Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2009-35: SQL Injection Vulnerability - N/A
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   N/A
 
Timeline   25.03.2009 - Vendor is notified
26.03.2009 - Vendor response
 
Days sinse vendor notification: 3494
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   AKmedia CMS
 
Identifier:   PT-2009-34   Advisory published: 25.03.2009
CVE ID:   N/A   Fix issued: 26-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   iNTERNET.cms
 
Identifier:   PT-2009-33   Advisory published: 25.03.2009
CVE ID:   N/A   Fix issued: 18-05-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   Tribiq CMS 5.0.11
 
Identifier:   PT-2009-29   Advisory published: 24.03.2009
CVE ID:   N/A   Fix issued: 29-09-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-28: SQL Injection Vulnerability - N/A
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   N/A
 
Timeline   24.03.2009 - Vendor is notified
24.03.2009 - Vendor response
 
Days sinse vendor notification: 3495
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-27: Multiple Vulnerabilities - Huberspace
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Huberspace
 
Timeline   24.03.2009 - Vendor notified
 
Days sinse vendor notification: 3495
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-30: Multiple Vulnerabilities - N/A
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   N/A
 
Timeline   12.03.2009 - Vendor notified
no response
24.03.2009 - Second notification
 
Days sinse vendor notification: 3507
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-31: Multiple Vulnerabilities - N/A
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   N/A
 
Timeline   11.03.2009 - Vendor notified
no response
24.03.2009 - Second notification
 
Days sinse vendor notification: 3508
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-26 Cross-Site Scripting Vulnerability - Cupid Systems
Severity:   Medium (4.3) AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Cupid Systems
 
Timeline   11.03.2009 - Vendor is notified
11.03.2009 - Vendor response
24.03.2009 - Requested status update from vendor
 
Days sinse vendor notification: 3508
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
PT-2009-25: Multiple Vulnerabilities - N/A
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   N/A
 
Timeline   11.03.2009 - Vendor notified
11.03.2009 - Vendor response
24.03.2009 - Requested status update from vendor
 
Days sinse vendor notification: 3508
Discovered by:
Dmitry Evteev, Positive Technologies Research Team