VSR
Technical Advisory – Authorization Bypass Allows for Pinboard Corruption
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: ThoughtSpot - Authorization Bypass Allows for Pinboard Corruption Release Date: 2019-06-10 Application: ThoughtSpot Versions: 5.x before 5.1.2 4.4.1.x onwards Severity: Medium Author: Will Enright Vendor Status: Update Released [2] CVE Candidate: CVE-2019-12782 Reference: https://www.vsecurity.com/resources/advisory/201912782-1.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~-----------------~ From ThoughtSpot's…
Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Deltek Vision - Arbitrary SQL Execution Release Date: 2019-04-09 Application: Deltek Vision Versions: 7.x before 7.6 March 2019 CU (Cumulative Update) Severity: High Author: Robert Wessen Vendor Status: Updates available, see vendor for information. CVE Candidate: CVE-2018-18251 Reference: https://www.vsecurity.com/download/advisories/2018-18251.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=…
Technical Advisory – Bomgar Remote Support – Local Privilege Escalation
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Bomgar Remote Support - Local Privilege Escalation Release Date: 2017-10-26 Application: Bomgar Remote Support Versions: 15.2.x before 15.2.3 16.1.x before 16.1.5 16.2.x before 16.2.4 Severity: High/Medium Author: Robert Wessen Author: Mitch Kucia Vendor Status: Update Released [2] CVE Candidate: CVE-2017-5996…
Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Flaw Release Date: 2014-09-17 Application: Apple iOS Foundation Framework Apple OS X Foundation Framework Versions: iOS 7.0, 7.1, OS X 10.9 - 10.9.4 Severity: High Author: George D. Gal Vendor Status: Fix Available…
Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques
by Timothy D. Morgan and Omar Al Ibrahim The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of…
Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM WebSphere Commerce Versions: 5.6.X, 6.0.X, 7.0.X, possibly others Credit: Timothy D. Morgan George D. Gal Vendor Status: Patch Available by Request [5] CVE Candidate: CVE-2013-0523 Reference: http://www.vsecurity.com/resources/advisory/20130619-1/…
Technical Advisory – HTC IQRD Android Permission Leakage
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: HTC IQRD Android Permission Leakage Release Date: 2012-04-20 Application: IQRD on HTC Android Phones Author: Dan Rosenberg Vendor Status: Patch Released CVE Candidate: CVE-2012-2217 Reference: http://www.vsecurity.com/resources/advisory/20120420-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description ------------------- The IQRD service is HTC's implementation of a Carrier IQ…
Technical Advisory – libraptor – XXE in RDF/XML File Interpretation
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: libraptor - XXE in RDF/XML File Interpretation Release Date: 2012-03-24 Applications: libraptor / librdf (versions 1.x and 2.x) Also Affected: OpenOffice 3.x, LibreOffice 3.x, AbiWord, KOffice Author: tmorgan {a} vsecurity * com Vendor Status: Patches available; major downstream vendors and…
Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
by Dan Rosenberg In this paper, we will systematically evaluate the implementation of the Linux kernel SLOB allocator to assess exploitability. We will present new techniques for attacking the SLOB allocator, whose exploitation has not been publicly described. These techniques will apply to exploitation scenarios that become progressively more constrained,…
Technical Advisory – VMware Tools Multiple Vulnerabilities
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: VMware Tools Multiple Vulnerabilities Release Date: 2011-06-03 Application: VMware Guest Tools Severity: High Author: Dan Rosenberg Vendor Status: Patch Released [2] CVE Candidate: CVE-2011-1787, CVE-2011-2145, CVE-2011-2146 Reference: http://www.vsecurity.com/resources/advisory/20110603-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description ------------------- From [1]: "VMware Tools is a suite of…
Technical Advisory – Apple HFS+ Information Disclosure Vulnerability
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Apple HFS+ Information Disclosure Vulnerability Release Date: 2011-03-22 Application: Apple OS X kernel (XNU) Versions: All versions fbt_offset + user_bootstrapp->fbt_length > 1024) return EINVAL; If a user provides values for the fbt_offset and fbt_length members such that their sum overflows…
Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: OpenOffice.org Multiple Memory Corruption Vulnerabilities Release Date: 2011-01-26 Application: Oracle OpenOffice.org Versions: 3.2 and earlier Severity: High Author: Dan Rosenberg Vendor Status: Patch Released CVE Candidates: CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454 Reference: http://www.vsecurity.com/resources/advisory/20110126-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description ------------------- From [1]: "OpenOffice.org 3…
Technical Advisory – Citrix Access Gateway Command Injection Vulnerability
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Citrix Access Gateway Command Injection Vulnerability Release Date: 2010-12-21 Application: Citrix Access Gateway Versions: Access Gateway Enterprise Edition (up to 9.2-49.8) Access Gateway Standard & Advanced Edition (prior to 5.0) Severity: High Author: George D. Gal Vendor Status: Updated Software…
Technical Advisory – Linux RDS Protocol Local Privilege Escalation
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Linux RDS Protocol Local Privilege Escalation Release Date: 2010-10-19 Application: Linux Kernel Versions: 2.6.30 - 2.6.36-rc8 Severity: High Author: Dan Rosenberg < drosenberg (at) vsecurity (dot) com > Vendor Status: Patch Released [3] CVE Candidate: CVE-2010-3904 Reference: http://www.vsecurity.com/resources/advisory/20101019-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product…
Technical Advisory – Coda Filesystem Kernel Memory Disclosure
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Coda Filesystem Kernel Memory Disclosure Release Date: 2010-08-16 Application: Coda kernel module for NetBSD and FreeBSD Versions: All known versions Severity: Medium Author: Dan Rosenberg < drosenberg (at) vsecurity (dot) com > Vendor Status: Patch Released [2][3] CVE Candidate: CVE-2010-3014…
WebLogic Plugin HTTP Injection via Encoded URLs
VSR Security Advisory http://www.vsecurity.com/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin Versions: All known versions Severity: High Discovered by: Timothy D. Morgan < tmorgan (at) vsecurity {dot} com > Contributors: George D. Gal < ggal {at} vsecurity (dot) com > Vendor…
Multiple Cisco CSS / ACE Client Certificate and HTTP Header
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities Release Date: 2010-07-02 Application: Cisco Content Services Switch (CSS) / ACE Products Versions: Cisco CSS 11500 - 08.20.1.01 Cisco ACE 4710 - Version A3(2.5) [build 3.0(0)A3(2.5) (Other versions…
TANDBERG Video Communication Server Authentication Bypass
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Authentication Bypass Release Date: 2010-04-09 Application: Video Communication Server (VCS) Versions: x4.2.1 and possibly earlier Severity: Critical Discovered by: Jon Hart and Timothy D. Morgan Advisory by: Timothy D. Morgan <tmorgan (a) vsecurity . com> Vendor…
TANDBERG Video Communication Server Static SSH Host Keys
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Static SSH Host Keys Release Date: 2010-04-09 Application: Video Communication Server (VCS) Versions: x4.3.0, x4.2.1, and possibly earlier Severity: High Discovered by: Jon Hart Advisory by: Timothy D. Morgan <tmorgan (a) vsecurity . com> Vendor Status:…
TANDBERG Video Communication Server Arbitrary File Retrieval
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Arbitrary File Retrieval Release Date: 2010-04-09 Application: Video Communication Server (VCS) Versions: x4.3.0, x4.2.1, and possibly earlier Severity: Medium Discovered by: Jon Hart Advisory by: Timothy D. Morgan <tmorgan (a) vsecurity . com> Vendor Status: Firmware…
Chrome Password Manager Cross Origin Weakness
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Chrome Password Manager Cross Origin Weakness Release Date: 2010-02-15 Application: Google Chrome Web Browser Versions: 4.0.249.78, 3.0.195.38, and likely earlier Severity: Medium/Low Author: Timothy D. Morgan <tmorgan (a) vsecurity . com> Vendor Status: Update Released [2] CVE Candidate: CVE-2010-0556 Reference:…
Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable
by Timothy D. Morgan In this paper, we compare the security weaknesses and usability limitations of both cookie-based session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice. We propose several small changes in browser behavior and HTTP standards that will make…
Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks
by Timothy D. Morgan Recent history has proven that web communications security is highly lacking in redundancy. That is, simple breaks in common protocols, such as SSL/TLS or the authentication mechanisms which support it, often lead to catastrophic gaps in security. Recent examples of this fragile architecture abound, and even…
Research Paper – Recovering deleted data from the Windows registry
by Timothy D. Morgan The Windows registry serves as a primary storage location for system configurations and as such provides a wealth of information to investigators. Numerous researchers have worked to interpret the information stored in the registry from a digital forensic standpoint, but no definitive resource is yet available…
Java Web Start File Inclusion via System Properties Override
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Java Web Start File Inclusion via System Properties Override Release Date: 2008-12-03 Application: Sun Java Runtime Environment / Java Web Start Versions: See below Severity: High Author: Timothy D. Morgan <tmorgan {a} vsecurity.com> Vendor Status: Patch Released [3] CVE Candidate:…
Multiple Format String Injections in AFFLIB
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Format String Injections in AFFLIB Release Date: 2007-04-27 Application: AFFLIB(TM) Versions: 2.2.0-2.2.5 and likely earlier. 2.2.6-2.2.8 contain a subset of these vulnerabilities. Severity: Low Author: Timothy D. Morgan <tmorgan {at} vsecurity {dot} com> Vendor Status: Vendor Notified, Limited Fixes…
Multiple Shell Metacharacter Injections in AFFLIB
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Shell Metacharacter Injections in AFFLIB Release Date: 2007-04-27 Application: AFFLIB(TM) Versions: 2.2.0-2.2.8 and likely earlier versions Severity: Low to Medium Author: Timothy D. Morgan <tmorgan {at} vsecurity {dot} com> Vendor Status: Vendor Notified CVE Candidate: CVE-2007-2055 Reference: http://www.vsecurity.com/bulletins/advisories/2007/afflib-shellinject.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-…
Multiple Buffer Overflows Discovered in AFFLIB
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Buffer Overflows Discovered in AFFLIB Release Date: 2007-04-27 Application: AFFLIB(TM) Versions: 2.2.0 and likely earlier Severity: High Author: Timothy D. Morgan <tmorgan {at} vsecurity {dot} com> Vendor Status: Vendor Notified, Fix Available CVE Candidate: CVE-2007-2053 Reference: http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product…
PDF Form Filling and Flattening Tool Buffer Overflow
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: PDF Form Filling and Flattening Tool Buffer Overflow Release Date: 2006-05-23 Application: PDF Tools AG - PDF Form Filling and Flattening Tool Version: 3.0 (Windows) (other versions and platforms untested) Severity: High Author: George D. Gal <ggal_at_vsecurity.com> Vendor Status: Vendor…
WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices Release Date: 2006-05-08 Application: Websense in Conjunction with Cisco PIX Version: Websense 5.5.2 Cisco PIX OS / ASA < 7.0.4.12 Cisco PIX OS < 6.3.5(112) FWSM 2.3.x FWSM…
Remote Directory Traversal and File Retrieval
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Remote Directory Traversal and File Retrieval Release Date: 2006-02-03 Application: IBM Tivoli Access Manager Version: 5.1.0.10 (other versions untested) Severity: High Author: Timothy D. Morgan <tmorgan (at) vsecurity (dot) com> Vendor Status: Vendor Notified, Fix Available CVE Candidate: CVE-2006-0513 Reference:…
Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Remote Directory Traversal and File Retrieval Release Date: 2006-02-03 Application: IBM Tivoli Access Manager Version: 5.1.0.10 (other versions untested) Severity: High Author: Timothy D. Morgan <tmorgan (at) vsecurity (dot) com> Vendor Status: Vendor Notified, Fix Available CVE Candidate: CVE-2006-0513 Reference:…