Positive Technologies — Information Security, Compliance Management, Consulting. MaxPatrol Compliance and Vulnerability Management System.

Vulnerability Alerts

ThreatScape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol™ and PT Application Inspector™.

Threat Level Details
26.07.2017 PT-2017-13: Elevation of Privilege in Microsoft Windows
high
Severity: High (7.8) (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix date: 09.05.2017
Vector: Local
Systems affected: Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008
Microsoft Windows 10
Microsoft Windows 8.1
Microsoft Windows 7
Vendor: Microsoft
Notification status: 07.05.2017 - Vendor gets vulnerability details
09.05.2017 - Vendor releases fixed version and details
24.10.2017 - Public disclosure
26.07.2017 PT-2017-12
Fix date: No fix available
Vector:
Systems affected: Intel Management Engine 11.x
Vendor: Intel
Notification status: 26.07.2017 - Vendor gets vulnerability details
02.04.2017 PT-2017-11
medium
Severity: Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: ABB
Notification status: 02.04.2017 - Vendor gets vulnerability details
16.03.2017 PT-2017-10
medium
Severity: Medium (6.5) (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Hirschmann
Notification status: 16.03.2017 - Vendor gets vulnerability details
16.03.2017 PT-2017-09
medium
Severity: Medium (5.3) (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Hirschmann
Notification status: 16.03.2017 - Vendor gets vulnerability details
16.03.2017 PT-2017-08
medium
Severity: Medium (4.2) (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Hirschmann
Notification status: 16.03.2017 - Vendor gets vulnerability details
16.03.2017 PT-2017-07
high
Severity: High (7.5) (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Hirschmann
Notification status: 16.03.2017 - Vendor gets vulnerability details
28.02.2017 PT-2017-06: Race Condition in Linux
high
Severity: High (7.8) (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix date: 10.03.2017
Vector: Local
Systems affected: Linux Kernel 4.10.x
Vendor: Linux
Notification status: 28.02.2017 - Vendor gets vulnerability details
10.03.2017 - Vendor releases fixed version and details
17.03.2017 - Public disclosure
20.02.2017 PT-2017-05
high
Severity: High (7.8) (AV:N/AC:M/Au:N/C:C/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: RocketChat
Notification status: 20.02.2017 - Vendor gets vulnerability details
27.01.2017 PT-2017-04: Security Restrictions Bypass in Kaspersky Embedded Systems Security
high
Severity: High (7.1) (AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Fix date: 15.05.2017
Vector: Local
Systems affected: Kaspersky Embedded Systems Security
Vendor: Kaspersky Labs
Notification status: 27.01.2017 - Vendor gets vulnerability details
15.05.2017 - Vendor releases fixed version and details
01.11.2017 - Public disclosure
18.01.2017 PT-2017-03: Buffer Overflow in Checker ATM Security
high
Severity: High (8.8) (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Fix date: 06.04.2017
Vector: Remote
Systems affected: Checker ATM Security
Vendor: GMV
Notification status: 18.01.2017 - Vendor gets vulnerability details
06.04.2017 - Vendor releases fixed version and details
04.05.2017 - Public disclosure
11.01.2017 PT-2017-02: Insufficient Permissions in Rockwell Automation Micrologix 1100 and 1400 PLC
low
Severity: Low (2.7) (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)
Fix date: 05.01.2017
Vector: Remote
Systems affected: Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
Vendor: Rockwell Automation
Notification status: 11.06.2015 - Vendor gets vulnerability details
05.01.2017 - Vendor releases fixed version and details
11.01.2017 - Public disclosure
11.01.2017 PT-2017-01: Information Disclosure in Rockwell Automation Micrologix 1100 and 1400 PLC
medium
Severity: Medium (6.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Fix date: 05.01.2017
Vector: Remote
Systems affected: Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
Vendor: Rockwell Automation
Notification status: 11.06.2015 - Vendor gets vulnerability details
05.01.2017 - Vendor releases fixed version and details
11.01.2017 - Public disclosure
26.12.2016 PT-2016-61: Denial of Service in the web interface to TP-Link wireless devices control system
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date: 20.02.2016
Vector: Remote
Systems affected: TP-LINK AC series models
TP-LINK TL-MR series models
TP-LINK TL-WA series models
TP-LINK TL-WDR series models
TP-LINK TL-WR series models
Vendor: TP-Link
Notification status: 11.03.2015 - Vendor gets vulnerability details
20.02.2016 - Vendor releases fixed version and details
26.12.2016 - Public disclosure
16.12.2016 PT-2016-60
high
Severity: High (7.2) (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: SAP
Notification status: 16.12.2016 - Vendor gets vulnerability details
13.12.2016 PT-2016-59
medium
Severity: Medium (6.7) (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Schneider Electric
Notification status: 13.12.2016 - Vendor gets vulnerability details
13.12.2016 PT-2016-58
medium
Severity: Medium (6.1) (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Schneider Electric
Notification status: 13.12.2016 - Vendor gets vulnerability details
27.10.2016 PT-2016-57
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: RocketChat
Notification status: 27.10.2016 - Vendor gets vulnerability details
27.10.2016 PT-2016-56
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: RocketChat
Notification status: 27.10.2016 - Vendor gets vulnerability details
27.10.2016 PT-2016-55
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: RocketChat
Notification status: 27.10.2016 - Vendor gets vulnerability details
27.10.2016 PT-2016-54
high
Severity: High (7.8) (AV:N/AC:M/Au:N/C:C/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: RocketChat
Notification status: 27.10.2016 - Vendor gets vulnerability details
01.10.2016 PT-2016-53
low
Severity: Low (3.3) (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Siemens
Notification status: 22.07.2016 - Vendor gets vulnerability details
01.10.2016 PT-2016-52
high
Severity: High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Siemens
Notification status: 22.07.2016 - Vendor gets vulnerability details
01.10.2016 PT-2016-51
high
Severity: High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Schneider Electric
Notification status: 11.06.2016 - Vendor gets vulnerability details
01.10.2016 PT-2016-50
high
Severity: High (7.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Schneider Electric
Notification status: 11.06.2016 - Vendor gets vulnerability details
01.10.2016 PT-2016-49
medium
Severity: Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Schneider Electric
Notification status: 11.06.2016 - Vendor gets vulnerability details
01.10.2016 PT-2016-48
medium
Severity: Medium (5.6) (AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Siemens
Notification status: 17.12.2015 - Vendor gets vulnerability details
01.10.2016 PT-2016-47
medium
Severity: Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Siemens
Notification status: 17.12.2015 - Vendor gets vulnerability details
01.10.2016 PT-2016-46
high
Severity: High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Siemens
Notification status: 17.12.2015 - Vendor gets vulnerability details
01.10.2016 PT-2016-45
high
Severity: High (9.4) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: Siemens
Notification status: 17.12.2015 - Vendor gets vulnerability details
01.10.2016 PT-2016-44
high
Severity: High (9.0) (AV:N/AC:L/AU:S/C:C/I:C/A:C)
Fix date: 28.01.2016
Vector: Remote
Systems affected:
Vendor: Siemens
Notification status: 05.11.2015 - Vendor gets vulnerability details
28.01.2016 - Vendor releases fixed version and details
01.10.2016 PT-2016-43
medium
Severity: Medium (4.6) (AV:L/AC:L/Au:S/C:N/I:N/A:C)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: General Electric
Notification status: 05.08.2015 - Vendor gets vulnerability details
01.10.2016 PT-2016-42
medium
Severity: Medium (6.4) (AV:L/AC:L/Au:S/C:C/I:P/A:C)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: General Electric
Notification status: 05.08.2015 - Vendor gets vulnerability details
01.10.2016 PT-2016-41: Information Disclosure in GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian
medium
Severity: Medium (6.4) (AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L)
Fix date: 01.12.2016
Vector: Local
Systems affected: Proficy HMI/SCADA iFIX 5.x
Proficy HMI/SCADA - CIMPLICITY 9.x
Proficy Historian 6.x
Vendor: General Electric
Notification status: 05.08.2015 - Vendor gets vulnerability details
01.12.2016 - Vendor releases fixed version and details
18.01.2017 - Public disclosure
01.10.2016 PT-2016-40
high
Severity: High (8.7) (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Schneider Electric
Notification status: 10.02.2014 - Vendor gets vulnerability details
01.10.2016 PT-2016-39: Information Disclosure in StruxureWare Data Center Expert
high
Severity: High (7.6) (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N)
Fix date: 08.12.2016
Vector: Remote
Systems affected: StruxureWare Data Center Expert 7.x
Vendor: Schneider Electric
Notification status: 11.06.2016 - Vendor gets vulnerability details
08.12.2016 - Vendor releases fixed version and details
15.12.2016 - Public disclosure
01.10.2016 PT-2016-38
medium
Severity: Medium (6.2) (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Intel
Notification status: 01.10.2016 - Vendor gets vulnerability details
01.10.2016 PT-2016-37
medium
Severity: Medium (6.2) (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Intel
Notification status: 01.10.2016 - Vendor gets vulnerability details
15.09.2016 PT-2016-36: Privilege Escalation in McAfee Application Control
high
Severity: High (7.5) (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
Fix date: 01.12.2016
Vector: Local
Systems affected: McAfee Application Control 6.x
McAfee Application Control 7.x
Vendor: McAfee
Notification status: 02.09.2016 - Vendor gets vulnerability details
01.12.2016 - Vendor releases fixed version and details
16.12.2016 - Public disclosure
15.09.2016 PT-2016-35: XML External Entity Injection in Liebert SiteScan
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 29.11.2016
Vector: Remote
Systems affected: Liebert SiteScan 6.x
Vendor: Vertiv
Notification status: 03.10.2013 - Vendor gets vulnerability details
29.11.2016 - Vendor releases fixed version and details
06.12.2016 - Public disclosure
15.09.2016 PT-2016-34: Password Recovery in Siemens SICAM PAS
medium
Severity: Medium (6.8) (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Fix date: 25.11.2016
Vector: Local
Systems affected: Siemens SICAM PAS
Vendor: Siemens
Notification status: 15.01.2016 - Vendor gets vulnerability details
25.11.2016 - Vendor releases fixed version and details
29.11.2016 - Public disclosure
15.09.2016 PT-2016-33: Privilege Gaining in Siemens SICAM PAS
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 25.11.2016
Vector: Remote
Systems affected: Siemens SICAM PAS
Vendor: Siemens
Notification status: 15.01.2016 - Vendor gets vulnerability details
25.11.2016 - Vendor releases fixed version and details
29.11.2016 - Public disclosure
15.09.2016 PT-2016-32: XML External Entity Injection in vCenter Server and vRealize Automation
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date: 22.11.2016
Vector: Remote
Systems affected: VMware vCenter Server 5.5
VMware vCenter Server 6.0
VMware vRealize Automation 7.x
Vendor: VMWare
Notification status: 23.10.2015 - Vendor gets vulnerability details
22.11.2016 - Vendor releases fixed version and details
25.11.2016 - Public disclosure
15.09.2016 PT-2016-31: XML External Entity Injection in vCenter Server
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 22.11.2016
Vector: Remote
Systems affected: VMware vCenter Server 5.5
VMware vCenter Server 6.0
Vendor: VMWare
Notification status: 23.10.2015 - Vendor gets vulnerability details
22.11.2016 - Vendor releases fixed version and details
25.11.2016 - Public disclosure
15.09.2016 PT-2016-30: XML External Entity Injection in vSphere Client
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 22.11.2016
Vector: Remote
Systems affected: VMware vSphere Client 5.5
VMware vSphere Client 6.0
Vendor: VMWare
Notification status: 23.10.2015 - Vendor gets vulnerability details
22.11.2016 - Vendor releases fixed version and details
25.11.2016 - Public disclosure
15.09.2016 PT-2016-29: Information Disclosure in Siemens SICAM PAS
low
Severity: Low (1.9) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 30.06.2016
Vector: Local
Systems affected: Siemens SICAM PAS
Vendor: Siemens
Notification status: 15.01.2016 - Vendor gets vulnerability details
30.06.2016 - Vendor releases fixed version and details
07.11.2016 - Public disclosure
15.09.2016 PT-2016-28: Information Disclosure in Siemens SICAM PAS
low
Severity: Low (1.7) (AV:L/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 30.06.2016
Vector: Local
Systems affected: Siemens SICAM PAS 8.x
Vendor: Siemens
Notification status: 15.01.2016 - Vendor gets vulnerability details
30.06.2016 - Vendor releases fixed version and details
07.11.2016 - Public disclosure
15.09.2016 PT-2016-27
medium
Severity: Medium (6.1) (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
14.03.2017 - Vendor releases fixed version and details
15.09.2016 PT-2016-26
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
15.09.2016 PT-2016-25
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
14.02.2017 - Vendor releases fixed version and details
15.09.2016 PT-2016-24
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
15.09.2016 PT-2016-23: Cross-Site Scripting in SAP NetWeaver
medium
Severity: Medium (6.1) (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Fix date: 10.01.2017
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
10.01.2017 - Vendor releases fixed version and details
13.04.2017 - Public disclosure
15.09.2016 PT-2016-22
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
15.09.2016 PT-2016-21: Cross-Site Scripting in SAP NetWeaver
medium
Severity: Medium (6.1) (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Fix date: 10.01.2017
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
10.01.2017 - Vendor releases fixed version and details
13.04.2017 - Public disclosure
15.09.2016 PT-2016-20
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
15.09.2016 PT-2016-19
medium
Severity: Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
14.03.2017 - Vendor releases fixed version and details
15.09.2016 PT-2016-18: Directory Traversal in SAP NetWeaver
medium
Severity: Medium (5.9) (AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)
Fix date: 10.01.2017
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
10.01.2017 - Vendor releases fixed version and details
13.04.2017 - Public disclosure
15.09.2016 PT-2016-17: Cross-Site Scripting in SAP NetWeaver
medium
Severity: Medium (6.1) (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Fix date: 10.01.2017
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
10.01.2017 - Vendor releases fixed version and details
13.04.2017 - Public disclosure
15.09.2016 PT-2016-16
medium
Severity: Medium (5.4) (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
14.03.2017 - Vendor releases fixed version and details
15.09.2016 PT-2016-15: Cross-Site Scripting in SAP NetWeaver
medium
Severity: Medium (5.4) (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Fix date: 10.01.2017
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 15.09.2016 - Vendor gets vulnerability details
10.01.2017 - Vendor releases fixed version and details
13.04.2017 - Public disclosure
11.08.2016 PT-2016-14: Information Disclosure in Siemens SIMATIC STEP 7 (TIA Portal)
low
Severity: Low (1.9) (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 12.10.2016
Vector: Local
Systems affected: Siemens SIMATIC STEP 7 (TIA Portal) 13.x
Siemens SIMATIC STEP 7 (TIA Portal) 12.x
Vendor: Siemens
Notification status: 15.01.2015 - Vendor gets vulnerability details
12.10.2016 - Vendor releases fixed version and details
03.11.2016 - Public disclosure
11.08.2016 PT-2016-13: Information Disclosure in Siemens SIMATIC STEP 7 (TIA Portal)
low
Severity: Low (1.9) (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 12.10.2016
Vector: Local
Systems affected: Siemens SIMATIC STEP 7 (TIA Portal) 13.x
Siemens SIMATIC STEP 7 (TIA Portal) 12.x
Vendor: Siemens
Notification status: 15.01.2015 - Vendor gets vulnerability details
12.10.2016 - Vendor releases fixed version and details
03.11.2016 - Public disclosure
10.08.2016 PT-2016-12: HTTP Header Injection in VMware vCenter Server and ESXi
medium
Severity: Medium (5.5) (AV:N/AC:L/Au:S/C:P/I:P/A:N)
Fix date: 04.08.2016
Vector: Remote
Systems affected: VMWare vCenter Server 6.x
VMware ESXi 6.x
Vendor: VMWare
Notification status: 23.10.2015 - Vendor gets vulnerability details
04.08.2016 - Vendor releases fixed version and details
11.08.2016 - Public disclosure
27.05.2016 PT-2016-11: Insecure Authentication Data Storage in ABB PCM600
medium
Severity: Medium (4.1) (AV:L/AC:M/Au:S/C:P/I:P/A:P)
Fix date: 31.05.2016
Vector: Local
Systems affected: PCM600 2.x
Vendor: ABB
Notification status: 09.06.2015 - Vendor gets vulnerability details
31.05.2016 - Vendor releases fixed version and details
09.06.2016 - Public disclosure
27.05.2016 PT-2016-10: Insecure Password Storage in ABB PCM600
low
Severity: Low (3.0) (AV:L/AC:M/Au:S/C:P/I:N/A:P)
Fix date: 31.05.2016
Vector: Local
Systems affected: PCM600 2.x
Vendor: ABB
Notification status: 09.06.2015 - Vendor gets vulnerability details
31.05.2016 - Vendor releases fixed version and details
09.06.2016 - Public disclosure
27.05.2016 PT-2016-09: Password Access in ABB PCM600
low
Severity: Low (1.5) (AV:L/AC:M/Au:S/C:P/I:N/A:N)
Fix date: 31.05.2016
Vector: Local
Systems affected: PCM600 2.x
Vendor: ABB
Notification status: 09.06.2015 - Vendor gets vulnerability details
31.05.2016 - Vendor releases fixed version and details
09.06.2016 - Public disclosure
27.05.2016 PT-2016-08: Weak Password Hashing in ABB PCM600
low
Severity: Low (1.5) (AV:L/AC:M/Au:S/C:P/I:N/A:N)
Fix date: 31.05.2016
Vector: Local
Systems affected: PCM600 2.x
Vendor: ABB
Notification status: 09.06.2015 - Vendor gets vulnerability details
31.05.2016 - Vendor releases fixed version and details
09.06.2016 - Public disclosure
27.05.2016 PT-2016-07: Unauthorized Access in Vesta Control Panel
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 27.06.2016
Vector: Remote
Systems affected: Vesta Control Panel 0.х
Vendor: Vesta Control Panel
Notification status: 27.05.2016 - Vendor gets vulnerability details
27.06.2016 - Vendor releases fixed version and details
15.07.2016 - Public disclosure
10.03.2016 PT-2016-06: Information Disclosure in Advantech WebAccess
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 14.01.2016
Vector: Remote
Systems affected: Advantech Webaccess 8.x
Vendor: Advantech
Notification status: 15.12.2014 - Vendor gets vulnerability details
14.01.2016 - Vendor releases fixed version and details
10.03.2016 - Public disclosure
10.03.2016 PT-2016-05: Arbitrary Code Execution in Advantech WebAccess
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 14.01.2016
Vector: Remote
Systems affected: Advantech Webaccess 8.x
Vendor: Advantech
Notification status: 15.12.2014 - Vendor gets vulnerability details
14.01.2016 - Vendor releases fixed version and details
10.03.2016 - Public disclosure
10.03.2016 PT-2016-04: Cross-Site Request Forgery in Advantech WebAccess
medium
Severity: Medium (6.8) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: 14.01.2016
Vector: Remote
Systems affected: Advantech Webaccess 8.x
Vendor: Advantech
Notification status: 15.12.2014 - Vendor gets vulnerability details
14.01.2016 - Vendor releases fixed version and details
10.03.2016 - Public disclosure
10.03.2016 PT-2016-03: SQL Injection in Advantech WebAccess
medium
Severity: Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: 14.01.2016
Vector: Remote
Systems affected: Advantech Webaccess 8.x
Vendor: Advantech
Notification status: 15.12.2014 - Vendor gets vulnerability details
14.01.2016 - Vendor releases fixed version and details
10.03.2016 - Public disclosure
10.03.2016 PT-2016-02: Cross-Site Scripting in Advantech WebAccess
low
Severity: Low (3.5) (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Fix date: 14.01.2016
Vector: Remote
Systems affected: Advantech Webaccess 8.x
Vendor: Advantech
Notification status: 15.12.2014 - Vendor gets vulnerability details
14.01.2016 - Vendor releases fixed version and details
10.03.2016 - Public disclosure
10.03.2016 PT-2016-01: Arbitrary File Upload in Advantech WebAccess
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 14.01.2016
Vector: Remote
Systems affected: Advantech Webaccess 8.x
Vendor: Advantech
Notification status: 15.12.2014 - Vendor gets vulnerability details
14.01.2016 - Vendor releases fixed version and details
10.03.2016 - Public disclosure
16.11.2015 PT-2015-18: XML External Entity Injection in 1С:Enterprise
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: 19.11.2015
Vector: Remote
Systems affected: 1C: Enterprise 8.x
Vendor: 1C
Notification status: 10.11.2015 - Vendor gets vulnerability details
19.11.2015 - Vendor releases fixed version and details
09.09.2016 - Public disclosure
03.12.2015 PT-2015-17: SQL injection in Rockwell Automation Micrologix 1100 and 1400 PLC
medium
Severity: Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: 27.10.2015
Vector: Remote
Systems affected: Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
Vendor: Rockwell Automation
Notification status: 11.06.2015 - Vendor gets vulnerability details
27.10.2015 - Vendor releases fixed version and details
03.12.2015 - Public disclosure
16.11.2015 PT-2015-16: Cross-site scripting in Rockwell Automation Micrologix 1100 and 1400 PLC
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 27.10.2015
Vector: Remote
Systems affected: Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
Vendor: Rockwell Automation
Notification status: 11.06.2015 - Vendor gets vulnerability details
27.10.2015 - Vendor releases fixed version and details
03.12.2015 - Public disclosure
16.11.2015 PT-2015-15: Information Disclosure in LiteSpeed Web Server
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 17.04.2015
Vector: Remote
Systems affected: LiteSpeed Web Server 4.x
Vendor: LiteSpeed Technologies
Notification status: 20.03.2015 - Vendor gets vulnerability details
17.04.2015 - Vendor releases fixed version and details
17.11.2015 - Public disclosure
08.04.2015 PT-2015-14: Password Access in Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014
medium
Severity: Medium (6.4) (AV:L/AC:L/Au:S/C:C/I:C/A:P)
Fix date: 30.07.2015
Vector: Local
Systems affected: InduSoft Web Studio 7.x
InTouch Machine Edition 2014
Vendor: Schneider Electric
Notification status: 01.04.2014 - Vendor gets vulnerability details
30.07.2015 - Vendor releases fixed version and details
26.08.2015 - Public disclosure
08.04.2015 PT-2015-13: Unauthorized Access in Siemens SIMATIC HMI Devices
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 08.04.2015 12:15:00
Vector: Remote
Systems affected: Siemens SIMATIC HMI Comfort Panels
Siemens SIMATIC WinCC Runtime Advanced
Siemens SIMATIC WinCC (TIA Portal) 13.x
Vendor: Siemens
Notification status: 22.04.2014 - Vendor gets vulnerability details
08.04.2015 - Vendor releases fixed version and details
23.07.2015 - Public disclosure
13.02.2015 PT-2015-12: Privilege Gaining in Siemens SIMATIC WinCC (TIA Portal)
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 13.02.2015
Vector: Remote
Systems affected: Siemens SIMATIC WinCC (TIA Portal) 13.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
13.02.2015 - Vendor releases fixed version and details
25.02.2015 - Public disclosure
13.02.2015 PT-2015-11: Information Disclosure in Siemens SIMATIC WinCC (TIA Portal)
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 13.02.2015
Vector: Remote
Systems affected: Siemens SIMATIC WinCC (TIA Portal) 13.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
13.02.2015 - Vendor releases fixed version and details
25.02.2015 - Public disclosure
13.02.2015 PT-2015-10: Privilege Gaining in Siemens SIMATIC STEP 7 (TIA Portal)
low
Severity: Low (2.6) (AV:L/AC:H/Au:N/C:P/I:P/A:N)
Fix date: 13.02.2015
Vector: Local
Systems affected: Siemens SIMATIC STEP 7 (TIA Portal) 13.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
13.02.2015 - Vendor releases fixed version and details
25.02.2015 - Public disclosure
13.02.2015 PT-2015-09: Information Disclosure in Siemens SIMATIC STEP 7 (TIA Portal)
low
Severity: Low (2.1) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 13.02.2015
Vector: Local
Systems affected: Siemens SIMATIC STEP 7 (TIA Portal) 13.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
13.02.2015 - Vendor releases fixed version and details
25.02.2015 - Public disclosure
12.02.2015 PT-2015-08: Bypass Anti-Bruteforce Mechanism in Inductive Automation Ignition
medium
Severity: Medium (4.6) (AV:N/AC:H/Au:S/C:P/I:P/A:P)
Fix date: 09.03.2015
Vector: Remote
Systems affected: Ignition 7.x
Vendor: Inductive Automation
Notification status: 12.02.2015 - Vendor gets vulnerability details
09.03.2015 - Vendor releases fixed version and details
11.03.2015 - Public disclosure
12.02.2015 PT-2015-07: Privilege Gaining in Inductive Automation Ignition
medium
Severity: Medium (5.5) (AV:A/AC:H/Au:S/C:P/I:C/A:P)
Fix date: 09.03.2015
Vector: Remote
Systems affected: Ignition 7.x
Vendor: Inductive Automation
Notification status: 12.02.2015 - Vendor gets vulnerability details
09.03.2015 - Vendor releases fixed version and details
11.03.2015 - Public disclosure
12.02.2015 PT-2015-06: Information Disclosure in Inductive Automation Ignition
medium
Severity: Medium (5.2) (AV:L/AC:L/Au:S/C:C/I:P/A:N)
Fix date: 09.03.2015
Vector: Local
Systems affected: Ignition 7.x
Vendor: Inductive Automation
Notification status: 12.02.2015 - Vendor gets vulnerability details
09.03.2015 - Vendor releases fixed version and details
11.03.2015 - Public disclosure
12.02.2015 PT-2015-05: Information Disclosure in Inductive Automation Ignition
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 09.03.2015
Vector: Remote
Systems affected: Ignition 7.x
Vendor: Inductive Automation
Notification status: 12.02.2015 - Vendor gets vulnerability details
09.03.2015 - Vendor releases fixed version and details
11.03.2015 - Public disclosure
12.02.2015 PT-2015-04: JNLP File Inclusion in Inductive Automation Ignition
high
Severity: High (7.3) (AV:N/AC:H/Au:N/C:C/I:C/A:P)
Fix date: 09.03.2015
Vector: Remote
Systems affected: Ignition 7.x
Vendor: Inductive Automation
Notification status: 12.02.2015 - Vendor gets vulnerability details
09.03.2015 - Vendor releases fixed version and details
11.03.2015 - Public disclosure
03.02.2015 PT-2015-03
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Yii Framework 1.x
Vendor: Yii Software LLC.
Notification status: 03.02.2015 - Vendor gets vulnerability details
12.03.2015 - Vulnerability details were sent to CERT
13.01.2015 PT-2015-02: Arbitrary File Reading in Arbor Peakflow SP
medium
Severity: Medium (6.8) (AV:N/AC:L/Au:S/C:C/I:N/A:N)
Fix date: 03.03.2015
Vector: Remote
Systems affected: Arbor Peakflow SP 7.x
Vendor: Arbor Networks
Notification status: 13.01.2015 - Vendor gets vulnerability details
03.03.2015 - Vendor releases fixed version and details
16.11.2015 - Public disclosure
12.01.2015 PT-2015-01: SQL Injection in Solar-Log WEB
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 13.01.2015
Vector: Remote
Systems affected: Solar-Log WEB
Vendor: Solare Datensysteme GmbH
Notification status: 12.01.2015 - Vendor gets vulnerability details
13.01.2015 - Vendor releases fixed version and details
13.02.2015 - Public disclosure
26.12.2014 PT-2014-93: Cross-Site Scripting in ShopOS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-92: Cross-Site Scripting in ShopOS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-91: Cross-Site Scripting in ShopOS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-90: Cross-Site Scripting in ShopOS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-89: Open Redirect in ShopOS
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-88: SQL Injection in ShopOS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-87: Local File Inclusion in ShopOS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-86: Local File Inclusion in ShopOS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-85: Local File Inclusion in ShopOS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-84: Local File Inclusion in ShopOS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-83: Local File Inclusion in ShopOS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-82: Multiple Local File Inclusion Vulnerabilities in ShopOS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-81: Two Local File Inclusion Vulnerabilities in ShopOS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-80: Cross-Site Scripting in ShopOS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-79: Cross-Site Scripting in ShopOS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: ShopOs 2.x
Vendor: ShopOs
Notification status: 26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-78: Cross-site scripting in Kasseler CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 25.12.2013
Vector: Remote
Systems affected: Kasseler CMS 1.x
Vendor: Kasseler CMS
Notification status: 11.12.2013 - Vendor gets vulnerability details
25.12.2013 - Vendor releases fixed version and details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-77: Local File Inclusion in Kasseler CMS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 25.12.2013
Vector: Remote
Systems affected: Kasseler CMS 1.x
Vendor: Kasseler CMS
Notification status: 11.12.2013 - Vendor gets vulnerability details
25.12.2013 - Vendor releases fixed version and details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-76: Cross-Site Scripting in Kasseler CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 25.12.2013
Vector: Remote
Systems affected: Kasseler CMS 1.x
Vendor: Kasseler CMS
Notification status: 11.12.2013 - Vendor gets vulnerability details
25.12.2013 - Vendor releases fixed version and details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-75: Cross-Site Scripting in Kasseler CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 25.12.2013
Vector: Remote
Systems affected: Kasseler CMS 1.x
Vendor: Kasseler CMS
Notification status: 11.12.2013 - Vendor gets vulnerability details
25.12.2013 - Vendor releases fixed version and details
29.12.2014 - Public disclosure
26.12.2014 PT-2014-74: Cross-Site Scripting in Jahia CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 30.04.2014
Vector: Remote
Systems affected: Jahia CMS 6.x
Vendor: Jahia Solutions Group SA
Notification status: 19.12.2013 - Vendor gets vulnerability details
30.04.2014 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-73: Two Cross-Site Scripting vulnerabilities in Jahia CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 30.04.2014
Vector: Remote
Systems affected: Jahia CMS 6.x
Vendor: Jahia Solutions Group SA
Notification status: 19.12.2013 - Vendor gets vulnerability details
30.04.2014 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-72: Two Cross-Site Scripting vulnerabilities in Jahia CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 30.04.2014
Vector: Remote
Systems affected: Jahia CMS 6.x
Vendor: Jahia Solutions Group SA
Notification status: 19.12.2013 - Vendor gets vulnerability details
30.04.2014 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-71: Cross-Site Scripting in Jahia CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 30.04.2014
Vector: Remote
Systems affected: Jahia CMS 6.x
Vendor: Jahia Solutions Group SA
Notification status: 19.12.2013 - Vendor gets vulnerability details
30.04.2014 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-70: Cross-Site Scripting in Jahia CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 30.04.2014
Vector: Remote
Systems affected: Jahia CMS 6.x
Vendor: Jahia Solutions Group SA
Notification status: 19.12.2013 - Vendor gets vulnerability details
30.04.2014 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-69: Cross-Site Scripting in Jahia CMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date: 30.04.2014
Vector: Remote
Systems affected: Jahia CMS 6.x
Vendor: Jahia Solutions Group SA
Notification status: 19.12.2013 - Vendor gets vulnerability details
30.04.2014 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-68: Multiple SQL Injection in InstantCMS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 28.12.2013
Vector: Remote
Systems affected: InstantCMS 1.x
Vendor: InstantSoft
Notification status: 26.12.2013 - Vendor gets vulnerability details
28.12.2013 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-67: Open Redirect in InstantCMS
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date: 28.12.2013
Vector: Remote
Systems affected: InstantCMS 1.x
Vendor: InstantSoft
Notification status: 26.12.2013 - Vendor gets vulnerability details
28.12.2013 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-66: Cross-Site Scripting in InstantCMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 28.12.2013
Vector: Remote
Systems affected: InstantCMS 1.x
Vendor: InstantSoft
Notification status: 26.12.2013 - Vendor gets vulnerability details
28.12.2013 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
26.12.2014 PT-2014-65: Multiple Cross-Site Scripting in InstantCMS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 28.12.2013
Vector: Remote
Systems affected: InstantCMS 1.x
Vendor: InstantSoft
Notification status: 26.12.2013 - Vendor gets vulnerability details
28.12.2013 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
02.12.2014 PT-2014-64: XML External Entity Injection in Yokogawa FAST/TOOLS
low
Severity: Low (3.2) (AV:L/AC:L/Au:S/C:P/I:N/A:P)
Fix date: 28.11.2014
Vector: Local
Systems affected: FAST/TOOLS
Vendor: Yokogawa Electric Corporation
Notification status: 20.11.2012 - Vendor gets vulnerability details
28.11.2014 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
01.12.2014 PT-2014-63
medium
Severity: Medium (4.3) (AV:L/AC:L/Au:S/C:P/I:P/A:P)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: NCR
Notification status: 01.12.2014 - Vendor gets vulnerability details
01.12.2014 PT-2014-62
medium
Severity: Medium (5.8) (AV:A/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected:
Vendor: NCR
Notification status: 01.12.2014 - Vendor gets vulnerability details
01.12.2014 PT-2014-61
medium
Severity: Medium (4.4) (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: NCR
Notification status: 01.12.2014 - Vendor gets vulnerability details
01.12.2014 PT-2014-60
medium
Severity: Medium (5.9) (AV:L/AC:M/Au:N/C:P/I:P/A:C)
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: NCR
Notification status: 01.12.2014 - Vendor gets vulnerability details
24.11.2014 PT-2014-59
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Remote
Systems affected: VipNet CSP
Vendor: VipNet CSP
Notification status: 24.11.2014 - Vendor gets vulnerability details
24.11.2014 PT-2014-58
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 24.11.2014
Vector: Remote
Systems affected: VipNet CSP
Vendor: VipNet CSP
Notification status: 24.11.2014 - Vendor gets vulnerability details
24.11.2014 - Vendor releases fixed version and details
26.09.2014 PT-2014-57: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-56: Server Side Request Forgery in Honeywell EPKS
high
Severity: High (8.0) (AV:N/AC:L/Au:S/С:C/I:P/A:P)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-55: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-54: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-53: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-52: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-51: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-50: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-49: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-48: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-47: Arbitrary memory write in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-46: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-45: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-44: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-43: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-42: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-41: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-40: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-39: Directory traversal in Honeywell EPKS
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-38: File inclusion in Honeywell EPKS
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-37: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-36: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-35: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-34: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell International Inc.
Honeywell Experion PKS R311
Vendor:
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-33: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-32: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-31: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-30: Heap-based buffer overflow in Honeywell EPKS
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
26.09.2014 PT-2014-29: Stack-based buffer overflow in Honeywell EPKS
high
Severity: High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date: 02.06.2014
Vector: Remote
Systems affected: Honeywell Experion PKS R311
Vendor: Honeywell International Inc.
Notification status: 06.03.2014 - Vendor gets vulnerability details
02.06.2014 - Vendor releases fixed version and details
18.11.2014 - Public disclosure
25.09.2014 PT-2014-28
medium
Severity: Medium (4.6) (AV:L/AC:L/Au:S/C:C/I:N/A:N)
Fix date: No fix available
Vector: Local
Systems affected: Cisco TelePresence Video Communication Server (VCS)
Vendor: Cisco
Notification status: 25.09.2014 - Vendor gets vulnerability details
25.09.2014 PT-2014-27
medium
Severity: Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: Cisco TelePresence Video Communication Server (VCS)
Vendor: Cisco
Notification status: 25.09.2014 - Vendor gets vulnerability details
25.09.2014 PT-2014-26: Authentication Bypass in Cisco TelePresence VCS, Cisco Expressway, and Cisco TelePresence Conductor
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 11.03.2015
Vector: Remote
Systems affected: Cisco TelePresence Video Communication Server (VCS)
Cisco Expressway Series
Cisco TelePresence Conductor
Vendor: Cisco
Notification status: 25.09.2014 - Vendor gets vulnerability details
11.03.2015 - Vendor releases fixed version and details
28.09.2016 - Public disclosure
22.09.2014 PT-2014-25: Stack-Based Buffer Overflow in HP iLO
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 17.03.2015
Vector: Remote
Systems affected: HP Integrated Lights-Out 4 (iLO 4) 1.x
HP Integrated Lights-Out 4 (iLO 4) 2.x
HP Integrated Lights-Out 2 (iLO 2) 2.x
HP Integrated Lights-Out CM (iLO CM) 1.x
Vendor: HP
Notification status: 22.09.2014 - Vendor gets vulnerability details
17.03.2015 - Vendor releases fixed version and details
17.11.2015 - Public disclosure
18.09.2014 PT-2014-24
medium
Severity: Medium (5.9) (AV:L/AC:M/Au:N/C:C/I:P/A:P)
Fix date: No fix available
Vector: Local
Systems affected: LG ezCDM 3200
Vendor: LG Electronics
Notification status: 18.09.2014 - Vendor is notified
18.09.2014 PT-2014-23
medium
Severity: Medium (5.4) (AV:L/AC:M/Au:N/C:C/I:P/A:N)
Fix date: No fix available
Vector: Local
Systems affected: Sankyo ICT3Q8
Vendor: Nidec Sankyo Corporation
Notification status: 18.09.2014 - Vendor is notified
28.08.2014 PT-2014-22
high
Severity: High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date: No fix available
Vector: Remote
Systems affected: Cisco Integrated Management Controller 1.x
Vendor: Cisco
Notification status: 28.08.2014 - Vendor gets vulnerability details
25.08.2014 PT-2014-21: Multiple SQL injection vulnerabilities in Wonderware Information Server
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 26.08.2014
Vector: Remote
Systems affected: Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor: Invensys Systems
Notification status: 01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
25.08.2014 PT-2014-20: XML External Entities Resolution vulnerability in Wonderware Information Server
medium
Severity: Medium (4.9) (AV:N/AC:M/Au:S/C:P/I:N/A:P)
Fix date: 26.08.2014
Vector: Remote
Systems affected: Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor: Invensys Systems
Notification status: 01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
25.08.2014 PT-2014-19: Multiple Cross-Site Scripting (XSS) vulnerabilities in Wonderware Information Server
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 26.08.2014
Vector: Remote
Systems affected: Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor: Invensys Systems
Notification status: 01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
25.08.2014 PT-2014-18: Weak encryption of account data in Wonderware Information Server
low
Severity: Low (2.1) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 26.08.2014
Vector: Local
Systems affected: Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor: Invensys Systems
Notification status: 01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
25.08.2014 PT-2014-17: Weak encryption of account data in Wonderware Information Server
high
Severity: High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date: 26.08.2014
Vector: Remote
Systems affected: Wonderware Information Server 4.x
Wonderware Information Server 5.x
Vendor: Invensys Systems
Notification status: 01.04.2014 - Vendor gets vulnerability details
26.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
29.07.2014 PT-2014-16: Privilege Gaining in Siemens SIMATIC WinCC
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 23.07.2014
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 16.04.2014 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
29.07.2014 PT-2014-15: Privilege Gaining in Siemens SIMATIC WinCC
medium
Severity: Medium (4.6) (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 23.07.2014
Vector: Local
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 19.03.2014 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
29.07.2014 PT-2014-14: Privilege Gaining in Siemens SIMATIC WinCC
medium
Severity: Medium (6.0) (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Fix date: 23.07.2014
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 08.01.2014 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
29.07.2014 PT-2014-13: Privilege Gaining in Siemens SIMATIC WinCC
medium
Severity: Medium (4.9) (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Fix date: 23.07.2014
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 23.12.2012 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
29.07.2014 PT-2014-12: Information Disclosure in Siemens SIMATIC WinCC
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 23.07.2014
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 23.12.2012 - Vendor gets vulnerability details
23.07.2014 - Vendor releases fixed version and details
29.07.2014 - Public disclosure
18.07.2014 PT-2014-11: Information Disclosure in nginx
low
Severity: Low (1.9) (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 05.08.2014
Vector: Local
Systems affected: nginx 1.7.x
Vendor: nginx
Notification status: 18.07.2014 - Vendor gets vulnerability details
05.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
14.07.2014 PT-2014-10: Proactive Filter Bypassing in Bitrix CMS
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date: 16.07.2014
Vector: Remote
Systems affected: Bitrix Site Manager 14.x
Vendor: Bitrix
Notification status: 14.07.2014 - Vendor gets vulnerability details
16.07.2014 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
15.05.2014 PT-2014-09: Sensitive Information Disclosure in SAP NetWeaver
low
Severity: Low (3.5) (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Fix date: 13.05.2014
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 21.03.2014 - Vendor gets vulnerability details
13.05.2014 - Vendor releases fixed version and details
27.08.2014 - Public disclosure
01.04.2014 PT-2014-08: Password Access in Solar-Log
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 14.04.2014
Vector: Remote
Systems affected: Solar-Log 200
Solar-Log 300
Solar-Log 500
Solar-Log 800e
Solar-Log 1000
Solar-Log 1200
Solar-Log 2000
Vendor: Solare Datensysteme GmbH
Notification status: 11.04.2014 - Vendor gets vulnerability details
14.04.2014 - Vendor releases fixed version and details
05.05.2014 - Public disclosure
01.04.2014 PT-2014-07: Sensitive Information Disclosure in Solar-Log
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 14.04.2014
Vector: Remote
Systems affected: Solar-Log 200
Solar-Log 500
Solar-Log 800e
Solar-Log 1000
Vendor: Solare Datensysteme GmbH
Notification status: 11.04.2014 - Vendor gets vulnerability details
14.04.2014 - Vendor releases fixed version and details
05.05.2014 - Public disclosure
01.04.2014 PT-2014-06: Arbitrary File Upload in Solar-Log
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 14.04.2014
Vector: Remote
Systems affected: Solar-Log 200
Solar-Log 300
Solar-Log 500
Solar-Log 800e
Solar-Log 1000
Solar-Log 1200
Solar-Log 2000
Vendor: Solare Datensysteme GmbH
Notification status: 11.04.2014 - Vendor gets vulnerability details
14.04.2014 - Vendor releases fixed version and details
05.05.2014 - Public disclosure
16.01.2014 PT-2014-05: Privilege Gaining in Nixu Namesurfer
high
Severity: High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date: 14.03.2014
Vector: Remote
Systems affected: NameSurfer
Vendor: Nixu Software
Notification status: 16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
16.01.2014 PT-2014-04: Single Sign-On Vulnerability in Nixu Namesurfer
high
Severity: High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date: 14.03.2014
Vector: Remote
Systems affected: NameSurfer
Vendor: Nixu Software
Notification status: 16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
16.01.2014 PT-2014-03: Arbitrary Files Reading in Nixu Namesurfer
low
Severity: Low (3.5) (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Fix date: 14.03.2014
Vector: Remote
Systems affected: NameSurfer
Vendor: Nixu Software
Notification status: 16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
16.01.2014 PT-2014-02: XML External Entities Resolution vulnerability in Nixu Namesurfer
medium
Severity: Medium (4.9) (AV:N/AC:M/Au:S/C:P/I:N/A:P)
Fix date: 14.03.2014
Vector: Remote
Systems affected: NameSurfer
Vendor: Nixu Software
Notification status: 16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
16.01.2014 PT-2014-01: Cross-Site Scripting in Nixu Namesurfer
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 14.03.2014
Vector: Remote
Systems affected: NameSurfer
Vendor: Nixu Software
Notification status: 16.01.2014 - Vendor gets vulnerability details
14.03.2014 - Vendor releases fixed version and details
27.03.2014 - Public disclosure
15.12.2013 PT-2013-91: Hard-Coded Access Credentials in Emerson DeltaV
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 22.05.2014
Vector: Remote
Systems affected: DeltaV 10.x
DeltaV 11.x
DeltaV 12.x
Vendor: Emerson Electric Co
Notification status: 03.10.2013 - Vendor gets vulnerability details
22.05.2014 - Vendor releases fixed version and details
28.05.2014 - Public disclosure
15.12.2013 PT-2013-90: Unauthorized Access in Emerson DeltaV
medium
Severity: Medium (4.6) (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 22.05.2014
Vector: Local
Systems affected: DeltaV 10.x
DeltaV 11.x
DeltaV 12.x
Vendor: Emerson Electric Co
Notification status: 03.10.2013 - Vendor gets vulnerability details
22.05.2014 - Vendor releases fixed version and details
28.05.2014 - Public disclosure
15.12.2013 PT-2013-89: XML External Entities Resolution vulnerability in KingSCADA
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: 27.03.2014
Vector: Remote
Systems affected: KingSCADA 3.x
Vendor: WellinTech
Notification status: 14.03.2013 - Vendor gets vulnerability details
27.03.2014 - Vendor releases fixed version and details
13.05.2014 - Public disclosure
15.12.2013 PT-2013-88: Denial of Service in Siemens SIMATIC S7-1200 CPU PLC
medium
Severity: Medium (6.1) (AV:A/AC:L/Au:N/C:N/I:N/A:C)
Fix date: 20.03.2014
Vector: Remote
Systems affected: Siemens SIMATIC S7-1200 3.x
Vendor: Siemens
Notification status: 15.04.2013 - Vendor gets vulnerability details
20.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
15.12.2013 PT-2013-87: Insuffient Entropy in Siemens SIMATIC S7-1200 CPU PLC
high
Severity: High (8.3) (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Fix date: 20.03.2014
Vector: Remote
Systems affected: Siemens SIMATIC S7-1200 3.x
Vendor: Siemens
Notification status: 05.08.2013 - Vendor gets vulnerability details
20.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
15.12.2013 PT-2013-86: Denial of Service in Siemens SIMATIC S7-1500 CPU PLC
medium
Severity: Medium (6.1) (AV:A/AC:L/Au:N/C:N/I:N/A:C)
Fix date: 12.03.2014
Vector: Remote
Systems affected: Siemens SIMATIC S7-1500 1.x
Vendor: Siemens
Notification status: 15.04.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
15.12.2013 PT-2013-85: Open Redirect in Siemens SIMATIC S7-1500 CPU PLC
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 12.03.2014
Vector: Remote
Systems affected: Siemens SIMATIC S7-1500 1.x
Vendor: Siemens
Notification status: 05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
15.12.2013 PT-2013-84: Insuffient Entropy in Siemens SIMATIC S7-1500 CPU PLC
high
Severity: High (8.3) (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Fix date: 12.03.2014
Vector: Remote
Systems affected: Siemens SIMATIC S7-1500 1.x
Vendor: Siemens
Notification status: 05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
15.12.2013 PT-2013-83: Arbitrary HTML Injection in Siemens SIMATIC S7-1500 CPU PLC
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Fix date: 12.03.2014
Vector: Remote
Systems affected: Siemens SIMATIC S7-1500 1.x
Vendor: Siemens
Notification status: 05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
15.12.2013 PT-2013-82: Cross-Site Scripting in Siemens SIMATIC S7-1500 CPU PLC
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 12.03.2014
Vector: Remote
Systems affected: Siemens SIMATIC S7-1500 1.x
Vendor: Siemens
Notification status: 05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
15.12.2013 PT-2013-81: Cross-Site Request Forgery in Siemens SIMATIC S7-1500 CPU PLC
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Fix date: 12.03.2014
Vector: Remote
Systems affected: Siemens SIMATIC S7-1500 1.x
Vendor: Siemens
Notification status: 05.08.2013 - Vendor gets vulnerability details
12.03.2014 - Vendor releases fixed version and details
25.03.2014 - Public disclosure
15.12.2013 PT-2013-80: Improper input validation in SIMATIC WinCC Open Architecture
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date: 03.02.2014
Vector: Remote
Systems affected: Siemens SIMATIC WinCC Open Architecture 3.x
Vendor: Siemens
Notification status: 01.12.2013 - Vendor gets vulnerability details
03.02.2014 - Vendor releases fixed version and details
14.02.2014 - Public disclosure
15.12.2013 PT-2013-79: Relative path traversal in SIMATIC WinCC Open Architecture
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 03.02.2014
Vector: Remote
Systems affected: Siemens SIMATIC WinCC Open Architecture 3.x
Vendor: Siemens
Notification status: 01.12.2013 - Vendor gets vulnerability details
03.02.2014 - Vendor releases fixed version and details
14.02.2014 - Public disclosure
15.12.2013 PT-2013-78: Buffer overflow in SIMATIC WinCC Open Architecture
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 03.02.2014
Vector: Remote
Systems affected: Siemens SIMATIC WinCC Open Architecture 3.x
Vendor: Siemens
Notification status: 01.12.2013 - Vendor gets vulnerability details
03.02.2014 - Vendor releases fixed version and details
14.02.2014 - Public disclosure
15.12.2013 PT-2013-77: Using a weak hashing algorithm in SIMATIC WinCC Open Architecture
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 03.02.2014
Vector: Remote
Systems affected: Siemens SIMATIC WinCC Open Architecture 3.x
Vendor: Siemens
Notification status: 29.05.2013 - Vendor gets vulnerability details
03.02.2014 - Vendor releases fixed version and details
14.02.2014 - Public disclosure
14.12.2013 PT-2013-76: Local File Inclusion in LiveStreet CMS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 13.12.2013
Vector: Remote
Systems affected: LiveStreet CMS 1.x
Vendor: LiveStreet CMS
Notification status: 11.12.2013 - Vendor gets vulnerability details
13.12.2013 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
14.12.2013 PT-2013-75: Cross-Site Scripting in Nuxeo Platform
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 12.12.2013
Vector: Remote
Systems affected: Nuxeo Platform
Vendor: Nuxeo
Notification status: 12.12.2013 - Vendor gets vulnerability details
12.12.2013 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
13.12.2013 PT-2013-74
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: OpenAM 11.x
Vendor: ForgeRock
Notification status: 13.12.2013 - Vendor gets vulnerability details
09.10.2013 PT-2013-73: XML External Entities Resolution vulnerability in Microsoft Office Word
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: 10.09.2013
Vector: Remote
Systems affected: Microsoft Office 2007
Microsoft Office 2003 Professional Edition
Microsoft Office Word 2007
Microsoft Word 2003
Microsoft Word Viewer 2003
Vendor: Microsoft
Notification status: 26.11.2012 - Vendor gets vulnerability details
10.09.2013 - Vendor releases fixed version and details 
09.10.2013 - Public disclosure
09.10.2013 PT-2013-72: XML External Entities Resolution vulnerability in Microsoft Office Excel
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: 10.09.2013
Vector: Remote
Systems affected: Microsoft Excel 2010
Microsoft Office Excel 2007
Microsoft Excel 2003
Microsoft Office Excel Viewer 2007
Vendor: Microsoft
Notification status: 26.11.2012 - Vendor gets vulnerability details
10.09.2013 - Vendor releases fixed version and details 
09.10.2013 - Public disclosure
02.10.2013 PT-2013-71
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Resin 4.x
Vendor: Caucho Technology
Notification status: 02.10.2013 - Vendor gets vulnerability details
29.10.2013 - Vulnerability details were sent to CERT
02.10.2013 PT-2013-70: Multiple Cross-Site Scripting (XSS) in Serv-U File Server
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 03.06.2014
Vector: Remote
Systems affected: Serv-U 15.x
Vendor: Serv-U
Notification status: 02.10.2013 - Vulnerability details were sent to CERT
03.06.2014 - Vendor releases fixed version and details
31.07.2014 - Public disclosure
02.10.2013 PT-2013-69: Denial of Service in Serv-U File Server
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date: 19.02.2014
Vector: Remote
Systems affected: Serv-U 15.x
Vendor: Serv-U
Notification status: 03.10.2013 - Vulnerability details were sent to CERT
19.02.2014 - Vendor releases fixed version and details
31.07.2014 - Public disclosure
02.10.2013 PT-2013-68: Sensitive Information Disclosure in Serv-U File Server
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Serv-U 15.x
Vendor: Serv-U
Notification status: 02.10.2013 - Vulnerability details were sent to CERT
31.07.2014 - Public disclosure
02.10.2013 PT-2013-67: Sensitive Information Disclosure in Serv-U File Server
high
Severity: High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date: 19.02.2014
Vector: Remote
Systems affected: Serv-U 15.x
Vendor: Serv-U
Notification status: 03.10.2013 - Vulnerability details were sent to CERT
19.02.2014 - Vendor releases fixed version and details
31.07.2014 - Public disclosure
02.10.2013 PT-2013-66: Cross-Site Request Forgery (CSRF) in Serv-U File Server
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: Serv-U 15.x
Vendor: Serv-U
Notification status: 02.10.2013 - Vulnerability details were sent to CERT
31.07.2014 - Public disclosure
25.09.2013 PT-2013-65: Sensitive Information Disclosure in Jetty
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 30.09.2013
Vector: Remote
Systems affected: Jetty 9.x
Vendor: Jetty
Notification status: 25.09.2013 - Vendor gets vulnerability details
30.09.2013 - Vendor releases fixed version and details
27.11.2013 - Public disclosure
04.09.2013 PT-2013-64: Access Control Bypassing in Bitrix CMS
medium
Severity: Medium (4.6) (AV:L/AC:L/Au:S/C:N/I:C/A:N)
Fix date: 06.09.2013
Vector: Local
Systems affected: Bitrix Site Manager 12.x
Vendor: Bitrix
Notification status: 04.09.2013 - Vendor gets vulnerability details
06.09.2013 - Vendor releases fixed version and details
15.07.2014 - Public disclosure
03.09.2013 PT-2013-63: Hash Length Extension in HTMLPurifier
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date: 30.11.2013
Vector: Remote
Systems affected: HTML Purifier 4.x
Vendor: HTMLPurifier
Notification status: 03.09.2013 - Vendor gets vulnerability details
30.11.2013 - Vendor releases fixed version and details 
04.12.2013 - Public disclosure
16.08.2013 PT-2013-62: Internal Network Resources Access in Web Viewer for Samsung DVR
high
Severity: High (7.6) (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Remote
Systems affected: Web Viewer for Samsung
Vendor: Samsung
Notification status: 10.04.2013 - Vendor is notified
30.05.2013 - Vulnerability details were sent to CERT
30.08.2013 - Public disclosure
16.08.2013 PT-2013-61: Disclosure of sensitive information in Web Viewer for Samsung DVR
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Web Viewer for Samsung
Vendor: Samsung
Notification status: 10.04.2013 - Vendor is notified
30.05.2013 - Vulnerability details were sent to CERT
30.08.2013 - Public disclosure
16.08.2013 PT-2013-59: XML External Entities Injection in Huawei M2000
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Huawei M2000
Vendor: Huawei
Notification status: 29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
06.02.2014 - Public disclosure
16.08.2013 PT-2013-58: Insufficient Session Security in Huawei M2000
medium
Severity: Medium (5.1) (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Huawei M2000
Vendor: Huawei
Notification status: 29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
06.02.2014 - Public disclosure
16.08.2013 PT-2013-57: Password Access in Huawei M2000
medium
Severity: Medium (5.1) (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Huawei M2000
Vendor: Huawei
Notification status: 29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
06.02.2014 - Public disclosure
16.08.2013 PT-2013-56: Path Traversal in Huawei SGSN USN9810
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Huawei SGSN USN9810
Vendor: Huawei
Notification status: 29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
16.08.2013 PT-2013-55: Access Restrictions Bypassing in Huawei SGSN USN9810
medium
Severity: Medium (5.4) (AV:N/AC:H/Au:N/C:C/I:N/A:N)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Huawei SGSN USN9810
Vendor: Huawei
Notification status: 29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
16.08.2013 PT-2013-54: Access Restrictions Bypassing in Huawei SGSN USN9810
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Huawei SGSN USN9810
Vendor: Huawei
Notification status: 29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
16.08.2013 PT-2013-53: Information Disclosure in Huawei SGSN USN9810
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Huawei SGSN USN9810
Vendor: Huawei
Notification status: 29.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
16.08.2013 PT-2013-52: XML External Entities Injection in Huawei SGSN USN9810
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Huawei SGSN USN9810
Vendor: Huawei
Notification status: 17.05.2013 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
05.02.2014 - Public disclosure
16.08.2013 PT-2013-51: Open Redirect Vulnerability in Siemens Simatic WinCC TIA Portal
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC TIA Portal 12.x
Vendor: Siemens
Notification status: 15.05.2012 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
19.08.2013 - Public disclosure
16.08.2013 PT-2013-50: Cross-Site Request Forgery (CSRF) in Siemens Simatic WinCC TIA Portal
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 31.07.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC TIA Portal 12.x
Vendor: Siemens
Notification status: 02.08.2012 - Vendor gets vulnerability details
31.07.2013 - Vendor releases fixed version and details
19.08.2013 - Public disclosure
16.08.2013 PT-2013-49: Null Byte Injection in Oracle Containers for J2EE
medium
Severity: Medium (5.0) (AV:N/AC:L/AU:N/C:P/I:N/A:N)
Fix date: 15.04.2014
Vector: Remote
Systems affected: Oracle Containers for J2EE 10.x
Vendor: Oracle
Notification status: 16.08.2013 - Vendor gets vulnerability details
15.04.2014 - Vendor releases fixed version and details
25.04.2014 - Public disclosure
16.08.2013 PT-2013-48: CRLF Injection in Oracle Containers for J2EE
medium
Severity: Medium (4.3) (AV:N/AC:M/AU:N/C:N/I:P/A:N)
Fix date: 15.04.2014
Vector: Remote
Systems affected: Oracle Containers for J2EE 10.x
Vendor: Oracle
Notification status: 16.08.2013 - Vendor gets vulnerability details
15.04.2014 - Vendor releases fixed version and details
25.04.2014 - Public disclosure
16.08.2013 PT-2013-47: Directory Traversal in Oracle Containers for J2EE
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 15.04.2014
Vector: Remote
Systems affected: Oracle Containers for J2EE 10.x
Vendor: Oracle
Notification status: 16.08.2013 - Vendor gets vulnerability details
15.04.2014 - Vendor releases fixed version and details
25.04.2014 - Public disclosure
19.07.2013 PT-2013-46: Local File Include in Nagios Looking Glass
high
Severity: High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Nagios Looking Glass 1.x
Vendor: Nagios
Notification status: 19.07.2013 - Vendor is notified
13.08.2013 - Vulnerability details were sent to CERT
28.10.2013 - Public disclosure
12.07.2013 PT-2013-45: Race condition in ISPManager
high
Severity: High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Fix date: 15.07.2013
Vector: Remote
Systems affected: ISPmanager 4.x
Vendor: ISPsystem
Notification status: 12.07.2013 - Vendor gets vulnerability details
15.07.2013 - Vendor releases fixed version
03.07.2013 PT-2013-44: Forced browsing in Siemens WinCC and SIMATIC PCS 7
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 14.06.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor: Siemens
Notification status: 13.01.2013 - Vendor gets vulnerability details
14.06.2013 - Vendor releases fixed version and details
03.07.2013 - Public disclosure
03.07.2013 PT-2013-43: Hard-coded credentials in Siemens WinCC and SIMATIC PCS 7
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 14.06.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor: Siemens
Notification status: 03.03.2013 - Vendor gets vulnerability details
14.06.2013 - Vendor releases fixed version and details
03.07.2013 - Public disclosure
03.07.2013 PT-2013-42: SQL Injection in Siemens WinCC and SIMATIC PCS 7
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 14.06.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor: Siemens
Notification status: 13.01.2013 - Vendor gets vulnerability details
14.06.2013 - Vendor releases fixed version and details
03.07.2013 - Public disclosure
20.06.2013 PT-2013-41: Arbitrary Code Execution in Ajax File and Image Manager
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Remote
Systems affected: Ajax File and Image manager 1.x
Vendor: PHPLETTER
Notification status: 20.06.2013 - Vendor gets vulnerability details
04.09.2013 - Vulnerability details were sent to CERT
17.09.2013 - Public disclosure
10.06.2013 PT-2013-40: Resource Exhaustion in Wonderware Information Server
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 23.04.2013
Vector: Remote
Systems affected: Wonderware Information Server 5.x
Wonderware Information Server 4.x
Vendor: Invensys Systems
Notification status: 16.12.2012 - Vendor gets vulnerability details
23.04.2013 - Vendor releases fixed version and details
10.06.2013 - Public disclosure
10.06.2013 PT-2013-39: Improper Input Validation in Wonderware Information Server
medium
Severity: Medium (6.3) (AV:L/AC:M/Au:N/C:C/I:N/A:C)
Fix date: 23.04.2013
Vector: Local
Systems affected: Wonderware Information Server 5.x
Wonderware Information Server 4.x
Vendor: Invensys Systems
Notification status: 16.12.2012 - Vendor gets vulnerability details
23.04.2013 - Vendor releases fixed version and details
10.06.2013 - Public disclosure
10.06.2013 PT-2013-38: Multiple SQL Injection vulnerabilities in Wonderware Information Server
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 23.04.2013
Vector: Remote
Systems affected: Wonderware Information Server 5.x
Wonderware Information Server 4.x
Vendor: Invensys Systems
Notification status: 16.12.2012 - Vendor gets vulnerabilities details
23.04.2013 - Vendor releases fixed version and details
10.06.2013 - Public disclosure
10.06.2013 PT-2013-37: Multiple Cross Site Scripting (XSS) in Wonderware Information Server
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 23.04.2013
Vector: Remote
Systems affected: Wonderware Information Server 5.x
Wonderware Information Server 4.x
Vendor: Invensys Systems
Notification status: 16.12.2012 - Vendor gets vulnerabilities details
23.04.2013 - Vendor releases fixed version and details
10.06.2013 - Public disclosure
21.03.2013 PT-2013-36: XML External Entity Injection in Wonderware Win-XML Exporter
medium
Severity: Medium (6.3) (AV:L/AC:M/Au:N/C:C/I:N/A:C)
Fix date: 21.03.2013
Vector: Remote
Systems affected: Invensys Wonderware Win-XML Exporter
Vendor: Invensys Systems
Notification status: 22.11.2012 - Vendor gets vulnerability details
21.03.2013 - Vendor releases fixed version and details
03.04.2013 - Public disclosure
21.03.2013 PT-2013-35: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC TIA Portal 11.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-34: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC TIA Portal 11.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-33: CRLF Injection in Siemens Simatic WinCC TIA Portal
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC TIA Portal 11.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-32: Directory Traversal in Siemens Simatic WinCC TIA Portal
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC TIA Portal 11.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-31: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC TIA Portal 11.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-30: Denial of Service in Siemens Simatic WinCC TIA Portal
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC TIA Portal 11.x
Vendor: Siemens
Notification status: 21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-29: Information Disclosure in Siemens Simatic WinCC and PCS 7
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor: Siemens
Notification status: 02.08.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-28: Buffer Overflow in Siemens Simatic WinCC and PCS 7
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor: Siemens
Notification status: 02.08.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-27: Directory Traversal in Siemens Simatic WinCC and PCS 7
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor: Siemens
Notification status: 11.07.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-26: Information Disclosure in Siemens Simatic WinCC and PCS 7
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor: Siemens
Notification status: 11.07.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
21.03.2013 PT-2013-25: Information Disclosure in Siemens Simatic WinCC and PCS 7
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Siemens SIMATIC PCS 7 8.x
Vendor: Siemens
Notification status: 11.07.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
20.03.2013 PT-2013-24: Concealing User Authority in SAP NetWeaver
medium
Severity: Medium (4.6) (AV:N/AC:H/AU:S/C:P/I:P/A:P)
Fix date: 10.06.2013
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 20.03.2013 - Vendor gets vulnerability details
10.06.2013 - Vendor releases fixed version and details
13.09.2013 - Public disclosure
20.03.2013 PT-2013-23: Sensitive Information Disclosure in SAP NetWeaver
medium
Severity: Medium (4.9) (AV:N/AC:M/Au:S/C:P/I:N/A:P)
Fix date: 12.11.2013
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 20.03.2013 - Vendor gets vulnerability details
12.11.2013 - Vendor releases fixed version and details 
27.11.2013 - Public disclosure
27.02.2013 PT-2013-22: XML External Entity Injection in Trustwave ModSecurity
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 29.03.2013
Vector: Remote
Systems affected: ModSecurity 2.x
Vendor: Trustwave
Notification status: 27.02.2013 - Vendor gets vulnerability details
29.03.2013 - Vendor releases fixed version and details
01.04.2013 - Public disclosure
26.02.2013 PT-2013-21: XML External Entities Injection in Oracle Database
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date: 15.10.2013
Vector: Remote
Systems affected: Oracle Database 11.x
Oracle Database 12.x
Vendor: Oracle
Notification status: 26.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
24.01.2013 PT-2013-19: XML External Entities Resolution vulnerability in HP ArcSight Connector
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: ArcSight Connectors 5.x
Vendor: HP
Notification status: 24.01.2013 - Vendor gets vulnerability details
23.01.2014 - Public disclosure
15.02.2013 PT-2013-18: Variables Overwriting in mnoGoSearch
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 05.03.2013
Vector: Remote
Systems affected: mnoGoSearch 3.x
Vendor: mnoGoSearch
Notification status: 15.02.2013 - Vendor gets vulnerability details
01.03.2013 - Vendor releases fixed version and details
05.03.2013 - Public disclosure
15.02.2013 PT-2013-17: Arbitrary Files Reading in mnoGoSearch
high
Severity: High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date: 05.03.2013
Vector: Remote
Systems affected: mnoGoSearch 3.x
Vendor: mnoGoSearch
Notification status: 15.02.2013 - Vendor gets vulnerability details
01.03.2013 - Vendor releases fixed version and details
05.03.2013 - Public disclosure
13.02.2013 PT-2013-16
low
Severity: Low (3.5) (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Outlook Web App 14.x
Vendor: Microsoft
Notification status: 13.02.2013 - Vendor gets vulnerability details
07.02.2013 PT-2013-15: XML External Entities Injection in vBulletin 5 Connect
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date: 11.02.2013
Vector: Remote
Systems affected: vBulletin 5 CONNECT
Vendor: Jelsoft Enterprises
Notification status: 07.02.2013 - Vendor gets vulnerability details
11.02.2013 - Vendor releases fixed version and details
23.10.2013 - Public disclosure
07.02.2013 PT-2013-14: XML External Entities Injection in PHP
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 14.03.2013
Vector: Remote
Systems affected: PHP 5.4.x
PHP 5.3.x
Vendor: PHP
Notification status: 07.02.2013 - Vendor gets vulnerability details
14.03.2013 - Vendor releases fixed version and details
19.03.2013 - Public disclosure
07.02.2013 PT-2013-13: XML External Entities Injection in SAP NetWeaver
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date: 12.03.2013
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 18.01.2013 - Vendor gets vulnerability details
12.03.2013 - Vendor releases fixed version and details
23.10.2013 - Public disclosure
07.02.2013 PT-2013-12: open_basedir bypass in PHP
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 14.03.2013
Vector: Remote
Systems affected: PHP 5.4.x
PHP 5.3.x
Vendor: PHP
Notification status: 07.02.2013 - Vendor gets vulnerability details
14.03.2013 - Vendor releases fixed version and details
19.03.2013 - Public disclosure
05.02.2013 PT-2013-11: XML External Entities Injection in Oracle Siebel CRM
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 15.10.2013
Vector: Remote
Systems affected: Oracle Siebel CRM 8.x
Vendor: Oracle
Notification status: 05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
05.02.2013 PT-2013-08: Remote OS Command Execution in Oracle Siebel CRM
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date: 15.10.2013
Vector: Remote
Systems affected: Oracle Siebel CRM 8.x
Vendor: Oracle
Notification status: 05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
05.02.2013 PT-2013-07: Path and Version Disclosure in Oracle Siebel CRM
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 15.10.2013
Vector: Remote
Systems affected: Oracle Siebel CRM 8.x
Vendor: Oracle
Notification status: 05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
05.02.2013 PT-2013-06: Current User Context Access in Oracle Siebel CRM
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date: 15.10.2013
Vector: Remote
Systems affected: Oracle Siebel CRM 8.x
Vendor: Oracle
Notification status: 05.02.2013 - Vendor gets vulnerability details
15.10.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
25.01.2013 PT-2013-04
high
Severity: High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Microsoft Internet Explorer 10.x
Vendor: Microsoft
Notification status: 25.01.2013 - Vendor gets vulnerability details
17.01.2013 PT-2013-03
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Remote
Systems affected: PunBB 1.x
Vendor: PunBB
Notification status: 17.01.2013 - Vendor gets vulnerability details
17.01.2013 PT-2013-02: Password Reset Token Prediction in FluxBB
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 22.02.2013
Vector: Remote
Systems affected: FluxBB 1.x
Vendor: FluxBB
Notification status: 17.01.2013 - Vendor gets vulnerability details
22.02.2013 - Vendor releases fixed version and details
07.03.2013 - Public disclosure
14.01.2013 PT-2013-01: XML External Entity Injection in GNOME
medium
Severity: Medium (6.6) (AV:L/AC:L/Au:N/C:C/I:N/A:C)
Fix date: 16.05.2013
Vector: Local
Systems affected: GNOME
Vendor: GNOME
Notification status: 14.01.2013 - Vendor gets vulnerability details
16.05.2013 - Vendor releases fixed version and details
20.06.2013 - Public disclosure
27.12.2012 PT-2012-61: XML External Entities Injection in SAP Sybase ASE
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 10.09.2013
Vector: Remote
Systems affected: Sybase Adaptive Server Enterprise 15.x
Vendor: SAP Software
Notification status: 27.12.2012 - Vulnerability details were sent to CERT
10.09.2013 - Vendor releases fixed version and details
24.10.2013 - Public disclosure
18.12.2012 PT-2012-60: Arbitrary File Reading in Dolphin Browser
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 07.03.2013
Vector: Remote
Systems affected: Dolphin Browser for Android 9.x
Vendor: Dolphin Browser for Android 9.x
Notification status: 18.12.2012 - Vendor is notified
18.12.2012 - Vendor gets vulnerability details
05.02.2013 - Vendor releases fixed version and details
07.03.2013 - Public disclosure
13.12.2012 PT-2012-59: XML External Entity Injection in Zend Framework
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date: 17.12.2012
Vector: Remote
Systems affected: Zend Framework 1.x
Vendor: Zend Technologies
Notification status: 13.12.2012 - Vendor is notified
13.12.2012 - Vendor gets vulnerability details
17.12.2012 - Vendor releases fixed version and details
05.02.2013 - Public disclosure
27.11.2012 PT-2012-58: Arbitrary Server Memory Chunks Reading in MongoDB
medium
Severity: Medium (4.4) (AV:L/AC:M/Au:S/C:C/I:N/A:N)
Fix date: 13.02.2013
Vector: Local
Systems affected: mongoDB 2.x
Vendor: mongoDB
Notification status: 27.11.2012 - Vendor gets vulnerability details
13.02.2013 - Vendor releases fixed version and details
10.07.2013 - Public disclosure
14.11.2012 PT-2012-57: Privilege Gaining in Bitrix CMS
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 10.09.2012
Vector: Remote
Systems affected: Bitrix Site Manager 11.x
Vendor: Bitrix
Notification status: 03.09.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
15.07.2014 - Public disclosure
11.11.2012 PT-2012-56
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: VMware ESXi 5.x
Vendor: VMWare
Notification status: 11.11.2012 - Vendor is notified
11.11.2012 - Vendor gets vulnerability details
30.10.2012 PT-2012-55: Remote code execution in Siemens Teamcenter
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 13.11.2012
Vector: Remote
Systems affected: Siemens Teamcenter 2007.x
Vendor: Siemens
Notification status: 09.10.2012 - Vendor is notified
09.10.2012 - Vendor gets vulnerability details
13.11.2012 - Vendor publishes fix information
04.02.2013 - Public disclosure
30.10.2012 PT-2012-54: Denial of Service in Siemens Teamcenter
high
Severity: High (7.8) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Fix date: 13.11.2012
Vector: Remote
Systems affected: Siemens Teamcenter 2007.x
Vendor: Siemens
Notification status: 09.10.2012 - Vendor is notified
09.10.2012 - Vendor gets vulnerability details
13.11.2012 - Vendor publishes fix information
04.02.2013 - Public disclosure
30.10.2012 PT-2012-53: Privilege Gaining in DataLife Engine
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 19.01.2013
Vector: Remote
Systems affected: DataLife Engine 9.x
Vendor: Softnews Media Group
Notification status: 30.10.2012 - Vendor is notified
30.10.2012 - Vendor gets vulnerability details
19.01.2013 - Vendor releases fixed version and details
04.02.2013 - Public disclosure
22.10.2012 PT-2012-52: Open Redirect in DokuWiki
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date: 06.03.2013
Vector: Remote
Systems affected: DokuWiki
Vendor: DokuWiki
Notification status: 22.10.2012 - Vendor gets vulnerability details
06.03.2013 - Vendor releases fixed version and details
19.03.2013 - Public disclosure
11.10.2012 PT-2012-50: Multiple vulnerabilities in Siemens SIMATIC S7-1200 Web interface
high
Severity: High (8.3) (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Fix date: 08.10.2012
Vector: Remote
Systems affected: Siemens SIMATIC S7-1200 2.x
Siemens SIMATIC S7-1200 3.x
Vendor: Siemens
Notification status: 08.08.2012 - Vendor is notified
08.08.2012 - Vendor gets vulnerability details
08.10.2012 - Vendor releases fixed version and details
11.10.2012 - Public disclosure
26.09.2012 PT-2012-49: Cross-Site Scripting in Oracle Siebel CRM
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 16.04.2013
Vector: Remote
Systems affected: Oracle Siebel CRM 8.x
Vendor: Oracle
Notification status: 26.09.2012 - Vendor gets vulnerability details
16.04.2013 - Vendor releases fixed version and details
25.10.2013 - Public disclosure
19.09.2012 PT-2012-48: Insecure storage of HTTPS CA certificate and private key in Siemens SIMATIC S7-1200
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 13.09.2012
Vector: Remote
Systems affected: Siemens SIMATIC S7-1200 2.x
Vendor: Siemens
Notification status: 29.08.2012 - Vendor is notified
29.08.2012 - Vendor gets vulnerability details
13.09.2012 - Vendor has issued temporary workarounds
26.09.2012 - Public disclosure
19.09.2012 PT-2012-47: Information disclosure in Google Chrome on Android
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 12.09.2012
Vector: Remote
Systems affected: Google Chrome for Android 18.x
Vendor: Google
Notification status: 20.07.2012 - Vendor is notified
20.07.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
21.09.2012 - Public disclosure
19.09.2012 PT-2012-46: Cross-application scripting in Google Chrome on Android
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 12.09.2012
Vector: Remote
Systems affected: Google Chrome for Android 18.x
Vendor: Google
Notification status: 20.07.2012 - Vendor is notified
20.07.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
21.09.2012 - Public disclosure
13.09.2012 PT-2012-45: Username and password disclosure in ActiveX control in Siemens Simatic WinCC WebNavigator
high
Severity: High (8.3) (AV:N/AC:M/Au:N/C:C/I:P/A:P)
Fix date: 10.09.2012
Vector: Remote
Systems affected: Siemens Simatic WinCC WebNavigator 7.x
Vendor: Siemens
Notification status: 16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
13.09.2012 PT-2012-44: SQL Injection in SOAP Web interfaces in Siemens Simatic WinCC WebNavigator
high
Severity: High (9.0) (AV:N/AC:L/Au:N/C:P/I:P/A:C)
Fix date: 10.09.2012
Vector: Remote
Systems affected: Siemens Simatic WinCC WebNavigator 7.x
Vendor: Siemens
Notification status: 16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
13.09.2012 PT-2012-43: Arbitrary Files Reading in Siemens Simatic WinCC WebNavigator
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 10.09.2012
Vector: Remote
Systems affected: Siemens Simatic WinCC WebNavigator 7.x
Vendor: Siemens
Notification status: 16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
13.09.2012 PT-2012-42: Multiple Cross Site Scripting and Cross Site Request Forgery vulnerabilities in Siemens Simatic WinCC WebNavigator
high
Severity: High (8.3) (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Fix date: 10.09.2012
Vector: Remote
Systems affected: Siemens Simatic WinCC WebNavigator 7.x
Vendor: Siemens
Notification status: 16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
10.09.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
10.09.2012 PT-2012-41: Columns Overwriting and Adding in MongoDB
medium
Severity: Medium (5.5) (AV:L/AC:M/Au:S/C:C/I:P/A:P)
Fix date: 13.02.2013
Vector: Local
Systems affected: mongoDB 2.x
Vendor: mongoDB
Notification status: 10.09.2012 - Vendor gets vulnerability details
13.02.2013 - Vendor releases fixed version and details
10.07.2013 - Public disclosure
10.09.2012 PT-2012-40: Remote Code Execution in MongoDB
high
Severity: High (8.3) (AV:AN/AC:L/AU:N/C:C/I:C/A:C)
Fix date: 13.02.2013
Vector: Remote
Systems affected: mongoDB 2.x
Vendor: mongoDB
Notification status: 10.09.2012 - Vendor gets vulnerability details
13.02.2013 - Vendor releases fixed version and details
10.07.2013 - Public disclosure
06.09.2012 PT-2012-38: SQL Injection in ERP Oracle EBS
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date: 15.01.2013
Vector: Remote
Systems affected: Oracle E-Business Suite 12.x
Vendor: Oracle
Notification status: 06.09.2012 - Vendor gets vulnerability details
15.01.2013 - Vendor releases fixed version and details 
23.08.2013 - Public disclosure
06.09.2012 PT-2012-37: SQL Injection in ERP Oracle EBS
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date: 15.01.2013
Vector: Remote
Systems affected: Oracle E-Business Suite 12.x
Vendor: Oracle
Notification status: 06.09.2012 - Vendor gets vulnerability details
15.01.2013 - Vendor releases fixed version and details 
23.08.2013 - Public disclosure
06.09.2012 PT-2012-36: HTTP Response Splitting in ERP Oracle EBS
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 15.01.2013
Vector: Remote
Systems affected: Oracle E-Business Suite 12.x
Vendor: Oracle
Notification status: 06.09.2012 - Vendor gets vulnerability details
15.01.2013 - Vendor releases fixed version and details 
23.08.2013 - Public disclosure
28.08.2012 PT-2012-35
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: PHP 5.4.x
PHP 5.3.x
Vendor: PHP
Notification status: 28.08.2012 - Vendor is notified
28.08.2012 - Vendor gets vulnerability details
28.08.2012 PT-2012-34: Multiple Vulnerabilities in Random Numbers Generation in OpenCart
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 29.11.2012
Vector: Remote
Systems affected: OpenCart 1.x
Vendor: OpenCart Limited
Notification status: 28.08.2012 - Vulnerability details were sent to CERT
29.11.2012 - Vendor releases fixed version and details
08.02.2013 - Public disclosure
27.08.2012 PT-2012-33: Multiple vulnerabilities in Sanuel Family
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Remote
Systems affected: Sanuel Family 11.х
Vendor: Sanuel Co.
Notification status: 27.08.2012 - Vendor is notified
27.08.2012 - Vendor gets vulnerability details
26.09.2012 - Vulnerability details were sent to CERT
03.10.2012 - Public disclosure
27.08.2012 PT-2012-32: User data disclosure in Sanuel Family
high
Severity: High (8.5) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Sanuel Family 11.х
Vendor: Sanuel Co.
Notification status: 27.08.2012 - Vendor is notified
27.08.2012 - Vendor gets vulnerability details
26.09.2012 - Vulnerability details were sent to CERT
03.10.2012 - Public disclosure
24.08.2012 PT-2012-31
medium
Severity: Medium ()
Fix date: No fix available
Vector: Local
Systems affected: PHP 5.4.x
Vendor: PHP
Notification status: 24.08.2012 - Vendor is notified
24.08.2012 - Vendor gets vulnerability details
23.08.2012 PT-2012-30: Administrator Privilege Gaining in OpenCart
high
Severity: High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Fix date: 23.08.2012
Vector: Remote
Systems affected: OpenCart 1.x
Vendor: OpenCart Limited
Notification status: 23.08.2012 - Vendor is notified
23.08.2012 - Vendor gets vulnerability details
23.08.2012 - Vendor releases fixed version and details
11.09.2012 - Public disclosure
23.08.2012 PT-2012-29: Administrator Privilege Gaining in Simple Machines Forum
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 01.02.2013
Vector: Remote
Systems affected: Simple Machines Forum 2.x
Vendor: Simple Machines
Notification status: 23.08.2012 - Vendor is notified
23.08.2012 - Vendor gets vulnerability details
01.02.2013 - Vendor releases fixed version and details
15.02.2013 - Public disclosure
17.08.2012 PT-2012-28: Administrator Privilege Gaining in DataLife Engine
high
Severity: High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date: 12.09.2012
Vector: Remote
Systems affected: DataLife Engine 9.x
Vendor: Softnews Media Group
Notification status: 17.08.2012 - Vendor is notified
17.08.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
04.02.2013 - Public disclosure
16.08.2012 PT-2012-27: Privilege Gaining in UMI.CMS
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 20.11.2012
Vector: Remote
Systems affected: UMI.CMS 2.x
Vendor: Umisoft
Notification status: 16.08.2012 - Vendor is notified
17.08.2012 - Vendor gets vulnerability details
20.11.2012 - Vendor releases fixed version and details
11.02.2013 - Public disclosure
14.08.2012 PT-2012-26: Remote JS Code Execution in qutIM
medium
Severity: Medium (5.4) (AV:A/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 23.09.2013
Vector: Remote
Systems affected: qutIM 0.x
Vendor: qutIM
Notification status: 14.08.2012 - Vendor is notified
14.08.2012 - Vendor gets vulnerability details
23.09.2013 - Vendor releases fixed version and details 
08.10.2013 - Public disclosure
16.07.2012 PT-2012-24: Directory traversal in SAP NetWeaver
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 14.05.2013
Vector: Remote
Systems affected: SAP NetWeaver 7.x
Vendor: SAP
Notification status: 16.07.2012 - Vendor is notified
16.07.2012 - Vendor gets vulnerability details
14.05.2013 - Vendor releases fixed version and details
13.09.2013 - Public disclosure
11.07.2012 PT-2012-23: SQL Injection in Dr.Web Anti-virus
low
Severity: Low (2.1) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 13.07.2012
Vector: Local
Systems affected: Dr.Web Antivirus
Vendor: Dr.Web
Notification status: 11.07.2012 - Vendor is notified
11.07.2012 - Vendor gets vulnerability details
13.07.2012 - Vendor releases fixed version and details
17.07.2012 - Public disclosure
10.07.2012 PT-2012-22: Format String Vulnerability in SQLite
medium
Severity: Medium (5.5) (AV:L/AC:M/Au:S/C:C/I:P/A:P)
Fix date: No fix available
Vector: Local
Systems affected: SQLite 3.x
Vendor: SQLite
Notification status: 10.07.2012 - Vendor is notified
06.09.2012 - Public disclosure
06.07.2012 PT-2012-21: Denial of Service in NetIQ eDirectory
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Fix date: 18.12.2012
Vector: Remote
Systems affected: eDirectory
Vendor: NetIQ
Notification status: 06.07.2012 - Vendor is notified
06.07.2012 - Vendor gets vulnerability details
18.12.2012 - Vendor releases fixed version and details
01.02.2013 - Public disclosure
06.07.2012 PT-2012-20: Authorization Mechanism Bypassing in NetIQ eDirectory
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date: 18.12.2012
Vector: Remote
Systems affected: eDirectory
Vendor: NetIQ
Notification status: 06.07.2012 - Vendor is notified
06.07.2012 - Vendor gets vulnerability details
18.12.2012 - Vendor releases fixed version and details
01.02.2013 - Public disclosure
06.07.2012 PT-2012-19: Cross-Site Scripting in NetIQ eDirectory
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 18.12.2012
Vector: Remote
Systems affected: eDirectory
Vendor: NetIQ
Notification status: 06.07.2012 - Vendor is notified
06.07.2012 - Vendor gets vulnerability details
18.12.2012 - Vendor releases fixed version and details
01.02.2012 - Public disclosure
04.07.2012 PT-2012-18
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: Microsoft Windows Media Player 12.x
Vendor: Microsoft
Notification status: 04.07.2012 - Vendor is notified
04.07.2012 - Vendor gets vulnerability details
29.06.2012 PT-2012-17: Multiple vulnerabilities in ERP Oracle EBS
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Fix date: 15.10.2012
Vector: Remote
Systems affected: Oracle E-Business Suite 12.x
Vendor: Oracle
Notification status: 29.06.2012 - Vendor is notified
29.06.2012 - Vendor gets vulnerability details
15.10.2012 - Vendor releases fixed version and details
15.11.2012 - Public disclosure
25.06.2012 PT-2012-16: Buffer Overflow in Pillow library
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date: 15.03.2013
Vector: Remote
Systems affected: Pillow 1.x
Vendor: Python Software Foundation
Notification status: 25.06.2012 - Vendor gets vulnerability details
18.07.2012 - Vulnerability details were sent to CERT
15.03.2013 - Vendor releases fixed version and details 
10.10.2013 - Public disclosure
25.06.2012 PT-2012-15: Multiple vulnerabilities in IBM InfoSphere Guardium
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 15.08.2012
Vector: Remote
Systems affected: InfoSphere Guardium 8.x
Vendor: IBM
Notification status: 25.06.2012 - Vendor is notified
25.06.2012 - Vendor gets vulnerability details
15.08.2012 - Vendor releases fixed version and details
30.08.2012 - Public disclosure
22.06.2012 PT-2012-14: Security Restrictions Bypass in PHP
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Fix date: 19.07.2012
Vector: Remote
Systems affected: PHP 5.4.x
PHP 5.3.x
Vendor: PHP
Notification status: 22.06.2012 - Vendor is notified
22.06.2012 - Vendor gets vulnerability details
19.07.2012 - Vendor releases fixed version and details
04.02.2013 - Public disclosure
22.06.2012 PT-2012-13: Cross-Site Scripting in PHP
low
Severity: Low (1.7) (AV:L/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 14.09.2012
Vector: Local
Systems affected: PHP 5.4.x
Vendor: PHP
Notification status: 22.06.2012 - Vendor is notified
22.06.2012 - Vendor gets vulnerability details
14.09.2012 - Vendor releases fixed version and details
04.02.2013 - Public disclosure
20.06.2012 PT-2012-12: Multiple Cross-Site Scripting in WinCC (SCADA)
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 05.06.2012
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
20.06.2012 PT-2012-11: Multiple Cross-Site Scripting in WinCC (SCADA)
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 05.06.2012
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
20.06.2012 PT-2012-10: Buffer overflow in the DiagAgent web server in WinCC (SCADA)
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date: 05.06.2012
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
20.06.2012 PT-2012-09: Multiple File Path Traversal in WinCC (SCADA)
medium
Severity: Medium (6.8) (AV:N/AC:L/Au:S/C:C/I:N/A:N)
Fix date: 05.06.2012
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
20.06.2012 PT-2012-08: XPath Injection in WinCC (SCADA)
medium
Severity: Medium (5.5) (AV:N/AC:L/Au:S/C:P/I:P/A:N)
Fix date: 05.06.2012
Vector: Remote
Systems affected: Siemens SIMATIC WinCC 7.x
Vendor: Siemens
Notification status: 23.05.2012 - Vendor is notified
23.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
20.06.2012 - Public disclosure
15.05.2012 PT-2012-06: Security restrictions bypass in nginx for Windows
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 05.06.2012
Vector: Remote
Systems affected: nginx 1.2.0
nginx 1.3.0
Vendor: nginx
Notification status: 15.05.2012 - Vendor is notified
15.05.2012 - Vendor gets vulnerability details
05.06.2012 - Vendor releases fixed version and details
07.06.2012 - Public disclosure
23.03.2012 PT-2012-05: Multiple Vulnerabilities in Quercus
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 13.07.2012
Vector: Remote
Systems affected: Quercus on Resin 4.x
Vendor: Quercus on Resin 4.x
Notification status: 23.03.2012 - Vendor is notified
23.03.2012 - Vendor gets vulnerability details
19.04.2012 - Vulnerability details were sent to CERT
13.07.2012 - Vendor releases fixed version and details
31.08.2012 - Public disclosure
13.01.2012 PT-2012-04: SQL Injection Vulnerability in Cisco Identity Services Engine Web Interface
medium
Severity: Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Fix date: 12.04.2012
Vector: Remote
Systems affected: Cisco Identity Services Engine 1.0.4.x
Vendor: Cisco
Notification status: 13.01.2012 - Vendor is notified 
13.01.2012 - Vendor gets vulnerability details
12.04.2012 - Vendor releases fixed version and details
20.09.2013 - Public disclosure
13.01.2012 PT-2012-03: XSS Vulnerability in Cisco Identity Services Engine Web Interface
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 12.04.2012
Vector: Remote
Systems affected: Cisco Identity Services Engine 1.0.4.x
Vendor: Cisco
Notification status: 13.01.2012 - Vendor is notified 
13.01.2012 - Vendor gets vulnerability details
12.04.2012 - Vendor releases fixed version and details
20.09.2013 - Public disclosure
13.01.2012 PT-2012-02: Multiple CSRF Vulnerabilities in Cisco Identity Services Engine Web Interface
high
Severity: High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date: 12.04.2012
Vector: Remote
Systems affected: Cisco Identity Services Engine 1.0.4.x
Vendor: Cisco
Notification status: 13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details
12.04.2012 - Vendor releases fixed version and details
20.09.2013 - Public disclosure
13.01.2012 PT-2012-01: Abuse of Functionality in Cisco Identity Services Engine Web Interface
high
Severity: High (9.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 12.04.2012
Vector: Remote
Systems affected: Cisco Identity Services Engine 1.0.4.x
Vendor: Cisco
Notification status: 13.01.2012 - Vendor is notified
13.01.2012 - Vendor gets vulnerability details
12.04.2012 - Vendor releases fixed version and details
20.09.2013 - Public disclosure
06.12.2011 PT-2011-48: Multiple Vulnerabilities in AtMail
high
Severity: High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date: 26.03.2012
Vector: Remote
Systems affected: AtMail
Vendor: AtMail
Notification status: 06.12.2011 - Vendor is notified
06.02.2012 - Vulnerability details were sent to CERT
26.03.2012 - Vendor releases fixed version and details
26.03.2012 - Public disclosure
02.12.2011 PT-2011-47: Denial of Service in SAP
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date: 08.05.2012
Vector: Remote
Systems affected: SAP
Vendor: SAP
Notification status: 02.12.2011 - Vendor is notified
02.12.2011 - Vendor gets vulnerability details
08.05.2012 - Vendor releases fixed version and details
08.08.2012 - Public disclosure
02.12.2011 PT-2011-46: Information disclosure in SAP
medium
Severity: Medium (5.0) (AV:N/AC:L/AU:N/C:P/I:N/A:N)
Fix date: 03.08.2012
Vector: Remote
Systems affected: SAP
Vendor: SAP
Notification status: 02.12.2011 - Vendor is notified
02.12.2011 - Vendor gets vulnerability details
03.08.2012 - Vendor releases fixed version and details
23.08.2012 - Public disclosure
02.12.2011 PT-2011-45: Denial of Service in SAP
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date: 08.05.2012
Vector: Remote
Systems affected: SAP
Vendor: SAP
Notification status: 02.12.2011 - Vendor is notified
02.12.2011 - Vendor gets vulnerability details
08.05.2012 - Vendor releases fixed version and details
08.08.2012 - Public disclosure
02.12.2011 PT-2011-44: Denial of Service in SAP
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Fix date: 08.05.2012
Vector: Remote
Systems affected: SAP
Vendor: SAP
Notification status: 02.12.2011 - Vendor is notified
02.12.2011 - Vendor gets vulnerability details
08.05.2012 - Vendor releases fixed version and details
08.08.2012 - Public disclosure
25.11.2011 PT-2011-43: Database information disclosure in Kayako Fusion
medium
Severity: Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: 25.11.2011
Vector: Remote
Systems affected: Kayako Fusion
Vendor: Kayako
Notification status: 25.11.2011 - Vendor is notified
25.11.2011 - Vendor gets vulnerability details
25.11.2011 - Vendor releases fixed version and details
02.12.2011 - Public disclosure
11.11.2011 PT-2011-41: Stored XSS vulnerability in Citrix License Administration Console
medium
Severity: Medium (4.9) (AV:N/AC:H/Au:S/C:C/I:N/A:N)
Fix date: 13.03.2012
Vector: Remote
Systems affected: Citrix License Administration Console 11.9
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
11.11.2011 PT-2011-40: Multiple CSRF vulnerabilities in Citrix License Administration Console
high
Severity: High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date: 13.03.2012
Vector: Remote
Systems affected: Citrix License Administration Console 11.9
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
11.11.2011 PT-2011-39: Denial of Service in Citrix XenServer Workload Balancer
high
Severity: High (7.8) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Fix date: 13.03.2012
Vector: Remote
Systems affected: Citrix XenServer-6.0.0 WLB
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
11.11.2011 PT-2011-38: URL redirector abuse in Citrix XenServer Virtual Switch Controller
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 13.03.2012
Vector: Remote
Systems affected: Citrix XenServer Virtual Switch Controller 6.0.x
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
11.11.2011 PT-2011-37: HTTP Response Splitting in Citrix XenServer Virtual Switch Controller
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 13.03.2012
Vector: Remote
Systems affected: Citrix XenServer Virtual Switch Controller 6.0.x
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
11.11.2011 PT-2011-36: Insufficient authorization in Citrix XenServer Virtual Switch Controller
high
Severity: High (9.0) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Fix date: 13.03.2012
Vector: Local
Systems affected: Citrix XenServer Virtual Switch Controller 6.0.x
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
11.11.2011 PT-2011-35: Multiple CSRF vulnerabilities in Citrix XenServer Virtual Switch Controller
high
Severity: High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date: 13.03.2012
Vector: Remote
Systems affected: Citrix XenServer Virtual Switch Controller 6.0.x
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
13.03.2012 - Vendor releases fixed version and details
27.03.2012 - Public disclosure
11.11.2011 PT-2011-34: HTTP Response Splitting in Citrix XenServer Web Self Service
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 10.03.2012
Vector: Remote
Systems affected: Citrix XenServer 6.0 Web Self Service 1.1
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
11.11.2011 PT-2011-33: URL redirector abuse in Citrix XenServer Web Self Service
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Fix date: 10.03.2012
Vector: Remote
Systems affected: Citrix XenServer 6.0 Web Self Service 1.1
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
11.11.2011 PT-2011-32: Cross-site scripting in Citrix XenServer Web Self Service
medium
Severity: Medium (4.9) (AV:N/AC:H/Au:S/C:C/I:N/A:N)
Fix date: 10.03.2012
Vector: Remote
Systems affected: Citrix XenServer 6.0 Web Self Service 1.1
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
11.11.2011 PT-2011-31: Multiple Cross-Site Request Forgery vulnerabilities in Citrix XenServer Web Self Service
high
Severity: High (7.1) (AV:N/AC:M/Au:N/C:N/I:C/A:N)
Fix date: 10.04.2012
Vector: Remote
Systems affected: Citrix XenServer 6.0 Web Self Service 1.1
Vendor: Citrix
Notification status: 10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
09.09.2011 PT-2011-30: Disclosure of sensitive information in D-Link DIR-300 Router
medium
Severity: Medium (6.8) (AV:N/AC:L/Au:S/C:C/I:N/A:N)
Fix date: 19.09.2011
Vector: Remote
Systems affected: D-Link DIR-300
Vendor: D-Link
Notification status: 09.09.2011 - Vendor is notified
09.09.2011 - Vendor gets vulnerability details
19.09.2011 - Vendor releases fixed version and details
20.10.2011 - Public disclosure
09.09.2011 PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300
high
Severity: High (10.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 19.09.2011
Vector: Remote
Systems affected: D-Link DIR-300
Vendor: D-Link
Notification status: 09.09.2011 - Vendor is notified
09.09.2011 - Vendor gets vulnerability details
19.09.2011 - Vendor releases fixed version and details
20.10.2011 - Public disclosure
28.07.2011 PT-2011-27: Multiple Vulnerabilities in Cisco ACS Web Interface
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 13.02.2012
Vector: Remote
Systems affected: Cisco Secure ACS 5.x
Vendor: Cisco
Notification status: 28.07.2011 - Vendor is notified
28.07.2011 - Vendor gets vulnerability details
13.02.2012 - Vendor releases fixed version and details 
20.02.2012 - Public disclosure
19.07.2011 PT-2011-26: Multiple Cross-Site Request Forgery and "Stored XSS" Vulnerabilities in Cisco ACS
medium
Severity: Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Fix date: 13.02.2012
Vector: Remote
Systems affected: Cisco Secure ACS 5.x
Vendor: Cisco
Notification status: 19.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
13.02.2012 - Vendor releases fixed version and details
20.02.2012 - Public disclosure
13.07.2011 PT-2011-25: SQL injection vulnerabilities in Support Incident Tracker
medium
Severity: Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: 17.07.2011
Vector: Remote
Systems affected: Support Incident Tracker 3.x
Vendor: Support Incident Tracker
Notification status: 13.07.2011 - Vendor is notified
13.07.2011 - Vendor gets vulnerability details
17.07.2011 - Vendor releases fixed version and details
22.07.2011 - Public disclosure
12.07.2011 PT-2011-24: Security Restrictions Bypassing in Arbor Peakflow X
medium
Severity: Medium (6.8) (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Fix date: 02.03.2012
Vector: Remote
Systems affected: Arbor Peakflow X
Vendor: Arbor Networks
Notification status: 12.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
02.03.2012 - Vendor releases fixed version and details
31.10.2013 - Public disclosure
11.07.2011 PT-2011-23: Database information disclosure in GLPI
medium
Severity: Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: 21.07.2011
Vector: Remote
Systems affected: GLPI 0.x
Vendor: GLPI
Notification status: 11.07.2011 - Vendor is notified
20.07.2011 - Vendor gets vulnerability details
21.07.2011 - Vendor releases fixed version and details
03.08.2011 - Public disclosure
28.06.2011 PT-2011-22: Buffer overflow in Adobe Flash Player
high
Severity: High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: 09.08.2011
Vector: Remote
Systems affected: Adobe Flash Player 10.x
Vendor: Adobe Systems
Notification status: 28.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
09.08.2011 - Vendor releases fixed version and details
28.03.2012 - Public disclosure
08.07.2011 PT-2011-21: SQL injection vulnerability in OneOrZero AIMS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: OneOrZero AIMS 2.x
Vendor: OneOrZero
Notification status: 08.07.2011 - Vendor is notified
23.08.2011 - Vulnerability details were sent to CERT
19.10.2011 - Public disclosure
08.07.2011 PT-2011-20: Authorization bypass vulnerability in OneOrZero AIMS
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: OneOrZero AIMS 2.x
Vendor: OneOrZero
Notification status: 08.07.2011 - Vendor is notified
23.08.2011 - Vulnerability details were sent to CERT
19.10.2011 - Public disclosure
07.07.2011 PT-2011-19: SQL injection vulnerability in Help Request System
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: 16.07.2011
Vector: Remote
Systems affected: Help Request System 1.x
Vendor: Help Request System
Notification status: 07.07.2011 - Vendor is notified
15.07.2011 - Vendor gets vulnerability details
16.07.2011 - Vendor releases fixed version and details
24.08.2011 - Public disclosure
01.07.2011 PT-2011-18: Cross-Site Scripting in Arbor Peakflow X
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 02.03.2012
Vector: Remote
Systems affected: Arbor Peakflow X
Vendor: Arbor Networks
Notification status: 01.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
02.03.2012 - Vendor releases fixed version and details
31.10.2013 - Public disclosure
29.06.2011 PT-2011-16: Denial Of Service in Mozilla Firefox
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Fix date: 21.11.2012
Vector: Remote
Systems affected: Mozilla Firefox 3.6.x
Mozilla Firefox 4.0.x
Mozilla Firefox 16.x
Vendor: Mozilla
Notification status: 29.06.2011 - Vendor is notified
15.07.2011 - Vendor gets vulnerability details
14.09.2011 - Vulnerability details were sent to CERT
18.10.2011 - Public disclosure
29.06.2011 PT-2011-14: SQL injection vulnerability in BoonEx Dolphin
high
Severity: High (7.5) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: Dolphin 6.x
Vendor: BoonEx
Notification status: 29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT
14.09.2011 - Public disclosure
24.06.2011 PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0
medium
Severity: Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: 29.03.2012
Vector: Remote
Systems affected: ManageEngine ServiceDesk Plus 8.x
Vendor: ManageEngine ServiceDesk Plus 8.x
Notification status: 24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.03.2012 - Vendor releases fixed version and details
23.04.2012 - Public disclosure
24.06.2011 PT-2011-12: Information Disclosure in ManageEngine ServiceDesk Plus 8.0
medium
Severity: Medium (6.3) (AV:N/AC:M/Au:S/C:C/I:N/A:N)
Fix date: 29.11.2011
Vector: Remote
Systems affected: ManageEngine ServiceDesk Plus 8.x
Vendor: ManageEngine ServiceDesk Plus 8.x
Notification status: 24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.11.2011 - Vendor releases fixed version and details
27.01.2012 - Public disclosure
24.06.2011 PT-2011-11: Arbitary Files Reading in ManageEngine ServiceDesk Plus 8.0
high
Severity: High (7.8) (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Fix date: 23.04.2012
Vector: Remote
Systems affected: ManageEngine ServiceDesk Plus 8.x
Vendor: ManageEngine ServiceDesk Plus 8.x
Notification status: 24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
23.04.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
24.06.2011 PT-2011-10: Abritrary Files Loading in ManageEngine ServiceDesk Plus 8.0
high
Severity: High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Fix date: 23.04.2012
Vector: Remote
Systems affected: ManageEngine ServiceDesk Plus 8.x
Vendor: ManageEngine ServiceDesk Plus 8.x
Notification status: 24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
23.04.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
24.06.2011 PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0
high
Severity: High (8.5) (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Fix date: 29.03.2012
Vector: Remote
Systems affected: ManageEngine ServiceDesk Plus 8.x
Vendor: ManageEngine ServiceDesk Plus 8.x
Notification status: 24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
29.03.2012 - Vendor releases fixed version and details
23.04.2012 - Public disclosure
24.06.2011 PT-2011-08: Multiple vulnerabilities in Dlink DPH 150SE/E/F1
high
Severity: High (9.7) (AV:N/AC:L/Au:N/C:P/I:C/A:C)
Fix date: 20.07.2011
Vector: Remote
Systems affected: D-Link DPH 150s IP Phone
Vendor: D-Link
Notification status: 24.06.2011 - Vendor is notified
27.06.2011 - Vendor gets vulnerability details
20.07.2011 - Vendor releases fixed version and details
22.07.2011 - Public disclosure
23.06.2011 PT-2011-07: Cross-Site Scripting in Cisco Small Business Devices
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 12.06.2012
Vector: Remote
Systems affected: Cisco SPA8000 8-port IP Telephony Gateway 6.x
Cisco SPA8800 IP Telephony Gateway 6.x
Cisco SPA2102 Phone Adapter with Router 5.x
Cisco SPA3102 Voice Gateway with Router 5.x
Cisco Small Business SPA500 Series IP Phones 7.x
Vendor: Cisco
Notification status: 23.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details
12.06.2012 - Vendor releases fixed version and details
27.09.2012 - Public disclosure
20.06.2011 PT-2011-06
medium
Severity: Medium (5.8) (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Fix date: No fix available
Vector: Remote
Systems affected: VMware ESX Server 4.x
Vendor: VMWare
Notification status: 20.06.2011 - Vendor is notified
24.06.2011 - Vendor gets vulnerability details
31.05.2011 PT-2011-05: Cross-Site Scripting in Koha Library Software
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 19.06.2011
Vector: Remote
Systems affected: Koha 3.x
Vendor: Koha Library Software
Notification status: 31.05.2011 - Vendor is notified
15.06.2011 - Vendor gets vulnerability details
19.06.2011 - Vendor releases fixed version and details
06.07.2011 - Public disclosure
30.05.2011 PT-2011-04: Cross-Site Scripting in Kayako Support Suite
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 25.08.2011
Vector: Remote
Systems affected: Kayako SupportSuite 3.x
Vendor: Kayako Web Solutions
Notification status: 30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
30.05.2011 PT-2011-03: Information disclosure in Kayako Support Suite
medium
Severity: Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Fix date: 25.08.2011
Vector: Remote
Systems affected: Kayako SupportSuite 3.x
Vendor: Kayako Web Solutions
Notification status: 30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
30.05.2011 PT-2011-02: PHP code Injection in Kayako Support Suite
medium
Severity: Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Fix date: 25.08.2011
Vector: Remote
Systems affected: Kayako SupportSuite 3.x
Vendor: Kayako Web Solutions
Notification status: 30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
30.05.2011 PT-2011-01: Cross-Site Scripting in Kayako Support Suite
medium
Severity: Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Fix date: 25.08.2011
Vector: Remote
Systems affected: Kayako SupportSuite 3.x
Vendor: Kayako Web Solutions
Notification status: 30.05.2011 - Vendor is notified
30.05.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
09.11.2010 PT-2010-11
high
Severity: High (10.0) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Fix date: No fix available
Vector: Remote
Systems affected: IrisvisiaCMS
Vendor: IrisvisiaCMS
Notification status: 09.11.2010 - Sent email to vendor
10.09.2010 PT-2010-09
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: Newton CMS
Vendor: Newton CMS
Notification status: 09.10.2010 - vendor notified
09.11.2010 - Status request sent
19.08.2010 PT-2010-08
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: QP7
Vendor: Quantum Art
Notification status: 19.08.2010 - Vendor notified
09.11.2010 - Status request sent
07.09.2010 PT-2010-05
medium
Severity: Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Fix date: No fix available
Vector: Remote
Systems affected: OpenSSL 1.x
Vendor: OpenSSL Project
Notification status: 07.09.2010 - Vendor notified
13.10.2009 PT-2009-44: Multiple vulnerabilities in Kayako Support Suite
medium
Severity: Medium (6.4) AV:N/AC:H/Au:M/C:C/I:C/A:P
Fix date: No fix available
Vector: Remote
Systems affected: Kayako SupportSuite 3.x
Vendor: Kayako
Notification status: 12.10.2009 - Vendor notified
13.10.2009 - Vendor response
13.10.2009 PT-2009-43: Session predictability in Kayako Support Suite
low
Severity: Low (4.3) AV:N/AC:M/Au:N/C:P/I:N
Fix date: 12.03.2010
Vector: Remote
Systems affected: Kayako SupportSuite 3.x
Vendor: Kayako
Notification status: 12.10.2009 - Vendor notified
13.10.2009 - Vendor response
09.02.2010 - The vendor confirmed the vulnerability and issued a workaround decision
12.03.2010 - Requested status update from vendor
08.04.2010 - Public disclosure
13.10.2009 PT-2009-42: Cross-Site Request Forgery in Kayako Support Suite
medium
Severity: Medium (7.0) AV:N/AC:M/Au:S/C:C/I:P
Fix date: 09.02.2010
Vector: Remote
Systems affected: Kayako SupportSuite 3.x
Vendor: Kayako
Notification status: 12.10.2009 - Vendor notified
13.10.2009 - Vendor response
19.01.2010 - The vendor confirmed the vulnerability and issued a workaround decision
09.02.2010 - Requested status update from vendor
08.04.2010 - Public disclosure
13.10.2009 PT-2009-41: Multiple vulnerabilities in Kayako Support Suite
low
Severity: Low (6.4) AV:N/AC:L/Au:N/C:P/I:N/A:P
Fix date: 12.03.2010
Vector: Remote
Systems affected: Kayako SupportSuite 3.x
Vendor: Kayako
Notification status: 12.10.2009 - Vendor notified
13.10.2009 - Vendor response
26.01.2010 - The vendor confirmed the vulnerability and issued a workaround decision
12.03.2010 - Requested status update from vendor
08.04.2010 - Public disclosure
02.06.2009 PT-2009-40: JIRA sensitive information disclosure
low
Severity: Low (0.0) (AV:N/AC:L/Au:N/C:N/I:N/A:N/E:P/RL:W/RC:C)
Fix date: 24.06.2009
Vector: Remote
Systems affected: JIRA 3.13.4
Vendor: Atlassian
Notification status: 02.06.2009 - Vendor notified
03.06.2009 - Vendor response
04.06.2009 - The vendor confirmed the vulnerability and issued a workaround decision
24.06.2009 - Requested status update from vendor
24.06.2009 - Public disclosure
10.04.2009 PT-2009-39
medium
Severity: Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Avaya
Notification status: 08.04.2009 - Vendor notified
13.04.2009 - Vendor response
14.04.2009 - Sent detail information
10.04.2009 PT-2009-38
medium
Severity: Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Citrix
Notification status: 10.04.2009 - Vendor notified
16.04.2009 - Vendor response
16.04.2009 - Sent detail information
10.04.2009 PT-2009-37
medium
Severity: Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Cisco
Notification status: 10.04.2009 - Vendor notified
27.03.2009 PT-2009-36: Neo CMS SQL Injection Vulnerability
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: 27.03.2009
Vector: Remote
Systems affected: Neo CMS
Vendor:
Notification status: 26.03.2009 - Vendor notified
26.03.2009 - Vendor response
27.03.2009 – Vendor releases the update
26.05.2009 - Public disclosure
25.03.2009 PT-2009-35: SQL Injection Vulnerability
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: No fix available
Vector: Remote
Systems affected: InstantCMS
Vendor:
Notification status: 25.03.2009 - Vendor is notified
26.03.2009 - Vendor response
25.03.2009 PT-2009-34: AKmedia CMS SQL Injection Vulnerability
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: 26.03.2009
Vector: Remote
Systems affected: AKmedia CMS
Vendor:
Notification status: 25.03.2009 - Vendor is notified
25.03.2009 - Vendor response
26.03.2009 – Vendor releases the update
26.03.2009 - Public disclosure
25.03.2009 PT-2009-33 iNTERNET.cms Cross-Site Scripting Vulnerability
medium
Severity: Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date: 18.05.2009
Vector: Remote
Systems affected: iNTERNET.cms
Vendor:
Notification status: 25.03.2009 - Vendor is notified
26.03.2009 - Vendor response
18.05.2009 - Vendor releases fixed version
26.05.2009 - Requested status update from vendor
27.05.2009 - Public disclosure
25.03.2009 PT-2009-32 Cross-Site Scripting Vulnerability
medium
Severity: Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date: No fix available
Vector: Remote
Systems affected: ART CMS
Vendor:
Notification status: 25.03.2009 - Vendor is notified
25.03.2009 - Vendor response
11.03.2009 PT-2009-31: Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: No fix available
Vector: Remote
Systems affected: NewMark CMS v0.6
Vendor:
Notification status: 11.03.2009 - Vendor notified
no response
24.03.2009 - Second notification
12.03.2009 PT-2009-30: Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: No fix available
Vector: Remote
Systems affected: Tribal Technology CMS
Vendor:
Notification status: 12.03.2009 - Vendor notified
no response
24.03.2009 - Second notification
24.03.2009 PT-2009-29: Tribiq CMS Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: 29.09.2009
Vector: Remote
Systems affected: Tribiq CMS 5.0.11
Vendor:
Notification status: 24.03.2009 - Vendor notified
24.03.2009 - Vendor response
29.09.2009 - Vendor issues the fixed version
07.10.2009 - Public disclosure
24.03.2009 PT-2009-28: SQL Injection Vulnerability
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: No fix available
Vector: Remote
Systems affected: Web Candy CMS
Vendor:
Notification status: 24.03.2009 - Vendor is notified
24.03.2009 - Vendor response
24.03.2009 PT-2009-27: Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: No fix available
Vector: Remote
Systems affected: Huberspace Backdoor CMS
Vendor: Huberspace
Notification status: 24.03.2009 - Vendor notified
11.03.2009 PT-2009-26 Cross-Site Scripting Vulnerability
medium
Severity: Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date: No fix available
Vector: Remote
Systems affected: CMS Buzz
Vendor: Cupid Systems
Notification status: 11.03.2009 - Vendor is notified
11.03.2009 - Vendor response
24.03.2009 - Requested status update from vendor
11.03.2009 PT-2009-25: Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: No fix available
Vector: Remote
Systems affected: Brick CMS
Vendor:
Notification status: 11.03.2009 - Vendor notified
11.03.2009 - Vendor response
24.03.2009 - Requested status update from vendor
04.03.2009 PT-2009-24: ELDORADO CMS Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: 13.03.2009
Vector: Remote
Systems affected: ELDORADO CMS 3.x
Vendor:
Notification status: 04.03.2009 - Vendor notified
04.03.2009 - Vendor response
04.03.2009 - Requested status update from vendor
13.03.2009 – Vendor releases the update
26.05.2009 - Public disclosure
04.03.2009 PT-2009-23: Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: No fix available
Vector: Remote
Systems affected: PixelGems CMS
Vendor:
Notification status: 04.03.2009 - Vendor notified
04.03.2009 - Vendor response
04.03.2009 - Requested status update from vendor
24.03.2009 - Second requested status update from vendor

03.03.2009 PT-2009-22: EXcms Root directory disclosure vulnerability
low
Severity: Low (0.0) AV:N/AC:L/Au:N/C:N/I:N/A:N
Fix date: No fix available
Vector: Remote
Systems affected: EXcms 2.x
Vendor:
Notification status: 03.03.2009 - Vendor notified
04.03.2009 - Vendor response
04.03.2009 - Requested status update from vendor
24.03.2009 - Second requested status update from vendor
26.05.2009 - Second requested status update from vendor
26.05.2009 - Vendor response
27.05.2009 - Public disclosure


02.03.2009 PT-2009-21: CMS.Pilot SQL Injection Vulnerability
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: No fix available
Vector: Remote
Systems affected: CMS.Pilot 1.x
Vendor:
Notification status: 02.03.2009 - Vendor notified
no response
10.03.2009 - Second notification
no response
24.03.2009 - Second notification
no response
27.05.2009 - Public disclosure
02.03.2009 PT-2009-20: A.CMS Multiple Vulnerabilities
medium
Severity: Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date: 04.03.2009
Vector: Remote
Systems affected: A.CMS 1.x
Vendor:
Notification status: 02.03.2009 - Vendor notified
04.03.2009 - Vendor response
04.03.2009 - Vendor issues the fixed version
10.03.2009 - Requested status update from vendor

10.03.2009 PT-2009-19
medium
Severity: Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date: No fix available
Vector: Local
Systems affected: Cisco Security Agent 6.x
Vendor: Cisco
Notification status: 10.03.2009 - Vendor notified
02.03.2009 PT-2009-18: Cetera CMS SQL Injection Vulnerability
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: 24.03.2009
Vector: Remote
Systems affected: Cetera CMS
Vendor:
Notification status: 03.02.2009 - Vendor is notified
03.02.2009 - Vendor response
03.03.2009 - Requested status update from vendor
24.03.2009 - Requested status update from vendor
24.03.2009 - Vendor releases fixed version and details
26.05.2009 - Public disclosure
02.03.2009 PT-2009-17: ABO.CMS Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: 05.04.2009
Vector: Remote
Systems affected: ABO.CMS 5.x
Vendor:
Notification status: 02.03.2009 - Vendor notified
03.03.2009 - Vendor response
04.03.2009 - Requested status update from vendor
24.03.2009 - Second requested status update from vendor
04.03.2009 PT-2009-16: Subrion CMS Multiple Vulnerabilities
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: 25.03.2009
Vector: Remote
Systems affected: Subrion CMS 1.x
Vendor:
Notification status: 04.03.2009 - Vendor notified
04.03.2009 - Vendor response
10.03.2009 - Requested status update from vendor
24.03.2009 - Second requested status update from vendor
25.03.2009 – Vendor releases the update
26.05.2009 - Public disclosure
03.03.2009 PT-2009-15 Living CMS Cross-Site Scripting Vulnerability
medium
Severity: Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date: 11.03.2009
Vector: Remote
Systems affected: Living CMS 1.x
Vendor:
Notification status: 03.03.2009 - Vendor notified
04.03.2009 - Vendor response
10.03.2009 - Requested status update from vendor

03.03.2009 PT-2009-14: BLOG CMS Cross-Site Scripting Vulnerability
medium
Severity: Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date: 03.03.2009
Vector: Remote
Systems affected: BLOG:CMS 4.x
Vendor:
Notification status: 03.03.2009 - Vendor is notified
03.03.2009 - Vendor response
03.03.2009 - Requested status update from vendor
03.03.2009 - Vendor issues the fixed version

04.03.2009 PT-2009-13: TinX CMS SQL Injection Vulnerability
high
Severity: High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Fix date: 05.03.2009
Vector: Remote
Systems affected: TinX/cms 3.x
Vendor:
Notification status: 04.03.2009 - Vendor is notified
04.03.2009 - Vendor response
04.03.2009 - Requested status update from vendor
05.03.2009 - Vendor releases fixed version and details
06.03.2009 - Public disclosure

04.03.2009 PT-2009-12: UMI.CMS Cross-Site Scripting Vulnerability
medium
Severity: Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Fix date: 06.03.2009
Vector: Remote
Systems affected: UMI.CMS 2.x
Vendor: Umisoft
Notification status: 04.03.2009 - Vendor notified
04.03.2009 - Vendor response
04.03.2009 - Requested status update from vendor
06.03.2009 - Vendor releases fixed version and details
06.03.2009 - Public disclosure

11.02.2009 PT-2009-11: SlySoft Multiple Products ElbyCDIO.sys Denial of Service
medium
Severity: Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date: 06.03.2009
Vector: Local
Systems affected: AnyDVD 6.x
Virtual CloneDrive 5.x
CloneDVD 2.x
CloneCD 5.x
Vendor: SlySoft
Notification status: 11.02.2009 - Vendor notified
11.02.2009 - Vendor replied
12.02.2009 - Sent detailed information
06.03.2009 - Vendor released fixed version
12.03.2009 - Public disclosure
04.02.2009 PT-2009-09: Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities
medium
Severity: Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date: No fix available
Vector: Local
Systems affected: Trend Micro Internet Security Pro 2009
Trend Micro Internet Security 2008
Trend Micro Internet Security Pro 2008
Vendor: Trend Micro
Notification status: 04.02.2009 - Vendor notified
no response
12.02.2009 - Second notification
no response
31.03.2009 - Vulnerability details disclosed by third party
31.03.2009 - Public disclosure
04.02.2009 PT-2009-08
medium
Severity: Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date: No fix available
Vector: Local
Systems affected: Sunbelt Personal Firewall 4.x
Vendor: Sunbelt Software
Notification status: 04.02.2009 - Vendor notified
no response
12.02.2009 - Second notification
no response
04.02.2009 PT-2009-07
medium
Severity: Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date: No fix available
Vector: Local
Systems affected: PC Tools Internet Security 2009
Vendor: PC Tools
Notification status: 04.02.2009 - Vendor notified
11.02.2009 - Vendor replied
24.02.2009 - Sent detailed information

04.02.2009 PT-2009-06
medium
Severity: Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date: No fix available
Vector: Local
Systems affected: F-Secure Internet Security 2009
Vendor: F-Secure
Notification status: 04.02.2009 - Vendor notified
11.02.2009 - Vendor replied
16.02.2009 - Sent detailed information
16.02.2009 - Vendor replied

04.02.2009 PT-2009-05: CA Internet Security Suite Denial of Service Vulnerability
medium
Severity: Medium (4.9) AV:L/AC:L/Au:N/C:N/I:N/A:C
Fix date: 18.08.2009
Vector: Local
Systems affected: CA Internet Security Suite Plus 2009
CA Internet Security Suite Plus 2008
CA Internet Security Suite 2007
Vendor: Computer Associates (CA)
Notification status: 04.02.2009 - Vendor notified
04.02.2009 - Vendor response
04.02.2009 - Details sent
18.08.2009 - Vendor releases fixed version and details
25.08.2009 - Public disclosure
04.02.2009 PT-2009-04
medium
Severity: Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Fix date: No fix available
Vector: Local
Systems affected: Online Armor Personal Firewall 3.x
Vendor: Tall Emu
Notification status: 04.02.2009 - Vendor notified
04.02.2009 - Vendor replied
04.02.2009 - Sent detailed information
04.02.2009 PT-2009-03
medium
Severity: Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date: No fix available
Vector: Local
Systems affected: Online Armor Personal Firewall 3.x
Vendor: Tall Emu
Notification status: 04.02.2009 - Vendor notified
04.02.2009 - Vendor replied
04.02.2009 - Sent detailed information
04.02.2009 PT-2009-02
medium
Severity: Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date: No fix available
Vector: Local
Systems affected: Online Armor Personal Firewall 3.x
Vendor: Tall Emu
Notification status: 04.02.2009 - Vendor notified
04.02.2009 - Sent detailed information
04.02.2009 PT-2009-01: PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities
medium
Severity: Medium (6.2) AV:L/AC:H/Au:N/C:C/I:C/A:C
Fix date: 02.04.2009
Vector: Local
Systems affected: PGP Corporate Desktop 9.x
Vendor: PGP
Notification status: 04.02.2009 - Vendor notified
04.02.2009 - Vendor replied
04.02.2009 - Sent detailed information
04.02.2009 - Vendor released fixed versions
13.04.2009 - Public disclosure
19.11.2008 PT-2008-09: Microsoft Windows MSMQ Privilege Escalation Vulnerability
high
Severity: High (7.2) AV:L/AC:M/Au:S/C:C/I:C/A:C
Fix date: 11.08.2009
Vector: Local
Systems affected: Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Vendor: Microsoft
Notification status: 19.11.2008 - Vendor notified
21.11.2008 - Vendor replied
11.08.2009 - Vendor released patches
12.08.2009 - Public disclosur
19.11.2008 PT-2008-08
medium
Severity: Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Fix date: No fix available
Vector: Local
Systems affected:
Vendor: Microsoft
Notification status: 19.11.2008 - Vendor notified
21.11.2008 - Vendor replied

14.10.2008 PT-2008-07: VMware Multiple Products hcmon.sys Denial of Service Vulnerability
medium
Severity: Medium (4.4) AV:L/AC:M/Au:S/C:N/I:N/A:C
Fix date: 31.03.2009
Vector: Local
Systems affected: VMware Workstation 6.x
VMWare Player 2.x
VMWare ACE 2.x
VMware Server 2.x
Vendor: VMWare
Notification status: 14.10.2008 - Vendor notified
16.10.2008 - Vendor replied
16.10.2008 - Sent detailed information
31.03.2009 - Vendor released fixed versions
06.04.2009 - Public disclosure
14.10.2008 PT-2008-06 VMware Multiple Products Denial of Service Vulnerability
medium
Severity: Medium (4.4) AV:L/AC:M/Au:S/C:N/I:N/A:C
Fix date: 28.05.2009
Vector: Local
Systems affected: VMware Workstation 6.x
VMWare Player 2.x
Vendor: VMWare
Notification status: 14.10.2008 - Vendor notified
16.10.2008 - Vendor replied
16.10.2008 - Sent detailed information
28.05.2009 - Vendor releases fixed version and details
14.10.2008 PT-2008-05: VMware Multiple Products vmci.sys Privilege Escalation Vulnerability
medium
Severity: Medium (6.6) AV:L/AC:M/Au:S/C:C/I:C/A:C
Fix date: 03.04.2009
Vector: Local
Systems affected: VMware Workstation 6.x
VMWare Player 2.x
VMware Server 2.x
VMWare ACE 2.x
Vendor: VMWare
Notification status: 14.10.2008 - Vendor notified
16.10.2008 - Vendor replied
16.10.2008 - Sent detailed information
03.04.2009 - Vendor released fixed versions
06.04.2009 - Public disclosure