We occasionally discover security problems during internal
learning processes or in systems that we use or test for our
projects. As time allows us, we analyze these security problems
and alert the vendors and the public in accordance to our Notification
and Publishing Policy.
If you want to receive our reports as soon as they're published,
please subscribe to our Mailing
List.
|
|
|
|
Title:
|
Session Fixation Vulnerability in WebLogic Administration Console
|
|
Report:
|
ASPR #2008-03-11-2
|
|
Vendor:
|
BEA Systems
|
|
Status:
|
problem fixed, report published
|
|
References:
|
BEA Systems Security Advisory BEA08-196.00
|
|
CVE:
|
CVE-2008-0900
|
|
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console
|
|
Report:
|
ASPR #2008-03-11-1
|
|
Vendor:
|
BEA Systems
|
|
Status:
|
problem fixed, report published
|
|
References:
|
BEA Systems Security Advisory BEA08-195.00
|
|
CVE:
|
CVE-2008-0899
|
|
|
|
|
Title:
|
Session Fixation Vulnerability in HP SIM 5.0
|
|
Report:
|
ASPR #2007-05-14-1
|
|
Vendor:
|
Hewlett-Packard Company
|
|
Status:
|
problem fixed, report published
|
|
References:
|
HP Security Bulletin
|
|
CVE:
|
CVE-2007-2719
|
|
|
|
|
Title:
|
Buffer Overflow In Retroclient Service
|
|
Report:
|
ASPR #2006-05-17-1
|
|
Vendor:
|
EMC Corporation
|
|
Status:
|
problem fixed, report published
|
|
References:
|
EMC Retrospect Knowledgebase
|
|
CVE:
|
CVE-2006-2391
|
|
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console (2)
|
|
Report:
|
ASPR #2005-05-24-2
|
|
Vendor:
|
BEA Systems, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
BEA Systems Security Advisory BEA07-80.03
|
|
CVE:
|
CAN-2005-1747
|
|
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console (1)
|
|
Report:
|
ASPR #2005-05-24-1
|
|
Vendor:
|
BEA Systems, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
BEA Systems Security Advisory BEA07-80.03
|
|
CVE:
|
CAN-2005-1747
|
|
|
|
|
Title:
|
Unsanitized Session ID Cookie Allows Modifying Server Response
|
|
Report:
|
ASPR #2004-10-14-3
|
|
Vendor:
|
Macromedia, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Macromedia Security Bulletin
|
|
CVE:
|
CAN-2004-1478
|
|
|
|
|
Title:
|
Session Fixation in JRun Management Console
|
|
Report:
|
ASPR #2004-10-14-2
|
|
Vendor:
|
Macromedia, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Macromedia Security Bulletin
|
|
CVE:
|
CAN-2004-1478
|
|
|
|
|
Title:
|
HTML Injection in JRun Management Console
|
|
Report:
|
ASPR #2004-10-14-1
|
|
Vendor:
|
Macromedia, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Macromedia Security Bulletin
|
|
CVE:
|
CAN-2004-1477
|
|
|
|
|
Title:
|
Poisoning Cached HTTPS Documents in Internet Explorer
|
|
Report:
|
ASPR #2004-10-13-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CAN-2004-0845
|
|
|
|
|
Title:
|
Internet Explorer/Outlook double null character DoS
|
|
Report:
|
ASPR
#2004-01-20-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CAN-2004-0284
|
|
|
|
|
Title:
|
Remote Retrieval Of IIS Session Cookies From
Web Browsers
|
|
Report:
|
ASPR
#2000-07-22-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CVE-2000-0970
|
|
|
|
|
Title:
|
Remote Retrieval Of Authentication Data From
Internet Explorer
|
|
Report:
|
ASPR
#2000-07-22-2
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CVE-2000-0982
|
|
|
|
|
Title:
|
Bypassing Warnings For Invalid SSL Certificates
In Netscape Navigator
|
|
Report:
|
ASPR
#2000-04-06-1
|
|
Vendor:
|
Netscape
Corp. (an America
Online, Inc. company)
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Netscape
Security Notes
CERT/CC
Advisory
C|NET
Story
|
|
CVE:
|
CVE-2000-0406
|
|
|
|
|
Title:
|
Bypassing Warnings For Invalid SSL Certificates
In Internet Explorer
|
|
Report:
|
ASPR
#1999-12-15-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
CERT/CC
Advisory
|
|
CVE:
|
CVE-2000-0518, CVE-2000-0519
|
|
|
|
|
Title:
|
Processing Of Illegal URL Hexadecimal Encodings
In IIS 4.0
|
|
Report:
|
ASPR
#1999-11-10-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CVE-2000-0024
|
|
|
|
|
Title:
|
A "dot-dot" Problem In WebID Agent
For Microsoft IIS
|
|
Report:
|
ASPR
#1999-10-26-1
|
|
Vendor:
|
RSA
Security, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
RSA
Security Bulletin *
|
|
CVE:
|
CAN-2001-1461
|
* Mirrored with vendor's permission.
