.1, OS X 10.9 - 10.9.4 Severity: High Author: George D. Gal Vendor Status: Fix Available CVE Candidate: CVE-2014-4374 Reference: http://www.vsecurity.com/resources/advisory/20140917-1/Continue reading Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM WebSphere Commerce Versions: 5.6.X, 6.0.X, 7.0.X, possibly others Credit: Timothy D. Morgan George D. Gal Vendor Status: Patch Available by Request [5] CVE Candidate: CVE-2013-0523 Reference: http://www.vsecurity.com/resources/advisory/20130619-1/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~-----------------~ From … Continue reading Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks

Technical Advisory – HTC IQRD Android Permission Leakage

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: HTC IQRD Android Permission Leakage Release Date: 2012-04-20 Application: IQRD on HTC Android Phones Author: Dan Rosenberg Vendor Status: Patch Released CVE Candidate: CVE-2012-2217 Reference: http://www.vsecurity.com/resources/advisory/20120420-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description ------------------- The IQRD service is HTC's implementation of a Carrier IQ porting layer on several HTC … Continue reading Technical Advisory – HTC IQRD Android Permission Leakage

Technical Advisory – libraptor – XXE in RDF/XML File Interpretation

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: libraptor - XXE in RDF/XML File Interpretation Release Date: 2012-03-24 Applications: libraptor / librdf (versions 1.x and 2.x) Also Affected: OpenOffice 3.x, LibreOffice 3.x, AbiWord, KOffice Author: tmorgan {a} vsecurity * com Vendor Status: Patches available; major downstream vendors and operating system distributions notified CVE … Continue reading Technical Advisory – libraptor – XXE in RDF/XML File Interpretation

Technical Advisory – VMware Tools Multiple Vulnerabilities

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: VMware Tools Multiple Vulnerabilities Release Date: 2011-06-03 Application: VMware Guest Tools Severity: High Author: Dan Rosenberg Vendor Status: Patch Released [2] CVE Candidate: CVE-2011-1787, CVE-2011-2145, CVE-2011-2146 Reference: http://www.vsecurity.com/resources/advisory/20110603-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description ------------------- From [1]: "VMware Tools is a suite of utilities that enhances the performance … Continue reading Technical Advisory – VMware Tools Multiple Vulnerabilities

Technical Advisory – Apple HFS+ Information Disclosure Vulnerability

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Apple HFS+ Information Disclosure Vulnerability Release Date: 2011-03-22 Application: Apple OS X kernel (XNU) Versions: All versions fbt_offset + user_bootstrapp->fbt_length > 1024) return EINVAL; If a user provides values for the fbt_offset and fbt_length members such that their sum overflows and wraps around to an … Continue reading Technical Advisory – Apple HFS+ Information Disclosure Vulnerability

Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: OpenOffice.org Multiple Memory Corruption Vulnerabilities Release Date: 2011-01-26 Application: Oracle OpenOffice.org Versions: 3.2 and earlier Severity: High Author: Dan Rosenberg Vendor Status: Patch Released CVE Candidates: CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454 Reference: http://www.vsecurity.com/resources/advisory/20110126-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description ------------------- From [1]: "OpenOffice.org 3 is the leading open-source office … Continue reading Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities