Security Advisories
Cynops-Mitarbeiter haben Sicherheitslücken in diversen Softwareprodukten gefunden und im Rahmen eines responsible disclosure Prozesses in entsprechenden Security Advisories veröffentlicht. Hier finden Sie eine Zusammenstellung der Advisories:
- 29.09.2008: AKLINK-SA-2008-007: CAcert — non-persistent cross-site scripting
- 28.05.2008: CVE-2007-6521: Opera — heap-based buffer overflow
- 02.04.2008: CVE-2008-0555: Apache-SSL — minor memory disclosure
- 01.04.2008: X.509 over HTTP Advisories und Whitepaper (Presse: Heise Newsticker)
- 13.02.2008: CVE-2008-0556: OpenCA — Cross Site Request Forgery (Presse: Heise Newsticker)
- 07.09.2007: CVE-2007-4879: Firefox 2.0.x, 1.5 — automatic installation of TLS client certificates (Presse: Heise Newsticker)
- 27.08.2007: CVE-2007-3871: Stampit Web — Denial of Service (Presse: Heise Newsticker, Spiegel Online)
- 10.04.2007: CVE-2007-1363 / -1364: DropAFew — Multiple vulnerabilities (SQL injection, authorization issue)
- 20.03.2007: CVE-2007-1465: dproxy — remotely exploitable buffer overflow
Note that a MetaSploit exploit module (dproxy.pm) exists, but according to German legislation Cynops is no longer allowed to distribute it. Please see this article for details. - 23.09.2004: CAN-2004-0787: OpenCA — Cross Site Scripting