Security Advisories

2008

August 12, 2008		VMWare - VirtualCenter User Account Disclosure http://www.insomniasec.com/advisories/ISVA-080812.1.htm
July 09, 2008		(MS08-040) - Microsoft SQL Server Corrupt Backup File Heap Overflow http://www.insomniasec.com/advisories/ISVA-080709.1.htm
June 18, 2008		Symantec - Altiris Notification Server Agent Privilege Escalation http://www.insomniasec.com/advisories/ISVA-080623.1.htm
May 16, 2008		Symantec - Altiris Deployment Solution - SQL Injection http://www.insomniasec.com/advisories/ISVA-080516.1.htm
May 16, 2008		Symantec - Altiris Deployment Solution - Domain Account Disclosure http://www.insomniasec.com/advisories/ISVA-080516.2.htm
March 29, 2008		CMS Made Simple - Unauthenticated Arbitrary File Upload http://blog.cmsmadesimple.org/2008/03/29/announcing-cms-made-simple-124/
March 10, 2008		Symantec - Altiris Deployment Server Escalation of Privileges http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html
February 06, 2008		Symantec - Altiris Notification Server Escalation of Privileges http://securityresponse.symantec.com/avcenter/security/Content/2008.02.06.html

Advisories From The Past

The following is a list of security advisories accredited to team members, prior to joining Insomnia Security.

August 14, 2007		(MS07-045) - tlbinf32.dll ActiveX Vulnerability http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx
July 10, 2007		(SUN-200071) - Java Web Start URL Parsing http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
February 15, 2007		(LizardTech) - DjVu Browser Plug-in - Multiple Vulnerabilities http://www.lizardtech.com/
February 13, 2007		(MS07-005) - Interactive Training Vulnerability http://www.microsoft.com/technet/security/bulletin/MS07-005.mspx
December 14, 2006		(Hilgraeve) - Hyper Access - Multiple Vulnerabilities http://www.hilgraeve.com
December 12, 2006		(SiteKiosk) - SiteKiosk - FileSystem Access http://www.sitekiosk.com/
December 11, 2006		(Adobe) - ColdFusion MX7 - Multiple Vulnerabilities http://www.adobe.com
July 11, 2006		(MS06-034) - ASP.DLL Include File Overflow http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx
June 19, 2006		(Skype) - URI Handling Vulnerability http://www.skype.com/security/skype-sb-2006-001.html
October 11, 2005		(MS05-049) - Webview Script Injection http://www.microsoft.com/technet/security/Bulletin/MS05-049.mspx
September 07, 2005		(CSystems) - WebArchiveX - Unsafe Methods Vulnerability http://www.csystems.co.il/webarchivex/index.aspx
June 14, 2005		(MS05-031) - Interactive Training Vulnerability http://www.microsoft.com/technet/security/Bulletin/MS05-031.mspx
December 14, 2004		(MS04-043) - HyperTerminal Buffer Overflow http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx
Novemeber 23, 2004		(Winamp) - Buffer Overflow in IN_CDDA.dll http://www.winamp.com
Novemeber 23, 2004		(Vandyke) - SecureCRT - Remote Command Execution http://www.vandyke.com/download/securecrt/index.html
October 12, 2004		(MS04-033) - Excel 2000 Buffer Overflow http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx
October 12, 2004		(MS04-032) - SetWindowLong() Shatter Attacks http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx
July 13, 2004		(MS04-023) - HTML Help Heap Overflow http://www.microsoft.com/technet/security/bulletin/MS04-023.mspx
July 13, 2004		(MS04-022) - Task Scheduler Buffer Overflow http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx
April 13, 2004		(MS04-011) - Utility Manager Privilege Escalation http://www.microsoft.com/technet/security/Bulletin/MS04-011.mspx
November 11, 2003		(MS03-051) - FrontPage Server Extensions Buffer Overflow http://www.microsoft.com/technet/security/bulletin/ms03-051.mspx
October 15, 2003		(MS03-045) - Buffer Overflow In ListBox and ComboBox http://www.microsoft.com/technet/security/bulletin/ms03-045.mspx
July 16, 2003		(MS03-028) - ISA Server - Cross Site Scripting http://www.microsoft.com/technet/security/bulletin/ms03-028.mspx
March 9, 2003		(MS03-022) - Windows Media Services ISAPI Buffer Overflow #2 http://www.microsoft.com/technet/security/bulletin/ms03-022.mspx
May 28, 2003		(MS03-019) - Windows Media Services ISAPI Buffer Overflow #1 http://www.microsoft.com/technet/security/bulletin/ms03-019.mspx

Security Advisories

2008

August 12, 2008

VMWare - VirtualCenter User Account Disclosure http://www.insomniasec.com/advisories/ISVA-080812.1.htm

July 09, 2008

(MS08-040) - Microsoft SQL Server Corrupt Backup File Heap Overflow http://www.insomniasec.com/advisories/ISVA-080709.1.htm

June 18, 2008

Symantec - Altiris Notification Server Agent Privilege Escalation http://www.insomniasec.com/advisories/ISVA-080623.1.htm

May 16, 2008

Symantec - Altiris Deployment Solution - SQL Injection http://www.insomniasec.com/advisories/ISVA-080516.1.htm

May 16, 2008

Symantec - Altiris Deployment Solution - Domain Account Disclosure http://www.insomniasec.com/advisories/ISVA-080516.2.htm

March 29, 2008

CMS Made Simple - Unauthenticated Arbitrary File Upload http://blog.cmsmadesimple.org/2008/03/29/announcing-cms-made-simple-124/

March 10, 2008

Symantec - Altiris Deployment Server Escalation of Privileges http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html

February 06, 2008

Symantec - Altiris Notification Server Escalation of Privileges http://securityresponse.symantec.com/avcenter/security/Content/2008.02.06.html

Advisories From The Past

August 14, 2007

(MS07-045) - tlbinf32.dll ActiveX Vulnerabilityhttp://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx

July 10, 2007

(SUN-200071) - Java Web Start URL Parsinghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1

February 15, 2007

(LizardTech) - DjVu Browser Plug-in - Multiple Vulnerabilitieshttp://www.lizardtech.com/

February 13, 2007

(MS07-005) - Interactive Training Vulnerabilityhttp://www.microsoft.com/technet/security/bulletin/MS07-005.mspx

December 14, 2006

(Hilgraeve) - Hyper Access - Multiple Vulnerabilitieshttp://www.hilgraeve.com

December 12, 2006

(SiteKiosk) - SiteKiosk - FileSystem Accesshttp://www.sitekiosk.com/

December 11, 2006

(Adobe) - ColdFusion MX7 - Multiple Vulnerabilitieshttp://www.adobe.com

July 11, 2006

(MS06-034) - ASP.DLL Include File Overflowhttp://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx

June 19, 2006

(Skype) - URI Handling Vulnerabilityhttp://www.skype.com/security/skype-sb-2006-001.html

October 11, 2005

(MS05-049) - Webview Script Injectionhttp://www.microsoft.com/technet/security/Bulletin/MS05-049.mspx

September 07, 2005

(CSystems) - WebArchiveX - Unsafe Methods Vulnerabilityhttp://www.csystems.co.il/webarchivex/index.aspx

June 14, 2005

(MS05-031) - Interactive Training Vulnerabilityhttp://www.microsoft.com/technet/security/Bulletin/MS05-031.mspx

December 14, 2004

(MS04-043) - HyperTerminal Buffer Overflowhttp://www.microsoft.com/technet/security/bulletin/MS04-043.mspx

Novemeber 23, 2004

(Winamp) - Buffer Overflow in IN_CDDA.dllhttp://www.winamp.com

Novemeber 23, 2004

(Vandyke) - SecureCRT - Remote Command Executionhttp://www.vandyke.com/download/securecrt/index.html

October 12, 2004

(MS04-033) - Excel 2000 Buffer Overflowhttp://www.microsoft.com/technet/security/bulletin/MS04-033.mspx

October 12, 2004

(MS04-032) - SetWindowLong() Shatter Attackshttp://www.microsoft.com/technet/security/bulletin/ms04-032.mspx

July 13, 2004

(MS04-023) - HTML Help Heap Overflowhttp://www.microsoft.com/technet/security/bulletin/MS04-023.mspx

July 13, 2004

(MS04-022) - Task Scheduler Buffer Overflowhttp://www.microsoft.com/technet/security/bulletin/MS04-022.mspx

April 13, 2004

(MS04-011) - Utility Manager Privilege Escalationhttp://www.microsoft.com/technet/security/Bulletin/MS04-011.mspx

November 11, 2003

(MS03-051) - FrontPage Server Extensions Buffer Overflowhttp://www.microsoft.com/technet/security/bulletin/ms03-051.mspx

October 15, 2003

(MS03-045) - Buffer Overflow In ListBox and ComboBoxhttp://www.microsoft.com/technet/security/bulletin/ms03-045.mspx

July 16, 2003

(MS03-028) - ISA Server - Cross Site Scriptinghttp://www.microsoft.com/technet/security/bulletin/ms03-028.mspx

March 9, 2003

(MS03-022) - Windows Media Services ISAPI Buffer Overflow #2http://www.microsoft.com/technet/security/bulletin/ms03-022.mspx

May 28, 2003

(MS03-019) - Windows Media Services ISAPI Buffer Overflow #1http://www.microsoft.com/technet/security/bulletin/ms03-019.mspx

HOME

ABOUT US

OUR SERVICES

RELEASES

CONTACT US

VMWare - VirtualCenter User Account Disclosure
http://www.insomniasec.com/advisories/ISVA-080812.1.htm

(MS08-040) - Microsoft SQL Server Corrupt Backup File Heap Overflow
http://www.insomniasec.com/advisories/ISVA-080709.1.htm

Symantec - Altiris Notification Server Agent Privilege Escalation
http://www.insomniasec.com/advisories/ISVA-080623.1.htm

Symantec - Altiris Deployment Solution - SQL Injection
http://www.insomniasec.com/advisories/ISVA-080516.1.htm

Symantec - Altiris Deployment Solution - Domain Account Disclosure
http://www.insomniasec.com/advisories/ISVA-080516.2.htm

CMS Made Simple - Unauthenticated Arbitrary File Upload
http://blog.cmsmadesimple.org/2008/03/29/announcing-cms-made-simple-124/

Symantec - Altiris Deployment Server Escalation of Privileges
http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html

Symantec - Altiris Notification Server Escalation of Privileges
http://securityresponse.symantec.com/avcenter/security/Content/2008.02.06.html

(MS07-045) - tlbinf32.dll ActiveX Vulnerability
http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx

(SUN-200071) - Java Web Start URL Parsing
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1

(LizardTech) - DjVu Browser Plug-in - Multiple Vulnerabilities
http://www.lizardtech.com/

(MS07-005) - Interactive Training Vulnerability
http://www.microsoft.com/technet/security/bulletin/MS07-005.mspx

(Hilgraeve) - Hyper Access - Multiple Vulnerabilities
http://www.hilgraeve.com

(SiteKiosk) - SiteKiosk - FileSystem Access
http://www.sitekiosk.com/

(Adobe) - ColdFusion MX7 - Multiple Vulnerabilities
http://www.adobe.com

(MS06-034) - ASP.DLL Include File Overflow
http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx

(Skype) - URI Handling Vulnerability
http://www.skype.com/security/skype-sb-2006-001.html

(MS05-049) - Webview Script Injection
http://www.microsoft.com/technet/security/Bulletin/MS05-049.mspx

(CSystems) - WebArchiveX - Unsafe Methods Vulnerability
http://www.csystems.co.il/webarchivex/index.aspx

(MS05-031) - Interactive Training Vulnerability
http://www.microsoft.com/technet/security/Bulletin/MS05-031.mspx

(MS04-043) - HyperTerminal Buffer Overflow
http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx

(Winamp) - Buffer Overflow in IN_CDDA.dll
http://www.winamp.com

(Vandyke) - SecureCRT - Remote Command Execution
http://www.vandyke.com/download/securecrt/index.html

(MS04-033) - Excel 2000 Buffer Overflow
http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx

(MS04-032) - SetWindowLong() Shatter Attacks
http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx

(MS04-023) - HTML Help Heap Overflow
http://www.microsoft.com/technet/security/bulletin/MS04-023.mspx

(MS04-022) - Task Scheduler Buffer Overflow
http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx

(MS04-011) - Utility Manager Privilege Escalation
http://www.microsoft.com/technet/security/Bulletin/MS04-011.mspx

(MS03-051) - FrontPage Server Extensions Buffer Overflow
http://www.microsoft.com/technet/security/bulletin/ms03-051.mspx

(MS03-045) - Buffer Overflow In ListBox and ComboBox
http://www.microsoft.com/technet/security/bulletin/ms03-045.mspx

(MS03-028) - ISA Server - Cross Site Scripting
http://www.microsoft.com/technet/security/bulletin/ms03-028.mspx

(MS03-022) - Windows Media Services ISAPI Buffer Overflow #2
http://www.microsoft.com/technet/security/bulletin/ms03-022.mspx

(MS03-019) - Windows Media Services ISAPI Buffer Overflow #1
http://www.microsoft.com/technet/security/bulletin/ms03-019.mspx