Security Advisories

Home > Research > Security Advisories

Our penetration testing team finds security bugs in various mission-critical software from vendors such as Microsoft, Oracle, Nortel, Macromedia, etc. We believe in responsible disclosure and co-ordinate with the vendors before releasing information about these bugs.



Code Execution

Secunia Advisory SA55061 IIS Head Trainer & Security Researcher Sanoop Thomas has reported Cookie Authentication Bypass Vulnerability in Tenda W309R Wireless Router "admin"
Date: October 4, 2013

Secunia Advisory SA54966 IIS Head Trainer & Security Researcher Sanoop Thomas has discovered & notified AspxCommerce Logo Module Arbitrary File Upload Vulnerability to Secunia Product.
Date: September 24, 2013

Remote Code Execution on Nokia reported by Omair (Team Lead Security Assessment, NII)
Date: August 2013

Cross Site Scripting on Barracuda reported by Omair (Team Lead Security Assessment, NII)
Date: August 2013

Internet Explorer 10 Memory Corruption Vulnerability (CVE-2013-3125) CVE-2013-3118 vulnerability reported by Omair (Team Lead Security Assessment, NII) has been patched. Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120.

Internet Explorer 9 Memory Corruption Vulnerability (CVE-2013-3124 ) CVE-2013-3124 vulnerability reported by Omair (Team Lead Security Assessment, NII) has been patched. Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122.

Internet Explorer 10 Memory Corruption Vulnerability (CVE-2013-3118) CVE-2013-3118 vulnerability reported by Omair (Team Lead Security Assessment, NII) has been patched. Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability", a different vulnerability than CVE-2013-3120 and CVE-2013-3125.

Excel File Format Parsing Vulnerability (CVE-2010-3232) Omair, Security Analyst had reported this vulnerability which could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file.

Real Networks RealPlayer RealMedia Memory (CVE-2010-4386) Heap Corruption Vulnerability Omair, Security Analyst had reported this vulnerability which is prone to heap-corruption vulnerability because the software fails to perform adequate boundary-checks on user-supplied data.

RealPlayer RealAudio Codec Memory Corruption Vulnerability (CVE-2010-4387) Omair, Security Analyst had reported this vulnerability which is prone to a memory-corruption vulnerability because the software fails to perform adequate boundary-checks on user-supplied data.

Microsoft Windows Embedded Open Type Font Engine Remote Code Execution Vulnerability Omair, Security Analyst had reported this vulnerability which is prone to a remote code-execution vulnerability that may affect the Embedded OpenType font engine.

Apple QuickTime Clipping Region (CRGN) Atom Types Stack Exhaustion Vulnerability Omair, Security Analyst had reported this vulnerability which is prone to denial-of-service vulnerability.

Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability Omair, Security Analyst had reported this vulnerability which is prone to denial-of-service vulnerability.

Buffer Overflow in AnalogX Proxy The AnalogX proxy listens for incoming requests on TCP port 6588. A long URL request of more than 340 causes the Proxy to crash. If the URL were specially crafted it would allow remote execution of arbitrary code.

Buffer Overflow in SQLBase 8.1.0 Any user connected to the SQLBase 8.1.0 RDBMS can cause it to crash by executing a buffer overflow using the EXECUTE command and supplying it an overly long Procedure name to execute. Since SQLBase 8.1.0 runs as a service with LocalSystem privileges, the buffer overflow allows for a full remote compromise of the server.

Buffer Overflow in Incognito Software's iSMTP Software There exists a Buffer Overflow which will allow an attacker to execute code using the privileges with which ISMTP is running on the server. It occurs when an overly long buffer is fed into the Mail From command.


SQL Injection

SQL Injection Vulnerability on Ebay.com Darshit Ashara of (Network Intelligence India) reported SQL Injection Vulnerability in one of subdomain of ebay.com
Date: December 27, 2012

SQL Injection in MSN The MSN India website had a SQL injection vulnerability, which allowed remote execution of arbitrary SQL queries. MSN has now removed this link.

SQL Injection in phpForumPro 2.x The phpForumPro 2.x software has a SQL injection vulnerability resulting from lack of proper input validation.

SQL Injection in PHP-addressbook 1.x The view.php page in PHP-addressbook 1.x is vulnerable to an SQL Injection attack.

SQL Injection and Cross site scripting in iCMS The iCMS software is vulnerable to SQL injection and Cross-site Scripting vulnerabilities.

SQL Injection in Media 2 CMS Shop

SQL Injection in PHPSupportTickets PHPSupportTicket is vulnerable to an SQL Injection attack. The input values on the PHPSuportTickets login screen are not properly filtered which allows the attacker to run an arbitrary SQL query. The login screen can also be bypassed by using standard SQL injection techniques.


Cross-Site Scripting

Cross Site Scripting on Msn.com Subdomain reported by Darshit Ashara of (Network Intelligence India)
Date: February 28, 2013

Critical Oracle Advisory (CVE-2005-3352) Vinesh Redkar of NII (Network Intelligence India) reported Malicious File Upload Vulnerability XSS (CVE-2005-3352) to Oracle
Date: July 16, 2013

XSS Vulnerability in GalleryProject Dhiraj Ranka of (Network Intelligence India) reported XSS Vulnerability in GalleryProject
Date: April 2, 2013

DotNetNuke Multiple Vulnerabilities - Secunia Advisory SA49878 Sunil Yadav of INR Labs (Network Intelligence India) reported XSS Vulnerability in DotNetNuke
November 16, 2012

DotNetNuke Multiple Vulnerabilities - Secunia Advisory SA49059 Sunil Yadav of INR Labs (Network Intelligence India) reported XSS Vulnerability in DotNetNuke
July 13, 2012

XSS Vulnerability (CVE-2012-1892) in Visual Studio Sunil Yadav of INR Labs (Network Intelligence India) reported XSS Vulnerability (CVE-2012-1892) in Visual Studio
September 24, 2012

Oracle Critical Patch Update Advisory Sunil Yadav & Shrikant Antre of INR Labs (Network Intelligence India) reported security vulnerabilities in Oracle
April, 2012

SharePoint XSS Vulnerability (CVE-2013-0083) Sunil Yadav of INR Labs (Network Intelligence India) reported Microsoft SharePoint XSS Vulnerability (CVE-2013-0083)

Cross site scripting in Coldfusion MX Server Administrator Menu Vulnerability The Administrator interface of Macromedia's Coldfusion MX Server 6.1 has a cross-site scripting vulnerability that allows an attacker to not only steal the administrator's current session ID, but also his obfuscated password.


Information Disclosure, Path Disclosure, Directory Traversal

Directory Traversal Vulnerability FileCopa FTP FileCopa FTP Server version 1.01 has a directory traversal vulnerability using which any user can traverse through all the directories apart from its home directory.

Path Disclosure in Cold Fusion MX Server In its default installation, the Macromedia ColdFusion MX Server starts a web server (jrun) on port 8500. This is mainly for administrative purposes. When this server is accessed with the following URL http://host:8500/CFIDE/probe.cfm, an error message is displayed which reveals the Physical path of the location where the MX Server has been installed.

Path Disclosure in Oracle 9i Application Server Oracle 9iAS will display a default error page when a nonexistent ".jsp" file is specified. In the body of this page is the entire local path of the file on the server. This could pose privacy and security risks. An attacker could use this information to extrapolate the location of other files on the victim's machine, and use this information in conjunction with another vulnerability.


Denial of Service

Denial of Service in Intel Display Driver There is a denial of service vulnerability in the Intel ialmnt5 6.14.10.4308 Graphics Display Driver, which is remotely exploitable.

Denial of Service in Macromedia ColdFusion MX Server Vulnerability When the ColdFusion MX Server attempts to write an error message with an oversized string as part of the error message, the server's memory usage shoots up and stays there until the server completes writing the error message. This message is written on to a web page, as well as into ColdFusion's Application.log file. If this error is induced repeatedly, the entire memory on the server is used up and a Java out-of-memory condition occurs. We tested this by inducing the error ten times in a row.


User Enumeration

User Account Enumeration on Nortel Contivity VPN When a user tries to connect to the Nortel Networks Contivity VPN, he gets different error messages depending on whether the username is wrong or the password is wrong. Using this, an attacker can enumerate the accounts present on the VPN box.


Password Disclosure

Cyberoam SSL VPN Client – Plain-text Storage of Username and Password The Cyberoam SSL VPN client (CrSSL.exe) stores username & password in plain text in system registry.

Password Disclosure in Cryptainer (Password Encryption Software) Both the versions of Cryptainer store the password in clear text in the memory of the process without encrypting it or nullifying it.