Our penetration testing team finds security bugs in various mission-critical software from vendors such as Microsoft, Oracle, Nortel, Macromedia, etc. We believe in responsible disclosure and co-ordinate with the vendors before releasing information about these bugs.
Excel File Format Parsing Vulnerability (CVE-2010-3232) Omair, Security Analyst had reported this vulnerability which could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file.
Real Networks RealPlayer RealMedia Memory (CVE-2010-4386) Heap Corruption Vulnerability Omair, Security Analyst had reported this vulnerability which is prone to heap-corruption vulnerability because the software fails to perform adequate boundary-checks on user-supplied data.
RealPlayer RealAudio Codec Memory Corruption Vulnerability (CVE-2010-4387) Omair, Security Analyst had reported this vulnerability which is prone to a memory-corruption vulnerability because the software fails to perform adequate boundary-checks on user-supplied data.
Microsoft Windows Embedded Open Type Font Engine Remote Code Execution Vulnerability Omair, Security Analyst had reported this vulnerability which is prone to a remote code-execution vulnerability that may affect the Embedded OpenType font engine.
Apple QuickTime Clipping Region (CRGN) Atom Types Stack Exhaustion Vulnerability Omair, Security Analyst had reported this vulnerability which is prone to denial-of-service vulnerability.
Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability Omair, Security Analyst had reported this vulnerability which is prone to denial-of-service vulnerability.
Buffer Overflow in AnalogX Proxy The AnalogX proxy listens for incoming requests on TCP port 6588. A long URL request of more than 340 causes the Proxy to crash. If the URL were specially crafted it would allow remote execution of arbitrary code.
Buffer Overflow in SQLBase 8.1.0 Any user connected to the SQLBase 8.1.0 RDBMS can cause it to crash by executing a buffer overflow using the EXECUTE command and supplying it an overly long Procedure name to execute. Since SQLBase 8.1.0 runs as a service with LocalSystem privileges, the buffer overflow allows for a full remote compromise of the server.
Buffer Overflow in Incognito Software's iSMTP Software There exists a Buffer Overflow which will allow an attacker to execute code using the privileges with which ISMTP is running on the server. It occurs when an overly long buffer is fed into the Mail From command.
SQL Injection in MSN The MSN India website had a SQL injection vulnerability, which allowed remote execution of arbitrary SQL queries. MSN has now removed this link.
SQL Injection in phpForumPro 2.x The phpForumPro 2.x software has a SQL injection vulnerability resulting from lack of proper input validation.
SQL Injection in PHP-addressbook 1.x The view.php page in PHP-addressbook 1.x is vulnerable to an SQL Injection attack.
SQL Injection and Cross site scripting in iCMS The iCMS software is vulnerable to SQL injection and Cross-site Scripting vulnerabilities.
SQL Injection in Media 2 CMS Shop
SQL Injection in PHPSupportTickets PHPSupportTicket is vulnerable to an SQL Injection attack. The input values on the PHPSuportTickets login screen are not properly filtered which allows the attacker to run an arbitrary SQL query. The login screen can also be bypassed by using standard SQL injection techniques.
SharePoint XSS Vulnerability (CVE-2013-0083) Sunil Yadav of INR Labs (Network Intelligence India) reported Microsoft SharePoint XSS Vulnerability (CVE-2013-0083)
Cross site scripting in Coldfusion MX Server Administrator Menu Vulnerability The Administrator interface of Macromedia's Coldfusion MX Server 6.1 has a cross-site scripting vulnerability that allows an attacker to not only steal the administrator's current session ID, but also his obfuscated password.
Directory Traversal Vulnerability FileCopa FTP FileCopa FTP Server version 1.01 has a directory traversal vulnerability using which any user can traverse through all the directories apart from its home directory.
Path Disclosure in Cold Fusion MX Server In its default installation, the Macromedia ColdFusion MX Server starts a web server (jrun) on port 8500. This is mainly for administrative purposes. When this server is accessed with the following URL http://host:8500/CFIDE/probe.cfm, an error message is displayed which reveals the Physical path of the location where the MX Server has been installed.
Path Disclosure in Oracle 9i Application Server Oracle 9iAS will display a default error page when a nonexistent ".jsp" file is specified. In the body of this page is the entire local path of the file on the server. This could pose privacy and security risks. An attacker could use this information to extrapolate the location of other files on the victim's machine, and use this information in conjunction with another vulnerability.
Denial of Service in Intel Display Driver There is a denial of service vulnerability in the Intel ialmnt5 188.8.131.5208 Graphics Display Driver, which is remotely exploitable.
Denial of Service in Macromedia ColdFusion MX Server Vulnerability When the ColdFusion MX Server attempts to write an error message with an oversized string as part of the error message, the server's memory usage shoots up and stays there until the server completes writing the error message. This message is written on to a web page, as well as into ColdFusion's Application.log file. If this error is induced repeatedly, the entire memory on the server is used up and a Java out-of-memory condition occurs. We tested this by inducing the error ten times in a row.
User Account Enumeration on Nortel Contivity VPN When a user tries to connect to the Nortel Networks Contivity VPN, he gets different error messages depending on whether the username is wrong or the password is wrong. Using this, an attacker can enumerate the accounts present on the VPN box.
Cyberoam SSL VPN Client – Plain-text Storage of Username and Password The Cyberoam SSL VPN client (CrSSL.exe) stores username & password in plain text in system registry.
Password Disclosure in Cryptainer (Password Encryption Software) Both the versions of Cryptainer store the password in clear text in the memory of the process without encrypting it or nullifying it.