We occasionally discover security problems during internal
learning processes or in systems that we use or test for our
projects. Time permitting (and that's really really rare lately), we analyze these security problems
and alert the vendors and the public.
|
|
Title:
|
Jet Database Engine Remote Code Execution Vulnerability
|
Report:
|
-
|
Vendor:
|
Microsoft
|
Status:
|
problem fixed
|
References:
|
Microsoft Security Advisory CVE-2019-0579
|
CVE:
|
CVE-2019-0579
|
|
|
Title:
|
VMware Movie Decoder Installer msiexec.exe Planting
|
Report:
|
-
|
Vendor:
|
VMware
|
Status:
|
problem fixed
|
References:
|
VMware Security Advisory VMSA-2012-0014
|
CVE:
|
CVE-2012-4897
|
|
|
Title:
|
Adobe Reader X (10.1.2) msiexec.exe Planting
|
Report:
|
Blog post
|
Vendor:
|
Adobe
|
Status:
|
problem fixed, report published
|
References:
|
Security updates available for Adobe Reader and Acrobat (APSB12-08)
|
CVE:
|
CVE-2012-0776
|
|
|
Title:
|
Google Chrome HTTPS Address Bar Spoofing
|
Report:
|
Blog post
|
Vendor:
|
Google
|
Status:
|
problem fixed, report published
|
References:
|
Chrome 16 Stable Channel Update
|
CVE:
|
CVE-2011-3907
|
|
|
Title:
|
Remote Binary Planting in Mozilla Thunderbird
|
Report:
|
ASPR #2011-08-18-2
|
Vendor:
|
Mozilla
|
Status:
|
problem fixed, report published
|
References:
|
Mozilla Foundation Security Advisory 2011-32
|
CVE:
|
CVE-2011-2980
|
|
|
Title:
|
Remote Binary Planting in Mozilla Firefox
|
Report:
|
ASPR #2011-08-18-1
|
Vendor:
|
Mozilla
|
Status:
|
problem fixed, report published
|
References:
|
Mozilla Foundation Security Advisory 2011-30
|
CVE:
|
CVE-2011-2980
|
|
|
Title:
|
Remote Binary Planting in Adobe Flash Player
|
Report:
|
ASPR #2011-02-11-2
|
Vendor:
|
Adobe Systems, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
Security update available for Adobe Flash Player
|
CVE:
|
CVE-2011-0575
|
|
|
Title:
|
Remote Binary Planting in Adobe Reader
|
Report:
|
ASPR #2011-02-11-1
|
Vendor:
|
Adobe Systems, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
Security updates available for Adobe Reader and Acrobat
|
CVE:
|
CVE-2011-0562
|
|
|
Title:
|
Remote Binary Planting in Multiple F-Secure Products
|
Report:
|
ASPR #2011-01-11-1
|
Vendor:
|
F-Secure Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Security Advisory FSC-2010-4 - Binary planting vulnerability
|
CVE:
|
unknown
|
|
|
Title:
|
Remote Binary Planting in Windows Address Book
|
Report:
|
ASPR #2010-12-14-1
|
Vendor:
|
Microsoft Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft Security Bulletin MS10-096 - Important
|
CVE:
|
CVE-2010-3147
|
|
|
Title:
|
Remote Binary Planting in Microsoft Excel 2010
|
Report:
|
ASPR #2010-11-10-3
|
Vendor:
|
Microsoft Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft Security Bulletin MS10-087 - Critical
|
CVE:
|
CVE-2010-3337
|
|
|
Title:
|
Remote Binary Planting in Microsoft Word 2010
|
Report:
|
ASPR #2010-11-10-2
|
Vendor:
|
Microsoft Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft Security Bulletin MS10-087 - Critical
|
CVE:
|
CVE-2010-3337
|
|
|
Title:
|
Remote Binary Planting in Microsoft PowerPoint 2010
|
Report:
|
ASPR #2010-11-10-1
|
Vendor:
|
Microsoft Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft Security Bulletin MS10-087 - Critical
|
CVE:
|
CVE-2010-3337
|
|
|
Title:
|
Remote Binary Planting in Adobe Flash Player
|
Report:
|
ASPR #2010-11-05-1
|
Vendor:
|
Adobe Systems, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
Security update available for Adobe Flash Player
|
CVE:
|
CVE-2010-3976
|
|
|
Title:
|
Remote Binary Planting in Apple Safari for Windows
|
Report:
|
ASPR #2010-09-08-1
|
Vendor:
|
Apple, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
About the security content of Safari 5.0.2 and Safari 4.1.2
|
CVE:
|
CVE-2010-1805
|
|
|
Title:
|
Remote Binary Planting in Apple iTunes for Windows
|
Report:
|
ASPR #2010-08-18-1
|
Vendor:
|
Apple, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
About the security content of iTunes 9.1
|
CVE:
|
CVE-2010-1795
|
|
|
Title:
|
Remote Binary Planting in VMware Tools for Windows
|
Report:
|
ASPR #2010-04-12-1
|
Vendor:
|
VMware, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
VMware Security Advisory VMSA-2010-0007
|
CVE:
|
CVE-2010-1141
|
|
|
Title:
|
Local Binary Planting in VMware Tools for Windows
|
Report:
|
ASPR #2010-04-12-2
|
Vendor:
|
VMware, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
VMware Security Advisory VMSA-2010-0007
|
CVE:
|
CVE-2010-1142
|
|
|
Title:
|
HTML Injection in Oracle WebLogic Server Console
|
Report:
|
ASPR #2009-10-30-1
|
Vendor:
|
Oracle Corporation
|
Status:
|
problem fixed, report published
|
References:
|
Oracle Critical Patch Update Advisory - October 2009
|
CVE:
|
CVE-2009-3396
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console
|
Report:
|
ASPR #2009-01-27-1
|
Vendor:
|
Oracle Corporation
|
Status:
|
problem fixed, report published
|
References:
|
Oracle Critical Patch Update Advisory - January 2009
|
CVE:
|
unknown
|
|
|
Title:
|
XML Entity Explosion in Ruby
|
Report:
|
ASPR #2009-01-05-1
|
Vendor:
|
Ruby
|
Status:
|
problem fixed, report published
|
References:
|
Ruby news post
|
CVE:
|
CVE-2008-3790
|
|
|
Title:
|
HTTP Header Injection in Ruby Core library
|
Report:
|
ASPR #2009-01-05-2
|
Vendor:
|
Ruby
|
Status:
|
problem fixed, report published
|
References:
|
Ruby on Rails weblog post
|
CVE:
|
CVE-2008-5189
|
|
|
Title:
|
Session Fixation Vulnerability in WebLogic Administration Console
|
Report:
|
ASPR #2008-03-11-2
|
Vendor:
|
BEA Systems
|
Status:
|
problem fixed, report published
|
References:
|
BEA Systems Security Advisory BEA08-196.00
|
CVE:
|
CVE-2008-0900
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console
|
Report:
|
ASPR #2008-03-11-1
|
Vendor:
|
BEA Systems
|
Status:
|
problem fixed, report published
|
References:
|
BEA Systems Security Advisory BEA08-195.00
|
CVE:
|
CVE-2008-0899
|
|
|
Title:
|
Session Fixation Vulnerability in HP SIM 5.0
|
Report:
|
ASPR #2007-05-14-1
|
Vendor:
|
Hewlett-Packard Company
|
Status:
|
problem fixed, report published
|
References:
|
HP Security Bulletin
|
CVE:
|
CVE-2007-2719
|
|
|
Title:
|
Buffer Overflow In Retroclient Service
|
Report:
|
ASPR #2006-05-17-1
|
Vendor:
|
EMC Corporation
|
Status:
|
problem fixed, report published
|
References:
|
EMC Retrospect Knowledgebase
|
CVE:
|
CVE-2006-2391
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console (2)
|
Report:
|
ASPR #2005-05-24-2
|
Vendor:
|
BEA Systems, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
BEA Systems Security Advisory BEA07-80.03
|
CVE:
|
CAN-2005-1747
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console (1)
|
Report:
|
ASPR #2005-05-24-1
|
Vendor:
|
BEA Systems, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
BEA Systems Security Advisory BEA07-80.03
|
CVE:
|
CAN-2005-1747
|
|
|
Title:
|
Unsanitized Session ID Cookie Allows Modifying Server Response
|
Report:
|
ASPR #2004-10-14-3
|
Vendor:
|
Macromedia, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
Macromedia Security Bulletin
|
CVE:
|
CAN-2004-1478
|
|
|
Title:
|
Session Fixation in JRun Management Console
|
Report:
|
ASPR #2004-10-14-2
|
Vendor:
|
Macromedia, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
Macromedia Security Bulletin
|
CVE:
|
CAN-2004-1478
|
|
|
Title:
|
HTML Injection in JRun Management Console
|
Report:
|
ASPR #2004-10-14-1
|
Vendor:
|
Macromedia, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
Macromedia Security Bulletin
|
CVE:
|
CAN-2004-1477
|
|
|
Title:
|
Poisoning Cached HTTPS Documents in Internet Explorer
|
Report:
|
ASPR #2004-10-13-1
|
Vendor:
|
Microsoft
Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft
Security Bulletin
|
CVE:
|
CAN-2004-0845
|
|
|
Title:
|
Internet Explorer/Outlook double null character DoS
|
Report:
|
ASPR
#2004-01-20-1
|
Vendor:
|
Microsoft
Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft
Security Bulletin
|
CVE:
|
CAN-2004-0284
|
|
|
Title:
|
Remote Retrieval Of IIS Session Cookies From
Web Browsers
|
Report:
|
ASPR
#2000-07-22-1
|
Vendor:
|
Microsoft
Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft
Security Bulletin
|
CVE:
|
CVE-2000-0970
|
|
|
Title:
|
Remote Retrieval Of Authentication Data From
Internet Explorer
|
Report:
|
ASPR
#2000-07-22-2
|
Vendor:
|
Microsoft
Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft
Security Bulletin
|
CVE:
|
CVE-2000-0982
|
|
|
Title:
|
Bypassing Warnings For Invalid SSL Certificates
In Netscape Navigator
|
Report:
|
ASPR
#2000-04-06-1
|
Vendor:
|
Netscape
Corp. (an America
Online, Inc. company)
|
Status:
|
problem fixed, report published
|
References:
|
Netscape
Security Notes
CERT/CC
Advisory
C|NET
Story
|
CVE:
|
CVE-2000-0406
|
|
|
Title:
|
Bypassing Warnings For Invalid SSL Certificates
In Internet Explorer
|
Report:
|
ASPR
#1999-12-15-1
|
Vendor:
|
Microsoft
Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft
Security Bulletin
CERT/CC
Advisory
|
CVE:
|
CVE-2000-0518, CVE-2000-0519
|
|
|
Title:
|
Processing Of Illegal URL Hexadecimal Encodings
In IIS 4.0
|
Report:
|
ASPR
#1999-11-10-1
|
Vendor:
|
Microsoft
Corp.
|
Status:
|
problem fixed, report published
|
References:
|
Microsoft
Security Bulletin
|
CVE:
|
CVE-2000-0024
|
|
|
Title:
|
A "dot-dot" Problem In WebID Agent
For Microsoft IIS
|
Report:
|
ASPR
#1999-10-26-1
|
Vendor:
|
RSA
Security, Inc.
|
Status:
|
problem fixed, report published
|
References:
|
RSA
Security Bulletin *
|
CVE:
|
CAN-2001-1461
|
* Mirrored with vendor's permission.