Resource Center

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: ThoughtSpot – Authorization Bypass Allows for Pinboard Corruption Release Date: 2019-06-10 Application: ThoughtSpot Versions: 5.x before 5.1.2 4.4.1.x onwards Severity: Medium Author: Will Enright Vendor Status: Update Released [2] CVE Candidate: CVE-2019-12782 Reference: https://www.vsecurity.com/resources/advisory/201912782-1.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~—————–~ From ThoughtSpot’s website [1]: “ThoughtSpot is a […]

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Deltek Vision – Arbitrary SQL Execution Release Date: 2019-04-09 Application: Deltek Vision Versions: 7.x before 7.6 March 2019 CU (Cumulative Update) Severity: High Author: Robert Wessen Vendor Status: Updates available, see vendor for information. CVE Candidate: CVE-2018-18251 Reference: https://www.vsecurity.com/download/advisories/2018-18251.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~—————–~ From Deltek’s […]

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Bomgar Remote Support – Local Privilege Escalation Release Date: 2017-10-26 Application: Bomgar Remote Support Versions: 15.2.x before 15.2.3 16.1.x before 16.1.5 16.2.x before 16.2.4 Severity: High/Medium Author: Robert Wessen Author: Mitch Kucia Vendor Status: Update Released [2] CVE Candidate: CVE-2017-5996 Reference: https://www.vsecurity.com/download/advisories/20171026-1.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description […]

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Flaw Release Date: 2014-09-17 Application: Apple iOS Foundation Framework Apple OS X Foundation Framework Versions: iOS 7.0, 7.1, OS X 10.9 – 10.9.4 Severity: High Author: George D. Gal Vendor Status: Fix Available CVE Candidate: CVE-2014-4374 Reference: http://www.vsecurity.com/resources/advisory/20140917-1/ […]

by Timothy D. Morgan and Omar Al Ibrahim The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation […]

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM WebSphere Commerce Versions: 5.6.X, 6.0.X, 7.0.X, possibly others Credit: Timothy D. Morgan George D. Gal Vendor Status: Patch Available by Request [5] CVE Candidate: CVE-2013-0523 Reference: http://www.vsecurity.com/resources/advisory/20130619-1/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~—————–~ From […]

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: HTC IQRD Android Permission Leakage Release Date: 2012-04-20 Application: IQRD on HTC Android Phones Author: Dan Rosenberg Vendor Status: Patch Released CVE Candidate: CVE-2012-2217 Reference: http://www.vsecurity.com/resources/advisory/20120420-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description ——————- The IQRD service is HTC’s implementation of a Carrier IQ porting layer on several HTC […]

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: libraptor – XXE in RDF/XML File Interpretation Release Date: 2012-03-24 Applications: libraptor / librdf (versions 1.x and 2.x) Also Affected: OpenOffice 3.x, LibreOffice 3.x, AbiWord, KOffice Author: tmorgan {a} vsecurity * com Vendor Status: Patches available; major downstream vendors and operating system distributions notified CVE […]

by Dan Rosenberg In this paper, we will systematically evaluate the implementation of the Linux kernel SLOB allocator to assess exploitability. We will present new techniques for attacking the SLOB allocator, whose exploitation has not been publicly described. These techniques will apply to exploitation scenarios that become progressively more constrained, starting with an arbitrary length, […]

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: VMware Tools Multiple Vulnerabilities Release Date: 2011-06-03 Application: VMware Guest Tools Severity: High Author: Dan Rosenberg Vendor Status: Patch Released [2] CVE Candidate: CVE-2011-1787, CVE-2011-2145, CVE-2011-2146 Reference: http://www.vsecurity.com/resources/advisory/20110603-1/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description ——————- From [1]: “VMware Tools is a suite of utilities that enhances the performance […]