Vulnerabilidades descubiertas y publicadas por nuestro equipo de expertos

 

Advisories 2017

2017-001: BlueRiver Mura CMS vulnerable to Stored Cross Site Scripting Attacks via rb parameter.
2017-002: Paypal(dot)com self-XSS Vulnerability
2017-003: My AOL | Today's News vulnerable to Path Traversal
2017-008: XSS Reflected found in the SAP events portal
2017-010: Google Earth 'QtWebKit4' NULL Pointer Dereference Vulnerability
2017-012: XSS Reflected found in the Microsoft Azure Marketplace website
2017-014: XSS Reflected found in the AT&T Reward Center portal
2017-015: XSS Reflected found in the AT&T Reward Center portal
2017-016: XSS Reflected found in the Vodafone German Shop
2017-017: XSS Reflected found in a Vodafone Deutschland website


Advisories 2016

2016-001: Desk.com is affected by Reflected Cross-Site Scripting vulnerability
2016-002: Stored XSS in Google Sites


Advisories 2015

2015-005: URL Redirection to Untrusted Site ('Open Redirect') in Google generic TLD and ccTLD


Advisories 2014

2014-001: Reflected XSS vulnerability in Boxcryptor.


Advisories 2013

2013-001: CSRF vulnerability in LinkedIn.

2013-002: Reflected XSS in Asteriskguru Queue Statistics.

2013-003: XSS vulnerability in LinkedIn.

2013-004: Reflected XSS in the view attachment message process of the Atmail WebMail <= v7.0.2

2013-005: LinkedIn social network is affected by Persistent Cross-Site Scripting vulnerability.

2013-006: Multiple Reflected XSS vulnerabilities in LinkedIn Investors.

2013-009: Multiple Vulnerabilities in Telaen <= 1.3.0.

2013-011: HTTP Response Splitting Vulnerability in WebCollab <= v3.30

2013-012: Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9

2013-014: Multiple reflected XSS vulnerabilities in Atmail WebMail.

2012-016: CSRF vulnerability in LinkedIn

2012-017: SQL Injection vulnerability in "Project'Or RIA" allow arbitrary access to the database and the file system.

2012-018: Multiple XSS vulnerabilities in "Project'Or RIA"


Advisories 2012

2012-001: PL/SQL Injection in Oracle Portal Demo Organization Chart

2012-003: LinkedIn social network is affected by Multiple Reflected Cross-Site Scripting vulnerabilities.


Advisories 2011

2011-001: Facebook social network vulnerable to Open Redirect.

2011-002: Facebook social network vulnerable to CSRF.


Advisories 2010

2010-001: Facebook HTML and Script code injection vulnerability

2010-002: Facebook Cross-Site Request Forgery vulnerability

2010-004:Facebook HTML and Script code injection vulnerability

2010-005: SQL Injection and XSS in Motorito Motorito < v2.0 Ni 483

2010-006: Facebook Abuse of Functionality of Lint for anonymous port scan and DoS attacks

2010-007: XSS in Oracle Portal Database Access Descriptor

2010-008: Insecure Direct Object Reference in tuenti.com allow to read of any message user

2010-009: Reflected XSS in the login process of the Atmail WebMail < v6.1.9

2010-010: Uninitialized variables allow to access the Motorito CMS administration panel.

2010-011: Multiple vulnerabilities in Hi5.com social network.


Advisories 2009

2009-001: ModSecurity < 2.5.9 is vulnerable to a remote Denial of Service (DoS)

2009-002: eXtplorer standalone & Joomla!/Mambo Remote Code Execution vulnerability

2009-003: QuiXplorer <= 2.4.1 beta standalone and as a Mambo/Joomla component 'lang' parameter Remote Code Execution vulnerability.

2009-004: WordPress MU < 2.7 'Host' HTTP Header Cross Site Scripting (XSS) Vulnerability.

2009-005: Simple PHP Blog <= 0.5.1 Local File Include vulnerability.

2009-006: Joomla! 1.5.10 JA_Purity Multiple Persistent XSS.

2009-007: Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers.

2009-008: Gmail vulnerable to automated password cracking.

2009-009: Joomla! < 1.5.13 Multiple Full Path Disclosure vulnerabilities.

2009-011: PHP-Calendar v1.1 'configfile' Remote and Local File Inclusion vulnerability.

2009-012: Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability.

2009-013: Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass.


Advisories 2008

2008-001: Wordpress is vulnerable to an unauthorized upgrade and XSS.

2008-004: PSI remote integer overflow DoS.


Advisories 2007

2007-001: Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS.

2007-002: Multiple vulnerabilities in WiFi router COMTREND CT-536/HG-536+.

2007-003: CSRF vulnerability in GMail service.

2007-004: wwwstats is vulnerable to Persistent XSS.

2007-005: Cygwin buffer overflow due incorrect filename length check.

2007-006: Tikiwiki CMS is vulnerable to path traversal attack.


Advisories 2006

2006-001: Arbitrary remote file creation in 123flashchat server.

2006-002: IMAP/SMTP Command Injection in SquirrelMail.

2006-003: Arbitrary flash code remote execution in 123flashchat.

2006-004: Vtls.web.gateway cgi is vulnerable to a Cross Site Scripting attack.

2006-005: 'strings' command is vulnerable to a Denial of Service.

2006-006: SmbClientParser perl module allows remote command execution.

2006-007: The BlueSocket web administration is vulnerable to a Cross Site Scripting attack.

2006-010: XSS vulnerability in error page of ISMail.

2006-011: IMAP/SMTP Injection in Hastymail.

2006-013: Microsoft IIS5 NTLM and Basic authentication bypass.