Vulnerability Alerts

All the following vulnerabilities discovered by Positive Research were found using a commercially available, off-the-shelf, version of MaxPatrol. (Note: demo versions of MaxPatrol may not be able to detect these same vulnerabilities)

PT-2014-21: Multiple SQL injection vulnerabilities in Wonderware Information Server
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   26.08.2014
Vector:   Remote
Systems affected:   Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor:   Invensys Systems
Notification status:   01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
PT-2014-20: XML External Entities Resolution vulnerability in Wonderware Information Server
Severity:   Medium (4.9) (AV:N/AC:M/Au:S/C:P/I:N/A:P)
Fix date:   26.08.2014
Vector:   Remote
Systems affected:   Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor:   Invensys Systems
Notification status:   01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
PT-2014-19: Multiple Cross-Site Scripting (XSS) vulnerabilities in Wonderware Information Server
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   26.08.2014
Vector:   Remote
Systems affected:   Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor:   Invensys Systems
Notification status:   01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
PT-2014-18: Weak encryption of account data in Wonderware Information Server
Severity:   Low (2.1) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   26.08.2014
Vector:   Local
Systems affected:   Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor:   Invensys Systems
Notification status:   01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
PT-2014-17: Weak encryption of account data in Wonderware Information Server
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date:   26.08.2014
Vector:   Remote
Systems affected:   Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor:   Invensys Systems
Notification status:   01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
PT-2014-16: Privilege Gaining in Siemens SIMATIC WinCC
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   23.07.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   16.04.2014 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
PT-2014-15: Privilege Gaining in Siemens SIMATIC WinCC
Severity:   Medium (4.6) (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   23.07.2014
Vector:   Local
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   19.03.2014 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
PT-2014-14: Privilege Gaining in Siemens SIMATIC WinCC
Severity:   Medium (6.0) (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Fix date:   23.07.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   08.01.2014 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
PT-2014-13: Privilege Gaining in Siemens SIMATIC WinCC
Severity:   Medium (4.9) (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Fix date:   23.07.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   23.12.2012 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
PT-2014-12: Information Disclosure in Siemens SIMATIC WinCC
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   23.07.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   23.12.2012 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
PT-2014-11: Information Disclosure in nginx
Severity:   Low (1.9) (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   05.08.2014
Vector:   Local
Systems affected:   nginx 1.7.x
Vendor:   nginx
Notification status:   18.07.2014 - Vendor gets vulnerability details
05.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
PT-2014-10
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Bitrix
Notification status:   14.07.2014 - Vendor gets vulnerability details
PT-2014-09: Sensitive Information Disclosure in SAP NetWeaver
Severity:   Low (3.5) (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Fix date:   13.05.2014
Vector:   Remote
Systems affected:   SAP NetWeaver 7.x
Vendor:   SAP
Notification status:   21.03.2014 - Vendor gets vulnerability details
13.05.2014 - Vendor releases fixed version and details
27.08.2014 - Public disclosure
PT-2014-08: Password Access in Solar-Log
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   14.04.2014
Vector:   Remote
Systems affected:   Solar-Log 200
Solar-Log 300
Solar-Log 500
Solar-Log 800e
Solar-Log 1000
Solar-Log 1200
Solar-Log 2000
Vendor:   Solare Datensysteme GmbH
Notification status:   11.04.2014 - Vendor gets vulnerability details
14.04.2014 - Vendor releases fixed version and details
05.05.2014 - Public disclosure
PT-2014-07: Sensitive Information Disclosure in Solar-Log
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   14.04.2014
Vector:   Remote
Systems affected:   Solar-Log 200
Solar-Log 500
Solar-Log 800e
Solar-Log 1000
Vendor:   Solare Datensysteme GmbH
Notification status:   11.04.2014 - Vendor gets vulnerability details
14.04.2014 - Vendor releases fixed version and details
05.05.2014 - Public disclosure
PT-2014-06: Arbitrary File Upload in Solar-Log
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   14.04.2014
Vector:   Remote
Systems affected:   Solar-Log 200
Solar-Log 300
Solar-Log 500
Solar-Log 800e
Solar-Log 1000
Solar-Log 1200
Solar-Log 2000
Vendor:   Solare Datensysteme GmbH
Notification status:   11.04.2014 - Vendor gets vulnerability details
14.04.2014 - Vendor releases fixed version and details
05.05.2014 - Public disclosure
PT-2014-05: Privilege Gaining in Nixu Namesurfer
Severity:   High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   14.03.2014
Vector:   Remote
Systems affected:   NameSurfer
Vendor:   Nixu Software
Notification status:   16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
PT-2014-04: Single Sign-On Vulnerability in Nixu Namesurfer
Severity:   High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   14.03.2014
Vector:   Remote
Systems affected:   NameSurfer
Vendor:   Nixu Software
Notification status:   16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
PT-2014-03: Arbitrary Files Reading in Nixu Namesurfer
Severity:   Low (3.5) (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Fix date:   14.03.2014
Vector:   Remote
Systems affected:   NameSurfer
Vendor:   Nixu Software
Notification status:   16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
PT-2014-02: XML External Entities Resolution vulnerability in Nixu Namesurfer
Severity:   Medium (4.9) (AV:N/AC:M/Au:S/C:P/I:N/A:P)
Fix date:   14.03.2014
Vector:   Remote
Systems affected:   NameSurfer
Vendor:   Nixu Software
Notification status:   16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
PT-2014-01: Cross-Site Scripting in Nixu Namesurfer
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   14.03.2014
Vector:   Remote
Systems affected:   NameSurfer
Vendor:   Nixu Software
Notification status:   16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
PT-2013-91: Hard-Coded Access Credentials in Emerson DeltaV
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   22.05.2014
Vector:   Remote
Systems affected:   DeltaV 10.x
DeltaV 11.x
DeltaV 12.x
Vendor:   Emerson Electric Co
Notification status:  
PT-2013-90: Unauthorized Access in Emerson DeltaV
Severity:   Medium (4.6) (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   22.05.2014
Vector:   Local
Systems affected:   DeltaV 10.x
DeltaV 11.x
DeltaV 12.x
Vendor:   Emerson Electric Co
Notification status:   03.10.2013 - Vendor gets vulnerability details
22.05.2014 - Vendor releases fixed version and details
28.05.2014 - Public disclosure
PT-2013-89: XML External Entities Resolution vulnerability in KingSCADA
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date:   27.03.2014
Vector:   Remote
Systems affected:   KingSCADA 3.x
Vendor:   WellinTech
Notification status:   14.03.2013 - Vendor gets vulnerability details
27.03.2014 - Vendor releases fixed version and details
13.05.2014 - Public disclosure
PT-2013-88: Denial of Service in Siemens SIMATIC S7-1200 CPU PLC
Severity:   Medium (6.1) (AV:A/AC:L/Au:N/C:N/I:N/A:C)
Fix date:   20.03.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1200 3.x
Vendor:   Siemens
Notification status:   15.04.2013 - Vendor gets vulnerability details
20.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
PT-2013-87: Insuffient Entropy in Siemens SIMATIC S7-1200 CPU PLC
Severity:   High (8.3) (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Fix date:   20.03.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1200 3.x
Vendor:   Siemens
Notification status:   05.08.2013 - Vendor gets vulnerability details
20.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
PT-2013-86: Denial of Service in Siemens SIMATIC S7-1500 CPU PLC
Severity:   Medium (6.1) (AV:A/AC:L/Au:N/C:N/I:N/A:C)
Fix date:   12.03.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1500 1.x
Vendor:   Siemens
Notification status:   15.04.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
PT-2013-85: Open Redirect in Siemens SIMATIC S7-1500 CPU PLC
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   12.03.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1500 1.x
Vendor:   Siemens
Notification status:   05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
PT-2013-84: Insuffient Entropy in Siemens SIMATIC S7-1500 CPU PLC
Severity:   High (8.3) (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Fix date:   12.03.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1500 1.x
Vendor:   Siemens
Notification status:   05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
PT-2013-83: Arbitrary HTML Injection in Siemens SIMATIC S7-1500 CPU PLC
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Fix date:   12.03.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1500 1.x
Vendor:   Siemens
Notification status:   05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
PT-2013-82: Cross-Site Scripting in Siemens SIMATIC S7-1500 CPU PLC
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   12.03.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1500 1.x
Vendor:   Siemens
Notification status:   05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
PT-2013-81: Cross-Site Request Forgery in Siemens SIMATIC S7-1500 CPU PLC
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Fix date:   12.03.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1500 1.x
Vendor:   Siemens
Notification status:   05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
PT-2013-80: Improper input validation in SIMATIC WinCC Open Architecture
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date:   03.02.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC Open Architecture 3.x
Vendor:   Siemens
Notification status:   01.12.2013 - Vendor gets vulnerability details
03.02.2014 - Vendor releases fixed version and details
14.02.2014 - Public disclosure
PT-2013-79: Relative path traversal in SIMATIC WinCC Open Architecture
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   03.02.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC Open Architecture 3.x
Vendor:   Siemens
Notification status:   01.12.2013 - Vendor gets vulnerability details
03.02.2014 - Vendor releases fixed version and details
14.02.2014 - Public disclosure
PT-2013-78: Buffer overflow in SIMATIC WinCC Open Architecture
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   03.02.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC Open Architecture 3.x
Vendor:   Siemens
Notification status:   01.12.2013 - Vendor gets vulnerability details
03.02.2014 - Vendor releases fixed version and details
14.02.2014 - Public disclosure
PT-2013-77: Using a weak hashing algorithm in SIMATIC WinCC Open Architecture
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   03.02.2014
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC Open Architecture 3.x
Vendor:   Siemens
Notification status:   29.05.2013 - Vendor gets vulnerability details
03.02.2014 - Vendor releases fixed version and details
14.02.2014 - Public disclosure
PT-2013-76
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   LiveStreet CMS
Notification status:   11.12.2013 - Vendor gets vulnerability details
PT-2013-75
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Nuxeo
Notification status:  
PT-2013-74
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   ForgeRock
Notification status:   13.12.2013 - Vendor gets vulnerability details
PT-2013-73: XML External Entities Resolution vulnerability in Microsoft Office Word
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date:   10.09.2013
Vector:   Remote
Systems affected:   Microsoft Office 2007
Microsoft Office 2003 Professional Edition
Microsoft Office Word 2007
Microsoft Word 2003
Microsoft Word Viewer 2003
Vendor:   Microsoft
Notification status:   26.11.2012 - Vendor gets vulnerability details
10.09.2013 - Vendor releases fixed version and details 
09.10.2013 - Public disclosure
PT-2013-72: XML External Entities Resolution vulnerability in Microsoft Office Excel
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date:   10.09.2013
Vector:   Remote
Systems affected:   Microsoft Excel 2010
Microsoft Office Excel 2007
Microsoft Excel 2003
Microsoft Office Excel Viewer 2007
Vendor:   Microsoft
Notification status:   26.11.2012 - Vendor gets vulnerability details
10.09.2013 - Vendor releases fixed version and details 
09.10.2013 - Public disclosure
PT-2013-71
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Caucho Technology
Notification status:   02.10.2013 - Vendor gets vulnerability details
29.10.2013 - Vulnerability details were sent to CERT
PT-2013-70: Multiple Cross-Site Scripting (XSS) in Serv-U File Server
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   03.06.2014
Vector:   Remote
Systems affected:   Serv-U 15.x
Vendor:   Serv-U
Notification status:   02.10.2013 - Vulnerability details were sent to CERT
03.06.2014 - Vendor releases fixed version and details
31.07.2014 - Public disclosure
PT-2013-69: Denial of Service in Serv-U File Server
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date:   19.02.2014
Vector:   Remote
Systems affected:   Serv-U 15.x
Vendor:   Serv-U
Notification status:   03.10.2013 - Vulnerability details were sent to CERT
19.02.2014 - Vendor releases fixed version and details
31.07.2014 - Public disclosure
PT-2013-68: Sensitive Information Disclosure in Serv-U File Server
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Serv-U
Notification status:   02.10.2013 - Vulnerability details were sent to CERT
31.07.2014 - Public disclosure
PT-2013-67: Sensitive Information Disclosure in Serv-U File Server
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date:   19.02.2014
Vector:   Remote
Systems affected:   Serv-U 15.x
Vendor:   Serv-U
Notification status:   03.10.2013 - Vulnerability details were sent to CERT
19.02.2014 - Vendor releases fixed version and details
31.07.2014 - Public disclosure
PT-2013-66: Cross-Site Request Forgery (CSRF) in Serv-U File Server
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   No fix available
Vector:   Remote
Vendor:   Serv-U
Notification status:   02.10.2013 - Vulnerability details were sent to CERT
31.07.2014 - Public disclosure
PT-2013-65: Sensitive Information Disclosure in Jetty
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   30.09.2013
Vector:   Remote
Systems affected:   Jetty 9.x
Vendor:   Jetty
Notification status:   25.09.2013 - Vendor gets vulnerability details
30.09.2013 - Vendor releases fixed version and details
27.11.2013 - Public disclosure
PT-2013-64: Access Control Bypassing in Bitrix CMS
Severity:   Medium (4.6) (AV:L/AC:L/Au:S/C:N/I:C/A:N)
Fix date:   06.09.2013
Vector:   Local
Systems affected:   Bitrix Site Manager 12.x
Vendor:   Bitrix
Notification status:   04.09.2013 - Vendor gets vulnerability details
06.09.2013 - Vendor releases fixed version and details
15.07.2014 - Public disclosure
PT-2013-63: Hash Length Extension in HTMLPurifier
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date:   30.11.2013
Vector:   Remote
Systems affected:   HTML Purifier 4.x
Vendor:   HTMLPurifier
Notification status:   03.09.2013 - Vendor gets vulnerability details
30.11.2013 - Vendor releases fixed version and details 
04.12.2013 - Public disclosure
PT-2013-62: Internal Network Resources Access in Web Viewer for Samsung DVR
Severity:   High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date:   No fix available
Vector:   Remote
Vendor:   Samsung
Notification status:   10.04.2013 - Vendor is notified
30.05.2013 - Vulnerability details were sent to CERT
30.08.2013 - Public disclosure
PT-2013-61: Disclosure of sensitive information in Web Viewer for Samsung DVR
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Samsung
Notification status:   10.04.2013 - Vendor is notified
30.05.2013 - Vulnerability details were sent to CERT
30.08.2013 - Public disclosure
PT-2013-59: XML External Entities Injection in Huawei M2000
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Huawei M2000
Vendor:   Huawei
Notification status:   29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
06.02.2014 - Public disclosure
PT-2013-58: Insufficient Session Security in Huawei M2000
Severity:   Medium (5.1) (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Huawei M2000
Vendor:   Huawei
Notification status:   29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
06.02.2014 - Public disclosure
PT-2013-57: Password Access in Huawei M2000
Severity:   Medium (5.1) (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Huawei M2000
Vendor:   Huawei
Notification status:   29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
06.02.2014 - Public disclosure
PT-2013-56: Path Traversal in Huawei SGSN USN9810
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Huawei SGSN USN9810
Vendor:   Huawei
Notification status:   29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
PT-2013-55: Access Restrictions Bypassing in Huawei SGSN USN9810
Severity:   Medium (5.4) (AV:N/AC:H/Au:N/C:C/I:N/A:N)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Huawei SGSN USN9810
Vendor:   Huawei
Notification status:   29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
PT-2013-54: Access Restrictions Bypassing in Huawei SGSN USN9810
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Huawei SGSN USN9810
Vendor:   Huawei
Notification status:   29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
PT-2013-53: Information Disclosure in Huawei SGSN USN9810
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Huawei SGSN USN9810
Vendor:   Huawei
Notification status:   29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
PT-2013-52: XML External Entities Injection in Huawei SGSN USN9810
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Huawei SGSN USN9810
Vendor:   Huawei
Notification status:   17.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
PT-2013-51: Open Redirect Vulnerability in Siemens Simatic WinCC TIA Portal
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC TIA Portal 12.x
Vendor:   Siemens
Notification status:   15.05.2012 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
19.08.2013 - Public disclosure
PT-2013-50: Cross-Site Request Forgery (CSRF) in Siemens Simatic WinCC TIA Portal
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   31.07.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC TIA Portal 12.x
Vendor:   Siemens
Notification status:   02.08.2012 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
19.08.2013 - Public disclosure
PT-2013-49: Null Byte Injection in Oracle Containers for J2EE
Severity:   Medium (5.0) (AV:N/AC:L/AU:N/C:P/I:N/A:N)
Fix date:   15.04.2014
Vector:   Remote
Systems affected:   Oracle Containers for J2EE 10.x
Vendor:   Oracle
Notification status:   16.08.2013 - Vendor gets vulnerability details
15.04.2014 - Vendor releases fixed version and details
25.04.2014 - Public disclosure
PT-2013-48: CRLF Injection in Oracle Containers for J2EE
Severity:   Medium (4.3) (AV:N/AC:M/AU:N/C:N/I:P/A:N)
Fix date:   15.04.2014
Vector:   Remote
Systems affected:   Oracle Containers for J2EE 10.x
Vendor:   Oracle
Notification status:   16.08.2013 - Vendor gets vulnerability details
15.04.2014 - Vendor releases fixed version and details
25.04.2014 - Public disclosure
PT-2013-47: Directory Traversal in Oracle Containers for J2EE
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   15.04.2014
Vector:   Remote
Systems affected:   Oracle Containers for J2EE 10.x
Vendor:   Oracle
Notification status:   16.08.2013 - Vendor gets vulnerability details
15.04.2014 - Vendor releases fixed version and details
25.04.2014 - Public disclosure
PT-2013-46: Local File Include in Nagios Looking Glass
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Nagios
Notification status:   19.07.2013 - Vendor is notified
13.08.2013 - Vulnerability details were sent to CERT
28.10.2013 - Public disclosure
PT-2013-45: Race condition in ISPManager
Severity:   High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Fix date:   15.07.2013
Vector:   Remote
Systems affected:   ISPmanager 4.x
Vendor:   ISPsystem
Notification status:   12.07.2013 - Vendor gets vulnerability details
15.07.2013 - Vendor releases fixed version
PT-2013-44: Forced browsing in Siemens WinCC and SIMATIC PCS 7
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   14.06.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor:   Siemens
Notification status:   13.01.2013 - Vendor gets vulnerability details
14.06.2013 - Vendor releases fixed version and details
03.07.2013 - Public disclosure
PT-2013-43: Hard-coded credentials in Siemens WinCC and SIMATIC PCS 7
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   14.06.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor:   Siemens
Notification status:   03.03.2013 - Vendor gets vulnerability details
14.06.2013 - Vendor releases fixed version and details
03.07.2013 - Public disclosure
PT-2013-42: SQL Injection in Siemens WinCC and SIMATIC PCS 7
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   14.06.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor:   Siemens
Notification status:   13.01.2013 - Vendor gets vulnerability details
14.06.2013 - Vendor releases fixed version and details
03.07.2013 - Public disclosure
PT-2013-41: Arbitrary Code Execution in Ajax File and Image Manager
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   No fix available
Vector:   Remote
Vendor:   PHPLETTER
Notification status:   20.06.2013 - Vendor gets vulnerability details
04.09.2013 - Vulnerability details were sent to CERT
17.09.2013 - Public disclosure
PT-2013-40: Resource Exhaustion in Wonderware Information Server
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   23.04.2013
Vector:   Remote
Systems affected:   Wonderware Information Server 5.x
Wonderware Information Server 4.x
Vendor:   Invensys Systems
Notification status:   16.12.2012 - Vendor gets vulnerability details
23.04.2013 - Vendor releases fixed version and details
10.06.2013 - Public disclosure
PT-2013-39: Improper Input Validation in Wonderware Information Server
Severity:   Medium (6.3) (AV:L/AC:M/Au:N/C:C/I:N/A:C)
Fix date:   23.04.2013
Vector:   Local
Systems affected:   Wonderware Information Server 5.x
Wonderware Information Server 4.x
Vendor:   Invensys Systems
Notification status:   16.12.2012 - Vendor gets vulnerability details
23.04.2013 - Vendor releases fixed version and details
10.06.2013 - Public disclosure
PT-2013-38: Multiple SQL Injection vulnerabilities in Wonderware Information Server
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   23.04.2013
Vector:   Remote
Systems affected:   Wonderware Information Server 5.x
Wonderware Information Server 4.x
Vendor:   Invensys Systems
Notification status:   16.12.2012 - Vendor gets vulnerabilities details
23.04.2013 - Vendor releases fixed version and details
10.06.2013 - Public disclosure
PT-2013-37: Multiple Cross Site Scripting (XSS) in Wonderware Information Server
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   23.04.2013
Vector:   Remote
Systems affected:   Wonderware Information Server 5.x
Wonderware Information Server 4.x
Vendor:   Invensys Systems
Notification status:   16.12.2012 - Vendor gets vulnerabilities details
23.04.2013 - Vendor releases fixed version and details
10.06.2013 - Public disclosure
PT-2013-36: XML External Entity Injection in Wonderware Win-XML Exporter
Severity:   Medium (6.3) (AV:L/AC:M/Au:N/C:C/I:N/A:C)
Fix date:   21.03.2013
Vector:   Remote
Systems affected:   Invensys Wonderware Win-XML Exporter
Vendor:   Invensys Systems
Notification status:   22.11.2012 - Vendor gets vulnerability details
21.03.2013 - Vendor releases fixed version and details
03.04.2013 - Public disclosure
PT-2013-35: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC TIA Portal 11.x
Vendor:   Siemens
Notification status:   21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-34: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC TIA Portal 11.x
Vendor:   Siemens
Notification status:   21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-33: CRLF Injection in Siemens Simatic WinCC TIA Portal
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC TIA Portal 11.x
Vendor:   Siemens
Notification status:   21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-32: Directory Traversal in Siemens Simatic WinCC TIA Portal
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC TIA Portal 11.x
Vendor:   Siemens
Notification status:   21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-31: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC TIA Portal 11.x
Vendor:   Siemens
Notification status:   21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-30: Denial of Service in Siemens Simatic WinCC TIA Portal
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC TIA Portal 11.x
Vendor:   Siemens
Notification status:   21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-29: Information Disclosure in Siemens Simatic WinCC and PCS 7
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor:   Siemens
Notification status:   02.08.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-28: Buffer Overflow in Siemens Simatic WinCC and PCS 7
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor:   Siemens
Notification status:   02.08.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-27: Directory Traversal in Siemens Simatic WinCC and PCS 7
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor:   Siemens
Notification status:   11.07.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-26: Information Disclosure in Siemens Simatic WinCC and PCS 7
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor:   Siemens
Notification status:   11.07.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-25: Information Disclosure in Siemens Simatic WinCC and PCS 7
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor:   Siemens
Notification status:   11.07.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
PT-2013-24: Concealing User Authority in SAP NetWeaver
Severity:   Medium (4.6) (AV:N/AC:H/AU:S/C:P/I:P/A:P)
Fix date:   10.06.2013
Vector:   Remote
Systems affected:   SAP NetWeaver 7.x
Vendor:   SAP
Notification status:   20.03.2013 - Vendor gets vulnerability details
10.06.2013 - Vendor releases fixed version and details
13.09.2013 - Public disclosure
PT-2013-23: Sensitive Information Disclosure in SAP NetWeaver
Severity:   Medium (4.9) (AV:N/AC:M/Au:S/C:P/I:N/A:P)
Fix date:   12.11.2013
Vector:   Remote
Systems affected:   SAP NetWeaver 7.x
Vendor:   SAP
Notification status:   20.03.2013 - Vendor gets vulnerability details
12.11.2013 - Vendor releases fixed version and details 
27.11.2013 - Public disclosure
PT-2013-22: XML External Entity Injection in Trustwave ModSecurity
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   29.03.2013
Vector:   Remote
Systems affected:   ModSecurity 2.x
Vendor:   Trustwave
Notification status:   27.02.2013 - Vendor gets vulnerability details
29.03.2013 - Vendor releases fixed version and details
01.04.2013 - Public disclosure
PT-2013-21: XML External Entities Injection in Oracle Database
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date:   15.10.2013
Vector:   Remote
Systems affected:   Oracle Database 11.x
Oracle Database 12.x
Vendor:   Oracle
Notification status:   26.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
PT-2013-19: XML External Entities Resolution vulnerability in HP ArcSight Connector
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date:   No fix available
Vector:   Remote
Vendor:   HP
Notification status:   24.01.2013 - Vendor gets vulnerability details
23.01.2014 - Public disclosure
PT-2013-18: Variables Overwriting in mnoGoSearch
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   05.03.2013
Vector:   Remote
Systems affected:   mnoGoSearch 3.x
Vendor:   mnoGoSearch
Notification status:   15.02.2013 - Vendor gets vulnerability details
01.03.2013 - Vendor releases fixed version and details
05.03.2013 - Public disclosure
PT-2013-17: Arbitrary Files Reading in mnoGoSearch
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date:   05.03.2013
Vector:   Remote
Systems affected:   mnoGoSearch 3.x
Vendor:   mnoGoSearch
Notification status:   15.02.2013 - Vendor gets vulnerability details
01.03.2013 - Vendor releases fixed version and details
05.03.2013 - Public disclosure
PT-2013-16
Severity:   Low (3.5) (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Microsoft
Notification status:   13.02.2013 - Vendor gets vulnerability details
PT-2013-15: XML External Entities Injection in vBulletin 5 Connect
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date:   11.02.2013
Vector:   Remote
Systems affected:   vBulletin 5 CONNECT
Vendor:   Jelsoft Enterprises
Notification status:   07.02.2013 - Vendor gets vulnerability details
11.02.2013 - Vendor releases fixed version and details
23.10.2013 - Public disclosure
PT-2013-14: XML External Entities Injection in PHP
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   14.03.2013
Vector:   Remote
Systems affected:   PHP 5.4.x
PHP 5.3.x
Vendor:   PHP
Notification status:   07.02.2013 - Vendor gets vulnerability details
14.03.2013 - Vendor releases fixed version and details
19.03.2013 - Public disclosure
PT-2013-13: XML External Entities Injection in SAP NetWeaver
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date:   12.03.2013
Vector:   Remote
Systems affected:   SAP NetWeaver 7.x
Vendor:   SAP
Notification status:   18.01.2013 - Vendor gets vulnerability details
12.03.2013 - Vendor releases fixed version and details
23.10.2013 - Public disclosure
PT-2013-12: open_basedir bypass in PHP
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   14.03.2013
Vector:   Remote
Systems affected:   PHP 5.4.x
PHP 5.3.x
Vendor:   PHP
Notification status:   07.02.2013 - Vendor gets vulnerability details
14.03.2013 - Vendor releases fixed version and details
19.03.2013 - Public disclosure
PT-2013-11: XML External Entities Injection in Oracle Siebel CRM
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   15.10.2013
Vector:   Remote
Systems affected:   Oracle Siebel CRM 8.x
Vendor:   Oracle
Notification status:   05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
PT-2013-08: Remote OS Command Execution in Oracle Siebel CRM
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date:   15.10.2013
Vector:   Remote
Systems affected:   Oracle Siebel CRM 8.x
Vendor:   Oracle
Notification status:   05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
PT-2013-07: Path and Version Disclosure in Oracle Siebel CRM
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   15.10.2013
Vector:   Remote
Systems affected:   Oracle Siebel CRM 8.x
Vendor:   Oracle
Notification status:   05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
PT-2013-06: Current User Context Access in Oracle Siebel CRM
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date:   15.10.2013
Vector:   Remote
Systems affected:   Oracle Siebel CRM 8.x
Vendor:   Oracle
Notification status:   05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
PT-2013-04
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Microsoft
Notification status:   25.01.2013 - Vendor gets vulnerability details
PT-2013-03
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   No fix available
Vector:   Remote
Vendor:   PunBB
Notification status:   17.01.2013 - Vendor gets vulnerability details
PT-2013-02: Password Reset Token Prediction in FluxBB
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   22.02.2013
Vector:   Remote
Systems affected:   FluxBB 1.x
Vendor:   FluxBB
Notification status:   17.01.2013 - Vendor gets vulnerability details
22.02.2013 - Vendor releases fixed version and details
07.03.2013 - Public disclosure
PT-2013-01: XML External Entity Injection in GNOME
Severity:   Medium (6.6) (AV:L/AC:L/Au:N/C:C/I:N/A:C)
Fix date:   16.05.2013
Vector:   Local
Systems affected:   GNOME
Vendor:   GNOME
Notification status:   14.01.2013 - Vendor gets vulnerability details
16.05.2013 - Vendor releases fixed version and details
20.06.2013 - Public disclosure
PT-2012-61: XML External Entities Injection in SAP Sybase ASE
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   10.09.2013
Vector:   Remote
Systems affected:   Sybase Adaptive Server Enterprise 15.x
Vendor:   SAP Software
Notification status:   27.12.2012 - Vulnerability details were sent to CERT
10.09.2013 - Vendor releases fixed version and details
24.10.2013 - Public disclosure
PT-2012-60: Arbitrary File Reading in Dolphin Browser
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   07.03.2013
Vector:   Remote
Systems affected:   Dolphin Browser for Android 9.x
Vendor:   Dolphin Browser for Android 9.x
Notification status:   18.12.2012 - Vendor is notified
18.12.2012 - Vendor gets vulnerability details
05.02.2013 - Vendor releases fixed version and details
07.03.2013 - Public disclosure
PT-2012-59: XML External Entity Injection in Zend Framework
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date:   17.12.2012
Vector:   Remote
Systems affected:   Zend Framework 1.x
Vendor:   Zend Technologies
Notification status:   13.12.2012 - Vendor is notified
13.12.2012 - Vendor gets vulnerability details
17.12.2012 - Vendor releases fixed version and details
05.02.2013 - Public disclosure
PT-2012-58: Arbitrary Server Memory Chunks Reading in MongoDB
Severity:   Medium (4.4) (AV:L/AC:M/Au:S/C:C/I:N/A:N)
Fix date:   13.02.2013
Vector:   Local
Systems affected:   mongoDB 2.x
Vendor:   mongoDB
Notification status:   27.11.2012 - Vendor gets vulnerability details
13.02.2013 - Vendor releases fixed version and details
10.07.2013 - Public disclosure
PT-2012-57: Privilege Gaining in Bitrix CMS
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   10.09.2012
Vector:   Remote
Systems affected:   Bitrix Site Manager 11.x
Vendor:   Bitrix
Notification status:   03.09.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
15.07.2014 - Public disclosure
PT-2012-56
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   VMWare
Notification status:   11.11.2012 - Vendor is notified
11.11.2012 - Vendor gets vulnerability details
PT-2012-55: Remote code execution in Siemens Teamcenter
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   13.11.2012
Vector:   Remote
Systems affected:   Siemens Teamcenter 2007.x
Vendor:   Siemens
Notification status:   09.10.2012 - Vendor is notified
09.10.2012 - Vendor gets vulnerability details
13.11.2012 - Vendor publishes fix information
04.02.2013 - Public disclosure
PT-2012-54: Denial of Service in Siemens Teamcenter
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Fix date:   13.11.2012
Vector:   Remote
Systems affected:   Siemens Teamcenter 2007.x
Vendor:   Siemens
Notification status:   09.10.2012 - Vendor is notified
09.10.2012 - Vendor gets vulnerability details
13.11.2012 - Vendor publishes fix information
04.02.2013 - Public disclosure
PT-2012-53: Privilege Gaining in DataLife Engine
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   19.01.2013
Vector:   Remote
Systems affected:   DataLife Engine 9.x
Vendor:   Softnews Media Group
Notification status:   30.10.2012 - Vendor is notified
30.10.2012 - Vendor gets vulnerability details
19.01.2013 - Vendor releases fixed version and details
04.02.2013 - Public disclosure
PT-2012-52: Open Redirect in DokuWiki
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date:   06.03.2013
Vector:   Remote
Systems affected:   DokuWiki
Vendor:   DokuWiki
Notification status:   22.10.2012 - Vendor gets vulnerability details
06.03.2013 - Vendor releases fixed version and details
19.03.2013 - Public disclosure
PT-2012-50: Multiple vulnerabilities in Siemens SIMATIC S7-1200 Web interface
Severity:   High (8.3) (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Fix date:   08.10.2012
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1200 2.x
Siemens SIMATIC S7-1200 3.x
Vendor:   Siemens
Notification status:   08.08.2012 - Vendor is notified
08.08.2012 - Vendor gets vulnerability details
08.10.2012 - Vendor releases fixed version and details
11.10.2012 - Public disclosure
PT-2012-49: Cross-Site Scripting in Oracle Siebel CRM
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   16.04.2013
Vector:   Remote
Systems affected:   Oracle Siebel CRM 8.x
Vendor:   Oracle
Notification status:   26.09.2012 - Vendor gets vulnerability details
16.04.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
PT-2012-48: Insecure storage of HTTPS CA certificate and private key in Siemens SIMATIC S7-1200
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   13.09.2012
Vector:   Remote
Systems affected:   Siemens SIMATIC S7-1200 2.x
Vendor:   Siemens
Notification status:   29.08.2012 - Vendor is notified
29.08.2012 - Vendor gets vulnerability details
13.09.2012 - Vendor has issued temporary workarounds
26.09.2012 - Public disclosure
PT-2012-47: Information disclosure in Google Chrome on Android
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   12.09.2012
Vector:   Remote
Systems affected:   Google Chrome for Android 18.x
Vendor:   Google
Notification status:   20.07.2012 - Vendor is notified
20.07.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
21.09.2012 - Public disclosure
PT-2012-46: Cross-application scripting in Google Chrome on Android
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   12.09.2012
Vector:   Remote
Systems affected:   Google Chrome for Android 18.x
Vendor:   Google
Notification status:   20.07.2012 - Vendor is notified
20.07.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
21.09.2012 - Public disclosure
PT-2012-45: Username and password disclosure in ActiveX control in Siemens Simatic WinCC WebNavigator
Severity:   High (8.3) (AV:N/AC:M/Au:N/C:C/I:P/A:P)
Fix date:   10.09.2012
Vector:   Remote
Systems affected:   Siemens Simatic WinCC WebNavigator 7.x
Vendor:   Siemens
Notification status:   16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
PT-2012-44: SQL Injection in SOAP Web interfaces in Siemens Simatic WinCC WebNavigator
Severity:   High (9.0) (AV:N/AC:L/Au:N/C:P/I:P/A:C)
Fix date:   10.09.2012
Vector:   Remote
Systems affected:   Siemens Simatic WinCC WebNavigator 7.x
Vendor:   Siemens
Notification status:   16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
PT-2012-43: Arbitrary Files Reading in Siemens Simatic WinCC WebNavigator
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   10.09.2012
Vector:   Remote
Systems affected:   Siemens Simatic WinCC WebNavigator 7.x
Vendor:   Siemens
Notification status:   16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
PT-2012-42: Multiple Cross Site Scripting and Cross Site Request Forgery vulnerabilities in Siemens Simatic WinCC WebNavigator
Severity:   High (8.3) (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Fix date:   10.09.2012
Vector:   Remote
Systems affected:   Siemens Simatic WinCC WebNavigator 7.x
Vendor:   Siemens
Notification status:   16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
PT-2012-41: Columns Overwriting and Adding in MongoDB
Severity:   Medium (5.5) (AV:L/AC:M/Au:S/C:C/I:P/A:P)
Fix date:   13.02.2013
Vector:   Local
Systems affected:   mongoDB 2.x
Vendor:   mongoDB
Notification status:   10.09.2012 - Vendor gets vulnerability details
13.02.2013 - Vendor releases fixed version and details
10.07.2013 - Public disclosure
PT-2012-40: Remote Code Execution in MongoDB
Severity:   High (8.3) (AV:AN/AC:L/AU:N/C:C/I:C/A:C)
Fix date:   13.02.2013
Vector:   Remote
Systems affected:   mongoDB 2.x
Vendor:   mongoDB
Notification status:   10.09.2012 - Vendor gets vulnerability details
13.02.2013 - Vendor releases fixed version and details
10.07.2013 - Public disclosure
PT-2012-38: SQL Injection in ERP Oracle EBS
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   15.01.2013
Vector:   Remote
Systems affected:   Oracle E-Business Suite 12.x
Vendor:   Oracle
Notification status:   06.09.2012 - Vendor gets vulnerability details
15.01.2013 - Vendor releases fixed version and details 
23.08.2013 - Public disclosure
PT-2012-37: SQL Injection in ERP Oracle EBS
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   15.01.2013
Vector:   Remote
Systems affected:   Oracle E-Business Suite 12.x
Vendor:   Oracle
Notification status:   06.09.2012 - Vendor gets vulnerability details
15.01.2013 - Vendor releases fixed version and details 
23.08.2013 - Public disclosure
PT-2012-36: HTTP Response Splitting in ERP Oracle EBS
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   15.01.2013
Vector:   Remote
Systems affected:   Oracle E-Business Suite 12.x
Vendor:   Oracle
Notification status:   06.09.2012 - Vendor gets vulnerability details
15.01.2013 - Vendor releases fixed version and details 
23.08.2013 - Public disclosure
PT-2012-35
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   PHP
Notification status:   28.08.2012 - Vendor is notified
28.08.2012 - Vendor gets vulnerability details
PT-2012-34: Multiple Vulnerabilities in Random Numbers Generation in OpenCart
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   29.11.2012
Vector:   Remote
Systems affected:   OpenCart 1.x
Vendor:   OpenCart Limited
Notification status:   28.08.2012 - Vulnerability details were sent to CERT
29.11.2012 - Vendor releases fixed version and details
08.02.2013 - Public disclosure
PT-2012-33: Multiple vulnerabilities in Sanuel Family
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   No fix available
Vector:   Remote
Vendor:   Sanuel Co.
Notification status:   27.08.2012 - Vendor is notified
27.08.2012 - Vendor gets vulnerability details
26.09.2012 - Vulnerability details were sent to CERT
03.10.2012 - Public disclosure
PT-2012-32: User data disclosure in Sanuel Family
Severity:   High (8.5) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Sanuel Co.
Notification status:   27.08.2012 - Vendor is notified
27.08.2012 - Vendor gets vulnerability details
26.09.2012 - Vulnerability details were sent to CERT
03.10.2012 - Public disclosure
PT-2012-31
Severity:   Medium ()
Fix date:   No fix available
Vector:   Local
Vendor:   PHP
Notification status:   24.08.2012 - Vendor is notified
24.08.2012 - Vendor gets vulnerability details
PT-2012-30: Administrator Privilege Gaining in OpenCart
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date:   23.08.2012
Vector:   Remote
Systems affected:   OpenCart 1.x
Vendor:   OpenCart Limited
Notification status:   23.08.2012 - Vendor is notified
23.08.2012 - Vendor gets vulnerability details
23.08.2012 - Vendor releases fixed version and details
11.09.2012 - Public disclosure
PT-2012-29: Administrator Privilege Gaining in Simple Machines Forum
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   01.02.2013
Vector:   Remote
Systems affected:   Simple Machines Forum 2.x
Vendor:   Simple Machines
Notification status:   23.08.2012 - Vendor is notified
23.08.2012 - Vendor gets vulnerability details
01.02.2013 - Vendor releases fixed version and details
15.02.2013 - Public disclosure
PT-2012-28: Administrator Privilege Gaining in DataLife Engine
Severity:   High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   12.09.2012
Vector:   Remote
Systems affected:   DataLife Engine 9.x
Vendor:   Softnews Media Group
Notification status:   17.08.2012 - Vendor is notified
17.08.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
04.02.2013 - Public disclosure
PT-2012-27: Privilege Gaining in UMI.CMS
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   20.11.2012
Vector:   Remote
Systems affected:   UMI.CMS 2.x
Vendor:   Umisoft
Notification status:   16.08.2012 - Vendor is notified
17.08.2012 - Vendor gets vulnerability details
20.11.2012 - Vendor releases fixed version and details
11.02.2013 - Public disclosure
PT-2012-26: Remote JS Code Execution in qutIM
Severity:   Medium (5.4) (AV:A/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   23.09.2013
Vector:   Remote
Systems affected:   qutIM 0.x
Vendor:   qutIM
Notification status:   14.08.2012 - Vendor is notified
14.08.2012 - Vendor gets vulnerability details
23.09.2013 - Vendor releases fixed version and details 
08.10.2013 - Public disclosure
PT-2012-24: Directory traversal in SAP NetWeaver
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   14.05.2013
Vector:   Remote
Systems affected:   SAP NetWeaver 7.x
Vendor:   SAP
Notification status:   16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
14.05.2013 - Vendor releases fixed version and details
13.09.2013 - Public disclosure
PT-2012-23: SQL Injection in Dr.Web Anti-virus
Severity:   Low (2.1) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   13.07.2012
Vector:   Local
Systems affected:   Dr.Web Antivirus
Vendor:   Dr.Web
Notification status:   11.07.2012 - Vendor is notified
11.07.2012 - Vendor gets vulnerability details
13.07.2012 - Vendor releases fixed version and details
17.07.2012 - Public disclosure
PT-2012-22: Format String Vulnerability in SQLite
Severity:   Medium (5.5) (AV:L/AC:M/Au:S/C:C/I:P/A:P)
Fix date:   No fix available
Vector:   Local
Vendor:   SQLite
Notification status:   10.07.2012 - Vendor is notified
06.09.2012 - Public disclosure
PT-2012-21: Denial of Service in NetIQ eDirectory
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Fix date:   18.12.2012
Vector:   Remote
Systems affected:   eDirectory
Vendor:   NetIQ
Notification status:   06.07.2012 - Vendor is notified
06.07.2012 - Vendor gets vulnerability details
18.12.2012 - Vendor releases fixed version and details
01.02.2013 - Public disclosure
PT-2012-20: Authorization Mechanism Bypassing in NetIQ eDirectory
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   18.12.2012
Vector:   Remote
Systems affected:   eDirectory
Vendor:   NetIQ
Notification status:   06.07.2012 - Vendor is notified
06.07.2012 - Vendor gets vulnerability details
18.12.2012 - Vendor releases fixed version and details
01.02.2013 - Public disclosure
PT-2012-19: Cross-Site Scripting in NetIQ eDirectory
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   18.12.2012
Vector:   Remote
Systems affected:   eDirectory
Vendor:   NetIQ
Notification status:   06.07.2012 - Vendor is notified
06.07.2012 - Vendor gets vulnerability details
18.12.2012 - Vendor releases fixed version and details
01.02.2012 - Public disclosure
PT-2012-18
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date:   No fix available
Vector:   Remote
Vendor:   Microsoft
Notification status:   04.07.2012 - Vendor is notified
04.07.2012 - Vendor gets vulnerability details
PT-2012-17: Multiple vulnerabilities in ERP Oracle EBS
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date:   15.10.2012
Vector:   Remote
Systems affected:   Oracle E-Business Suite 12.x
Vendor:   Oracle
Notification status:   29.06.2012 - Vendor is notified
29.06.2012 - Vendor gets vulnerability details
15.10.2012 - Vendor releases fixed version and details
15.11.2012 - Public disclosure
PT-2012-16: Buffer Overflow in Pillow library
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date:   15.03.2013
Vector:   Remote
Systems affected:   Pillow 1.x
Vendor:   Python Software Foundation
Notification status:   25.06.2012 - Vendor gets vulnerability details
18.07.2012 - Vulnerability details were sent to CERT
15.03.2013 - Vendor releases fixed version and details 
10.10.2013 - Public disclosure
PT-2012-15: Multiple vulnerabilities in IBM InfoSphere Guardium
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   15.08.2012
Vector:   Remote
Systems affected:   InfoSphere Guardium 8.x
Vendor:   IBM
Notification status:   25.06.2012 - Vendor is notified
25.06.2012 - Vendor gets vulnerability details
15.08.2012 - Vendor releases fixed version and details
30.08.2012 - Public disclosure
PT-2012-14: Security Restrictions Bypass in PHP
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date:   19.07.2012
Vector:   Remote
Systems affected:   PHP 5.4.x
PHP 5.3.x
Vendor:   PHP
Notification status:   22.06.2012 - Vendor is notified
22.06.2012 - Vendor gets vulnerability details
19.07.2012 - Vendor releases fixed version and details
04.02.2013 - Public disclosure
PT-2012-13: Cross-Site Scripting in PHP
Severity:   Low (1.7) (AV:L/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   14.09.2012
Vector:   Local
Systems affected:   PHP 5.4.x
Vendor:   PHP
Notification status:   22.06.2012 - Vendor is notified
22.06.2012 - Vendor gets vulnerability details
14.09.2012 - Vendor releases fixed version and details
04.02.2013 - Public disclosure
PT-2012-12: Multiple Cross-Site Scripting in WinCC (SCADA)
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   05.06.2012
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
PT-2012-11: Multiple Cross-Site Scripting in WinCC (SCADA)
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   05.06.2012
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
PT-2012-10: Buffer overflow in the DiagAgent web server in WinCC (SCADA)
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date:   05.06.2012
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
PT-2012-09: Multiple File Path Traversal in WinCC (SCADA)
Severity:   Medium (6.8) (AV:N/AC:L/Au:S/C:C/I:N/A:N)
Fix date:   05.06.2012
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
PT-2012-08: XPath Injection in WinCC (SCADA)
Severity:   Medium (5.5) (AV:N/AC:L/Au:S/C:P/I:P/A:N)
Fix date:   05.06.2012
Vector:   Remote
Systems affected:   Siemens SIMATIC WinCC 7.x
Vendor:   Siemens
Notification status:   23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
PT-2012-06: Security restrictions bypass in nginx for Windows
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   05.06.2012
Vector:   Remote
Systems affected:   nginx 1.2.0
nginx 1.3.0
Vendor:   nginx
Notification status:   15.05.2012 - Vendor is notified
15.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
07.06.2012 - Public disclosure
PT-2012-05: Multiple Vulnerabilities in Quercus
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   13.07.2012
Vector:   Remote
Systems affected:   Quercus on Resin 4.x
Vendor:   Quercus on Resin 4.x
Notification status:   23.03.2012 - Vendor is notified
23.03.2012 - Vendor gets vulnerability details
19.04.2012 - Vulnerability details were sent to CERT
13.07.2012 - Vendor releases fixed version and details
31.08.2012 - Public disclosure
PT-2012-04: SQL Injection Vulnerability in Cisco Identity Services Engine Web Interface
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date:   12.04.2012
Vector:   Remote
Systems affected:   Cisco Identity Services Engine 1.0.4.x
Vendor:   Cisco
Notification status:   13.01.2012 - Vendor is notified 
13.01.2012 - Vendor gets vulnerability details
12.04.2012 - Vendor releases fixed version and details
20.09.2013 - Public disclosure
PT-2012-03: XSS Vulnerability in Cisco Identity Services Engine Web Interface
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   12.04.2012
Vector:   Remote
Systems affected:   Cisco Identity Services Engine 1.0.4.x
Vendor:   Cisco
Notification status:   13.01.2012 - Vendor is notified 
13.01.2012 - Vendor gets vulnerability details
12.04.2012 - Vendor releases fixed version and details
20.09.2013 - Public disclosure
PT-2012-02: Multiple CSRF Vulnerabilities in Cisco Identity Services Engine Web Interface
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   12.04.2012
Vector:   Remote
Systems affected:   Cisco Identity Services Engine 1.0.4.x
Vendor:   Cisco
Notification status:   13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details
12.04.2012 - Vendor releases fixed version and details
20.09.2013 - Public disclosure
PT-2012-01: Abuse of Functionality in Cisco Identity Services Engine Web Interface
Severity:   High (9.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   12.04.2012
Vector:   Remote
Systems affected:   Cisco Identity Services Engine 1.0.4.x
Vendor:   Cisco
Notification status:   13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details
12.04.2012 - Vendor releases fixed version and details
20.09.2013 - Public disclosure
PT-2011-48: Multiple Vulnerabilities in AtMail
Severity:   High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   26.03.2012
Vector:   Remote
Systems affected:   AtMail
Vendor:   AtMail
Notification status:   06.12.2011 - Vendor is notified
06.02.2012 - Vulnerability details were sent to CERT
26.03.2012 - Vendor releases fixed version and details
26.03.2012 - Public disclosure
PT-2011-47: Denial of Service in SAP
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date:   08.05.2012
Vector:   Remote
Systems affected:   SAP
Vendor:   SAP
Notification status:   02.12.2011 - Vendor is notified
02.12.2011 - Vendor gets vulnerability details
08.05.2012 - Vendor releases fixed version and details
08.08.2012 - Public disclosure
PT-2011-46: Information disclosure in SAP
Severity:   Medium (5.0) (AV:N/AC:L/AU:N/C:P/I:N/A:N)
Fix date:   03.08.2012
Vector:   Remote
Systems affected:   SAP
Vendor:   SAP
Notification status:   02.12.11 - Vendor is notified
02.12.11 - Vendor gets vulnerability details
03.08.12 - Vendor releases fixed version and details
23.08.12 - Public disclosure
PT-2011-45: Denial of Service in SAP
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date:   08.05.2012
Vector:   Remote
Systems affected:   SAP
Vendor:   SAP
Notification status:   02.12.2011 - Vendor is notified
02.12.2011 - Vendor gets vulnerability details
08.05.2012 - Vendor releases fixed version and details
08.08.2012 - Public disclosure
PT-2011-44: Denial of Service in SAP
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date:   08.05.2012
Vector:   Remote
Systems affected:   SAP
Vendor:   SAP
Notification status:   02.12.2011 - Vendor is notified
02.12.2011 - Vendor gets vulnerability details
08.05.2012 - Vendor releases fixed version and details
08.08.2012 - Public disclosure
PT-2011-43: Database information disclosure in Kayako Fusion
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   25.11.2011
Vector:   Remote
Systems affected:   Kayako Fusion
Vendor:   Kayako
Notification status:   25.11.2011 - Vendor is notified
25.11.2011 - Vendor gets vulnerability details
25.11.2011 - Vendor releases fixed version and details
02.12.2011 - Public disclosure
PT-2011-41: Stored XSS vulnerability in Citrix License Administration Console
Severity:   Medium (4.9) (AV:N/AC:H/Au:S/C:C/I:N/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix License Administration Console 11.9
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
PT-2011-40: Multiple CSRF vulnerabilities in Citrix License Administration Console
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix License Administration Console 11.9
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
PT-2011-39: Denial of Service in Citrix XenServer Workload Balancer
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer-6.0.0 WLB
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
PT-2011-38: URL redirector abuse in Citrix XenServer Virtual Switch Controller
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer Virtual Switch Controller 6.0.x
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
PT-2011-37: HTTP Response Splitting in Citrix XenServer Virtual Switch Controller
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer Virtual Switch Controller 6.0.x
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
PT-2011-36: Insufficient authorization in Citrix XenServer Virtual Switch Controller
Severity:   High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date:   13.03.2012
Vector:   Local
Systems affected:   Citrix XenServer Virtual Switch Controller 6.0.x
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
PT-2011-35: Multiple CSRF vulnerabilities in Citrix XenServer Virtual Switch Controller
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   13.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer Virtual Switch Controller 6.0.x
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
PT-2011-34: HTTP Response Splitting in Citrix XenServer Web Self Service
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   10.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer 6.0 Web Self Service 1.1
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
PT-2011-33: URL redirector abuse in Citrix XenServer Web Self Service
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date:   10.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer 6.0 Web Self Service 1.1
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
PT-2011-32: Cross-site scripting in Citrix XenServer Web Self Service
Severity:   Medium (4.9) (AV:N/AC:H/Au:S/C:C/I:N/A:N)
Fix date:   10.03.2012
Vector:   Remote
Systems affected:   Citrix XenServer 6.0 Web Self Service 1.1
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
PT-2011-31: Multiple Cross-Site Request Forgery vulnerabilities in Citrix XenServer Web Self Service
Severity:   High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date:   10.04.2012
Vector:   Remote
Systems affected:   Citrix XenServer 6.0 Web Self Service 1.1
Vendor:   Citrix
Notification status:   10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
PT-2011-30: Disclosure of sensitive information in D-Link DIR-300 Router
Severity:   Medium (6.8) (AV:N/AC:L/Au:S/C:C/I:N/A:N)
Fix date:   19.09.2011
Vector:   Remote
Systems affected:   D-Link DIR-300
Vendor:   D-Link
Notification status:   09.09.2011 - Vendor is notified
09.09.2011 - Vendor gets vulnerability details
19.09.2011 - Vendor releases fixed version and details
20.10.2011 - Public disclosure
PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300
Severity:   High (10.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   19.09.2011
Vector:   Remote
Systems affected:   D-Link DIR-300
Vendor:   D-Link
Notification status:   09.09.2011 - Vendor is notified
09.09.2011 - Vendor gets vulnerability details
19.09.2011 - Vendor releases fixed version and details
20.10.2011 - Public disclosure
PT-2011-27: Multiple Vulnerabilities in Cisco ACS Web Interface
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   13.02.2012
Vector:   Remote
Systems affected:   Cisco Secure ACS 5.x
Vendor:   Cisco
Notification status:   28.07.2011 - Vendor is notified
28.07.2011 - Vendor gets vulnerability details
13.02.2012 - Vendor releases fixed version and details 
20.02.2012 - Public disclosure
PT-2011-26: Multiple Cross-Site Request Forgery and "Stored XSS" Vulnerabilities in Cisco ACS
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date:   13.02.2012
Vector:   Remote
Systems affected:   Cisco Secure ACS 5.x
Vendor:   Cisco
Notification status:   19.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
13.02.2012 - Vendor releases fixed version and details
20.02.2012 - Public disclosure
PT-2011-25: SQL injection vulnerabilities in Support Incident Tracker
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   17.07.2011
Vector:   Remote
Systems affected:   Support Incident Tracker 3.x
Vendor:   Support Incident Tracker
Notification status:   13.07.2011 - Vendor is notified
13.07.2011 - Vendor gets vulnerability details
17.07.2011 - Vendor releases fixed version and details
22.07.2011 - Public disclosure
PT-2011-24: Security Restrictions Bypassing in Arbor Peakflow X
Severity:   Medium (6.8) (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Fix date:   02.03.2012
Vector:   Remote
Systems affected:   Arbor Peakflow X
Vendor:   Arbor Networks
Notification status:   12.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
02.03.2012 - Vendor releases fixed version and details
31.10.2013 - Public disclosure
PT-2011-23: Database information disclosure in GLPI
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   21.07.2011
Vector:   Remote
Systems affected:   GLPI 0.x
Vendor:   GLPI
Notification status:   11.07.2011 - Vendor is notified
20.07.2011 - Vendor gets vulnerability details
21.07.2011 - Vendor releases fixed version and details
03.08.2011 - Public disclosure
PT-2011-22: Buffer overflow in Adobe Flash Player
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   09.08.2011
Vector:   Remote
Systems affected:   Adobe Flash Player 10.x
Vendor:   Adobe Systems
Notification status:   28.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
09.08.2011 - Vendor releases fixed version and details
28.03.2012 - Public disclosure
PT-2011-21: SQL injection vulnerability in OneOrZero AIMS
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   No fix available
Vector:   Remote
Vendor:   OneOrZero
Notification status:   08.07.2011 - Vendor is notified
23.08.2011 - Vulnerability details were sent to CERT
19.10.2011 - Public disclosure
PT-2011-20: Authorization bypass vulnerability in OneOrZero AIMS
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   No fix available
Vector:   Remote
Vendor:   OneOrZero
Notification status:   08.07.2011 - Vendor is notified
23.08.2011 - Vulnerability details were sent to CERT
19.10.2011 - Public disclosure
PT-2011-19: SQL injection vulnerability in Help Request System
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   16.07.2011
Vector:   Remote
Systems affected:   Help Request System 1.x
Vendor:   Help Request System
Notification status:   07.07.2011 - Vendor is notified
15.07.2011 - Vendor gets vulnerability details
16.07.2011 - Vendor releases fixed version and details
24.08.2011 - Public disclosure
PT-2011-18: Cross-Site Scripting in Arbor Peakflow X
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   02.03.2012
Vector:   Remote
Systems affected:   Arbor Peakflow X
Vendor:   Arbor Networks
Notification status:   01.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
02.03.2012 - Vendor releases fixed version and details
31.10.2013 - Public disclosure
PT-2011-16: Denial Of Service in Mozilla Firefox
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date:   21.11.2012
Vector:   Remote
Systems affected:   Mozilla Firefox 3.6.x
Mozilla Firefox 4.0.x
Mozilla Firefox 16.x
Vendor:   Mozilla
Notification status:   29.06.2011 - Vendor is notified
15.07.2011 - Vendor gets vulnerability details
14.09.2011 - Vulnerability details were sent to CERT
18.10.2011 - Public disclosure
PT-2011-14: SQL injection vulnerability in BoonEx Dolphin
Severity:   High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date:   No fix available
Vector:   Remote
Vendor:   BoonEx
Notification status:   29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT
14.09.2011 - Public disclosure
PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   29.03.2012
Vector:   Remote
Systems affected:   ManageEngine ServiceDesk Plus 8.x
Vendor:   ManageEngine ServiceDesk Plus 8.x
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.03.2012 - Vendor releases fixed version and details
23.04.2012 - Public disclosure
PT-2011-12: Information Disclosure in ManageEngine ServiceDesk Plus 8.0
Severity:   Medium (6.3) (AV:N/AC:M/Au:S/C:C/I:N/A:N)
Fix date:   29.11.2011
Vector:   Remote
Systems affected:   ManageEngine ServiceDesk Plus 8.x
Vendor:   ManageEngine ServiceDesk Plus 8.x
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.11.2011 - Vendor releases fixed version and details
27.01.2012 - Public disclosure
PT-2011-11: Arbitary Files Reading in ManageEngine ServiceDesk Plus 8.0
Severity:   High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date:   23.04.2012
Vector:   Remote
Systems affected:   ManageEngine ServiceDesk Plus 8.x
Vendor:   ManageEngine ServiceDesk Plus 8.x
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
23.04.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
PT-2011-10: Abritrary Files Loading in ManageEngine ServiceDesk Plus 8.0
Severity:   High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Fix date:   23.04.2012
Vector:   Remote
Systems affected:   ManageEngine ServiceDesk Plus 8.x
Vendor:   ManageEngine ServiceDesk Plus 8.x
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
23.04.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0
Severity:   High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Fix date:   29.03.2012
Vector:   Remote
Systems affected:   ManageEngine ServiceDesk Plus 8.x
Vendor:   ManageEngine ServiceDesk Plus 8.x
Notification status:   24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.03.2012 - Vendor releases fixed version and details
23.04.2012 - Public disclosure
PT-2011-08: Multiple vulnerabilities in Dlink DPH 150SE/E/F1
Severity:   High (9.7) (AV:N/AC:L/Au:N/C:P/I:C/A:C)
Fix date:   20.07.2011
Vector:   Remote
Systems affected:   D-Link DPH 150s IP Phone
Vendor:   D-Link
Notification status:   24.06.2011 - Vendor is notified
27.06.2011 - Vendor gets vulnerability details
20.07.2011 - Vendor releases fixed version and details
22.07.2011 - Public disclosure
PT-2011-07: Cross-Site Scripting in Cisco Small Business Devices
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   12.06.2012
Vector:   Remote
Systems affected:   Cisco SPA8000 8-port IP Telephony Gateway 6.x
Cisco SPA8800 IP Telephony Gateway 6.x
Cisco SPA2102 Phone Adapter with Router 5.x
Cisco SPA3102 Voice Gateway with Router 5.x
Cisco Small Business SPA500 Series IP Phones 7.x
Vendor:   Cisco
Notification status:   23.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details
12.06.2012 - Vendor releases fixed version and details
27.09.2012 - Public disclosure
PT-2011-06
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Fix date:   No fix available
Vector:   Remote
Vendor:   VMWare
Notification status:   20.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details
PT-2011-05: Cross-Site Scripting in Koha Library Software
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   19.06.2011
Vector:   Remote
Systems affected:   Koha 3.x
Vendor:   Koha Library Software
Notification status:   31.05.2011 - Vendor is notified
15.06.2011 - Vendor gets vulnerability details
19.06.2011 - Vendor releases fixed version and details
06.07.2011 - Public disclosure
PT-2011-04: Cross-Site Scripting in Kayako Support Suite
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   25.08.2011
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
Vendor:   Kayako Web Solutions
Notification status:   30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
PT-2011-03: Information disclosure in Kayako Support Suite
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date:   25.08.2011
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
Vendor:   Kayako Web Solutions
Notification status:   30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
PT-2011-02: PHP code Injection in Kayako Support Suite
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date:   25.08.2011
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
Vendor:   Kayako Web Solutions
Notification status:   30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
PT-2011-01: Cross-Site Scripting in Kayako Support Suite
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date:   25.08.2011
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
Vendor:   Kayako Web Solutions
Notification status:   30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
PT-2010-11
Severity:   High (10.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date:   No fix available
Vector:   Remote
Vendor:   IrisvisiaCMS
Notification status:   11.09.2010 - Sent email to vendor
PT-2010-09
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Newton CMS
Notification status:   10.09.2010 - vendor notified
11.09.2010 - Status request sent
PT-2010-08
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   Quantum Art
Notification status:   08.19.2010 - Vendor notified
11.09.2010 - Status request sent
PT-2010-05
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date:   No fix available
Vector:   Remote
Vendor:   OpenSSL Project
Notification status:   09/07/2010 - Vendor notified
PT-2009-44: Multiple vulnerabilities in Kayako Support Suite
Severity:   Medium (6.4) AV:N/AC:H/Au:M/C:C/I:C/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:   Kayako
Notification status:   10/12/2009 - Vendor notified
10/13/2009 - Vendor response
PT-2009-43: Session predictability in Kayako Support Suite
Severity:   Low (4.3) AV:N/AC:M/Au:N/C:P/I:N
Fix date:   12.03.2010
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
Vendor:   Kayako
Notification status:   10/12/2009 - Vendor notified
10/13/2009 - Vendor response
02/09/2010 - The vendor confirmed the vulnerability and issued a workaround decision
03/12/2010 - Requested status update from vendor
04/08/2010 - Public disclosure
PT-2009-42: Cross-Site Request Forgery in Kayako Support Suite
Severity:   Medium (7.0) AV:N/AC:M/Au:S/C:C/I:P
Fix date:   09.02.2010
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
Vendor:   Kayako
Notification status:   10/12/2009 - Vendor notified
10/13/2009 - Vendor response
01/19/2010 - The vendor confirmed the vulnerability and issued a workaround decision
02/09/2010 - Requested status update from vendor
04/08/2010 - Public disclosure
PT-2009-41: Multiple vulnerabilities in Kayako Support Suite
Severity:   Low (6.4) AV:N/AC:L/Au:N/C:P/I:N/A:P
Fix date:   12.03.2010
Vector:   Remote
Systems affected:   Kayako SupportSuite 3.x
Vendor:   Kayako
Notification status:   10/12/2009 - Vendor notified
10/13/2009 - Vendor response
01/26/2010 - The vendor confirmed the vulnerability and issued a workaround decision
03/12/2010 - Requested status update from vendor
04/08/2010 - Public disclosure
PT-2009-40: JIRA sensitive information disclosure
Severity:   Low (0.0) (AV:N/AC:L/Au:N/C:N/I:N/A:N/E:P/RL:W/RC:C)
Fix date:   24.06.2009
Vector:   Remote
Systems affected:   JIRA 3.13.4
Vendor:   Atlassian
Notification status:   06/02/2009 - Vendor notified
06/03/2009 - Vendor response
06/04/2009 - The vendor confirmed the vulnerability and issued a workaround decision
06/24/2009 - Requested status update from vendor
06/24/2009 - Public disclosure
PT-2009-39
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Avaya
Notification status:   04.08.2009 - Vendor notified
04.13.2009 - Vendor response
04.14.2009 - Sent detail information
PT-2009-38
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Citrix
Notification status:   04.10.2009 - Vendor notified
04.16.2009 - Vendor response
04.16.2009 - Sent detail information
PT-2009-37
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Cisco
Notification status:   04.10.2009 - Vendor notified
PT-2009-36: Neo CMS SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   27.03.2009
Vector:   Remote
Systems affected:   Neo CMS
Vendor:  
Notification status:   03/26/2009 - Vendor notified
03/26/2009 - Vendor response
03/27/2009 – Vendor releases the update
05/26/2009 - Public disclosure
PT-2009-35: SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03/25/2009 - Vendor is notified
03/26/2009 - Vendor response
PT-2009-34: AKmedia CMS SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   26.03.2009
Vector:   Remote
Systems affected:   AKmedia CMS
Vendor:  
Notification status:   03/25/2009 - Vendor is notified
03/25/2009 - Vendor response
03/26/2009 – Vendor releases the update
05/26/2009 - Public disclosure
PT-2009-33 iNTERNET.cms Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   18.05.2009
Vector:   Remote
Systems affected:   iNTERNET.cms
Vendor:  
Notification status:   03/25/2009 - Vendor is notified
03/26/2009 - Vendor response
05/18/2009 - Vendor releases fixed version
05/26/2009 - Requested status update from vendor
05/27/2009 - Public disclosure
PT-2009-32 Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03/25/2009 - Vendor is notified
03/25/2009 - Vendor response
PT-2009-31: Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03.11.2009 - Vendor notified
no response
03.24.2009 - Second notification
PT-2009-30: Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03.12.2009 - Vendor notified
no response
03.24.2009 - Second notification
PT-2009-29: Tribiq CMS Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   29.09.2009
Vector:   Remote
Systems affected:   Tribiq CMS 5.0.11
Vendor:  
Notification status:   03/24/2009 - Vendor notified
03/24/2009 - Vendor response
09/29/2009 - Vendor issues the fixed version
10/07/2009 - Public disclosure
PT-2009-28: SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03/24/2009 - Vendor is notified
03/24/2009 - Vendor response
PT-2009-27: Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:   Huberspace
Notification status:   03/24/2009 - Vendor notified
PT-2009-26 Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   No fix available
Vector:   Remote
Vendor:   Cupid Systems
Notification status:   03/11/2009 - Vendor is notified
03/11/2009 - Vendor response
03/24/2009 - Requested status update from vendor
PT-2009-25: Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03/11/2009 - Vendor notified
03/11/2009 - Vendor response
03/24/2009 - Requested status update from vendor
PT-2009-24: ELDORADO CMS Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   13.03.2009
Vector:   Remote
Systems affected:   ELDORADO CMS 3.x
Vendor:  
Notification status:   03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/24/2009 - Requested status update from vendor
03/13/2009 – Vendor releases the update
05/26/2009 - Public disclosure
PT-2009-23: Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor

PT-2009-22: EXcms Root directory disclosure vulnerability
Severity:   Low (0.0) AV:N/AC:L/Au:N/C:N/I:N/A:N
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03/03/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor
05/26/2009 - Second requested status update from vendor
05/26/2009 - Vendor response
05/27/2009 - Public disclosure


PT-2009-21: CMS.Pilot SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   No fix available
Vector:   Remote
Vendor:  
Notification status:   03/02/2009 - Vendor notified
no response
03/10/2009 - Second notification
no response
03/24/2009 - Second notification
no response
05/27/2009 - Public disclosure
PT-2009-20: A.CMS Multiple Vulnerabilities
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   04.03.2009
Vector:   Remote
Systems affected:   A.CMS 1.x
Vendor:  
Notification status:   03/02/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Vendor issues the fixed version
03/10/2009 - Requested status update from vendor

PT-2009-19
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Cisco
Notification status:   03.10.2009 - Vendor notified
PT-2009-18: Cetera CMS SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   24.03.2009
Vector:   Remote
Systems affected:   Cetera CMS
Vendor:  
Notification status:   02/03/2009 - Vendor is notified
02/03/2009 - Vendor response
03/03/2009 - Requested status update from vendor
03/24/2009 - Requested status update from vendor
03/24/2009 - Vendor releases fixed version and details
05/26/2009 - Public disclosure
PT-2009-17: ABO.CMS Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   05.04.2009
Vector:   Remote
Systems affected:   ABO.CMS 5.x
Vendor:  
Notification status:   03/02/2009 - Vendor notified
03/03/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor
PT-2009-16: Subrion CMS Multiple Vulnerabilities
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   25.03.2009
Vector:   Remote
Systems affected:   Subrion CMS 1.x
Vendor:  
Notification status:   03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/10/2009 - Requested status update from vendor
03/24/2009 - Second requested status update from vendor
03/25/2009 – Vendor releases the update
05/26/2009 - Public disclosure
PT-2009-15 Living CMS Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   11.03.2009
Vector:   Remote
Systems affected:   Living CMS 1.x
Vendor:  
Notification status:   03/03/2009 - Vendor notified
03/04/2009 - Vendor response
03/10/2009 - Requested status update from vendor

PT-2009-14: BLOG CMS Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   03.03.2009
Vector:   Remote
Systems affected:   BLOG:CMS 4.x
Vendor:  
Notification status:   03/03/2009 - Vendor is notified
03/03/2009 - Vendor response
03/03/2009 - Requested status update from vendor
03/03/2009 - Vendor issues the fixed version

PT-2009-13: TinX CMS SQL Injection Vulnerability
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date:   05.03.2009
Vector:   Remote
Systems affected:   TinX/cms 3.x
Vendor:  
Notification status:   03/04/2009 - Vendor is notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/05/2009 - Vendor releases fixed version and details
03/06/2009 - Public disclosure

PT-2009-12: UMI.CMS Cross-Site Scripting Vulnerability
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date:   06.03.2009
Vector:   Remote
Systems affected:   UMI.CMS 2.x
Vendor:   Umisoft
Notification status:   03/04/2009 - Vendor notified
03/04/2009 - Vendor response
03/04/2009 - Requested status update from vendor
03/06/2009 - Vendor releases fixed version and details
03/06/2009 - Public disclosure

PT-2009-11: SlySoft Multiple Products ElbyCDIO.sys Denial of Service
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   06.03.2009
Vector:   Local
Systems affected:   AnyDVD 6.x
Virtual CloneDrive 5.x
CloneDVD 2.x
CloneCD 5.x
Vendor:   SlySoft
Notification status:   02.11.2009 - Vendor notified
02.11.2009 - Vendor replied
02.12.2009 - Sent detailed information
03.06.2009 - Vendor released fixed version
03.12.2009 - Public disclosure
PT-2009-09: Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Trend Micro
Notification status:   02.04.2009 - Vendor notified
no response
02.12.2009 - Second notification
no response
03.31.2009 - Vulnerability details disclosed by third party
03.31.2009 - Public disclosure
PT-2009-08
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Sunbelt Software
Notification status:   02.04.2009 - Vendor notified
no response
02.12.2009 - Second notification
no response
PT-2009-07
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   PC Tools
Notification status:   02.04.2009 - Vendor notified
02.11.2009 - Vendor replied
02.24.2009 - Sent detailed information

PT-2009-06
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   F-Secure
Notification status:   02.04.2009 - Vendor notified
02.11.2009 - Vendor replied
02.16.2009 - Sent detailed information
02.16.2009 - Vendor replied

PT-2009-05: CA Internet Security Suite Denial of Service Vulnerability
Severity:   Medium (4.9) AV:L/AC:L/Au:N/C:N/I:N/A:C
Fix date:   18.08.2009
Vector:   Local
Systems affected:   CA Internet Security Suite Plus 2009
CA Internet Security Suite Plus 2008
CA Internet Security Suite 2007
Vendor:   Computer Associates (CA)
Notification status:   02/04/2009 - Vendor notified
02/04/2009 - Vendor response
02/04/2009 - Details sent
08/18/2009 - Vendor releases fixed version and details
08/25/2009 - Public disclosure
PT-2009-04
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Tall Emu
Notification status:   02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information
PT-2009-03
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Tall Emu
Notification status:   02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information
PT-2009-02
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Tall Emu
Notification status:   02.04.2009 - Vendor notified
02.04.2009 - Sent detailed information
PT-2009-01: PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities
Severity:   Medium (6.2) AV:L/AC:H/Au:N/C:C/I:C/A:C
Fix date:   02.04.2009
Vector:   Local
Systems affected:   PGP Corporate Desktop 9.x
Vendor:   PGP
Notification status:   02.04.2009 - Vendor notified
02.04.2009 - Vendor replied
02.04.2009 - Sent detailed information
04.02.2009 - Vendor released fixed versions
04.13.2009 - Public disclosure
PT-2008-09: Microsoft Windows MSMQ Privilege Escalation Vulnerability
Severity:   High (7.2) AV:L/AC:M/Au:S/C:C/I:C/A:C
Fix date:   11.08.2009
Vector:   Local
Systems affected:   Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Vendor:   Microsoft
Notification status:   11.19.2008 - Vendor notified
11.21.2008 - Vendor replied
08.11.2009 - Vendor released patches
08.12.2009 - Public disclosur
PT-2008-08
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date:   No fix available
Vector:   Local
Vendor:   Microsoft
Notification status:   11.19.2008 - Vendor notified
11.21.2008 - Vendor replied

PT-2008-07: VMware Multiple Products hcmon.sys Denial of Service Vulnerability
Severity:   Medium (4.4) AV:L/AC:M/Au:S/C:N/I:N/A:C
Fix date:   31.03.2009
Vector:   Local
Systems affected:   VMware Workstation 6.x
VMWare Player 2.x
VMWare ACE 2.x
VMware Server 2.x
Vendor:   VMWare
Notification status:   10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
03.31.2009 - Vendor released fixed versions
04.06.2009 - Public disclosure
PT-2008-06 VMware Multiple Products Denial of Service Vulnerability
Severity:   Medium (4.4) AV:L/AC:M/Au:S/C:N/I:N/A:C
Fix date:   28.05.2009
Vector:   Local
Systems affected:   VMware Workstation 6.x
VMWare Player 2.x
Vendor:   VMWare
Notification status:   10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
05.28.2009 - Vendor releases fixed version and details
PT-2008-05: VMware Multiple Products vmci.sys Privilege Escalation Vulnerability
Severity:   Medium (6.6) AV:L/AC:M/Au:S/C:C/I:C/A:C
Fix date:   03.04.2009
Vector:   Local
Systems affected:   VMware Workstation 6.x
VMWare Player 2.x
VMware Server 2.x
VMWare ACE 2.x
Vendor:   VMWare
Notification status:   10.14.2008 - Vendor notified
10.16.2008 - Vendor replied
10.16.2008 - Sent detailed information
04.03.2009 - Vendor released fixed versions
04.06.2009 - Public disclosure
back to top

connect...