Jan 19, 2012
Oracle Fusion Middleware (Oracle WebCenter Content) Multiple Vulnerabilities (SS-2012-001)
stratsec has identified a number of security weaknesses in Oracle Fusion Middleware (Oracle WebCenter Content), including SQL injection and cross-site scripting vulnerabilities. These security vulnerabilities may allow unauthorised access to application data or facilitate session hijacking attacks. READ MORE
Nov 11, 2011
Cisco Show and Share Multiple Vulnerabilities (SS-2011-009)
stratsec has identified two security issues in the Cisco Show and Share webcasting and video sharing product which could lead to complete system comprise. READ MORE
Sep 8, 2011
Procyon Core Server HMI Remote Stack Overflow (SS-2011-008)
stratsec has identified a remote stack overflow vulnerability within the Procyon Core Server HMI service. The vulnerability can be triggered by sending a specially crafted request to port 23. This vulnerability can lead directly to remote code execution running with the elevated privileges of the service. Failed attempts will likely lead to a denial of service condition. READ MORE
Aug 11, 2011
TeeChart Professional Integer Overflow (SS-2011-007)
stratsec has identified an integer overflow vulnerability in the TeeChart Professional ActiveX component that is later trusted, dereferenced and called upon. The vulnerability can lead to remote code execution if a user is social engineered to click on a malicious link or open a malicious HTML file. READ MORE
Jul 22, 2011
VLC XSPF Local File Integer Overflow Vulnerability (SS-2011-006)
VideoLAN’s VLC media player version 1.1.9 down to 0.8.5 suffers from an integer overflow resulting in a heap-based buffer overflow through the XSPF playlist file parser when opening crafted malicious playlist (.XSPF) files. READ MORE
May 25, 2011
VisiWave Site Survey Report Trusted Pointer (SS-2011-005)
stratsec has identified a trusted pointer vulnerability within the VisiWave Site Survey Reporting tool. The vulnerability can be triggered by opening a specially crafted report file. This vulnerability can lead to remote code execution if a user is social engineered into opening a malicious report file. READ MORE
Apr 14, 2011
Orbeon Forms XML Entity Dereferencing (SS-2011-004)
stratsec has identified a XML external entity dereferencing vulnerability present in Orbeon Forms. The issue can be exploited by a remote attacker to access internal network resources and local files subject to OS level permissions. READ MORE
Apr 8, 2011
VirtueMart SQL Injection (SS-2011-003)
stratsec researchers Steven Seeley and Rocco Calvi have identified a Blind SQL Injection vulnerability in the VirtueMart component software. This issue was confirmed to be present in release version 1.1.7 stable. The issue permits access to the backend database and may allow complete comprise of the underlying operating system. READ MORE
Feb 18, 2011
JAKCMS SQL Injection (SS-2011-002)
stratsec researcher Steven Seeley has identified a Blind SQL Injection vulnerability in the JAKCMS core which leadds to authentication bypass and arbitrary code execution against the underlying web server. READ MORE
Feb 14, 2011
Lingxia 273 I.C.E CMS Blind SQL Injection (SS-2011-001)
stratsec researchers have identified a pre-authenticated blind SQL injection vulnerability in the I.C.E CMS software distributed by Lingxia. Due to the response period lapsing without a patch release, this advisory is being published without a formal fix from the vendor. READ MORE