|
Best Security Research |
|
» | netVigilance is an active contributor to nvd.nist.gov
|
» | Every vulnerability in our database is independently scored according to CVSS 2.0
|
» | Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
|
» |
netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
|
» | Our Professional Services team will validate any vulnerability Scoring for you.
|
Security Advisories
Fact: Only a fraction of all vulnerabilities have currently been discovered
A key function of the netVigilance Security Research Team is to perform original Security Research. Very few companies in the industry perform this research, yet at netVigilance, it is critical to our mission of going Beyond Compliance. The efforts of our Team often lead to the discovery of previously unknown Security Vulnerabilities in commonly used software.
To avoid zero-day attacks, netVigilance contacts the software authors to ensure that a patch is released – and we do this prior to publishing the details of the vulnerability.
If the software author does not respond or show appropriate initiative to netVigilance in their efforts to remedy the flaw within 30 days from notification, then in the interest of public safety, netVigilance discloses to the user base the vulnerability details together with a recommended work-around, so that users of the product may protect themselves
netVigilance Professional Services has the capability to inspect your applications for vulnerabilities (code-inspection). To schedule a consultation with a Security Engineer, please contact us using the form here. During this consultation, we will gather the information necessary to assess your individual situation. Within three business days, we will provide you with a custom proposal to address your specific needs. There is no obligation for the consultation.
The following Security Vulnerabilities have been identified by the netVigilance Security Research Team and have been released as Security Advisories:
-
#0043 06/30/2008 Fa Name version 1.0 Multiple XSS Attack Vulnerabilities
-
#0042 06/30/2008 Fa Name version 1.0 SQL Injection Vulnerability
-
#0041 06/30/2008 Fa Name version 1.0 Path Disclosure Vulnerability
-
#0040 06/30/2008 myBloggie version 2.1.6 Multiple SQL Injection Vulnerability
-
#0039 06/30/2008 myBloggie version 2.1.6 Multiple Path Disclosure Vulnerabilities
-
#0055 10/29/2007 SAXON version 5.4 SQL Injection Vulnerability
-
#0053 10/29/2007 SAXON version 5.4 Multiple Path Disclosure Vulnerabilities
-
#0070 09/25/2007 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities
-
#0069 09/25/2007 SimpNews version 2.41.03 File Content Disclosure Vulnerability
-
#0068 09/25/2007 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities
-
#0067 09/25/2007 SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities
-
#0066 09/25/2007 SimpGB version 1.46.02 Information Disclosure Vulnerability
-
#0065 09/25/2007 SimpGB version 1.46.02 File Content Disclosure Vulnerability
-
#0064 09/25/2007 SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities
-
#0031 06/27/2007 eTicket version 1.5.5 XSS Attack Vulnerability
-
#0030 06/27/2007 eTicket version 1.5.5 Path Disclosure Vulnerability
-
#0038 06/25/2007 Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities
-
#0037 06/25/2007 Calendarix version 0.7. 20070307 Multiple XSS Attacks
-
#0036 06/25/2007 Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities
-
#0035 06/25/2007 Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities
-
#0025 06/25/2007 MyNews version 0.10 SQL Injection Vulnerability
-
#0034 06/17/2007 Utopia News Pro version 1.4.0 XSS Attack Vulnerability
-
#0033 06/17/2007 WSPortal version 1.0 SQL Injection Vulnerability
-
#0032 06/17/2007 WSPortal version 1.0 Path Disclosure Vulnerability
-
#0024 05/28/2007 myEvent version 1.6 Multiple Path Disclosure Vulnerabilities
-
#0023 05/28/2007 DGNews version 2.1 XSS Attack Vulnerability
-
#0022 05/28/2007 DGNews version 2.1 SQL Injection Vulnerability
-
#0021 05/28/2007 DGNews version 2.1 Path Disclosure Vulnerability
-
#0029 05/22/2007 Jetbox CMS version 2.1 XSS Attack Vulnerability
-
#0028 05/21/2007 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities
-
#0027 05/21/2007 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities
-
#0026 05/15/2007 Jetbox CMS version 2.1 E-Mail Injection Vulnerability
-
#0020 05/14/2007 SonicBB version 1.0 XSS Attack Vulnerabilities
-
#0019 05/14/2007 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities
-
#0018 05/14/2007 SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities
-
#0017 05/13/2007 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities
-
#0013 05/07/2007 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability
-
#0012 05/07/2007 Advanced Guestbook version 2.4.2 XSS Attack Vulnerability
-
#0011 05/07/2007 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities
-
#0016 04/15/2007 UseBB Version 1.0.5 Path Disclosure Vulnerability
-
#0015 03/16/2007 w-agora version 4.2.1 Information Disclosure Vulnerability
-
#0014 03/16/2007 w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities
-
#0010 01/15/2007 dt_guestbook version 1.0f XSS vulnerability
-
#0008 11/30/2006 LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities
-
#0009 11/27/2006 Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities
-
#0007 11/27/2006 REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability
-
#0006 11/06/2006 DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php
-
#0005 11/18/2004 Multiple XSS Vulnerabilities in phpMyAdmin 2.6.0-pl2 and prior
-
#0004 02/03/2004 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
-
#0003 01/29/2004 Arbitrary File Disclosure Vulnerability in phpGedView 2.65.1 and prior
-
#0002 01/29/2004 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Should you have any further questions on any of these vulnerabilities, their consequences to your company, or the appropriate security strategy for your firm to follow, do not hesitate to contact us directly at the number or email below.
Copyright©2004-2011, netVigilance, Inc. All rights reserved • Privacy Policy