Security Center

Rapid7 Advisory Archive

Rapid7 Security Advisories Archive

We release vulnerability reports as part of our ongoing research into computer security. Below are the public announcements made so far.

Archived Advisories

Oct17: R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin

Oct16: R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux

May16: R7-0024: Caucho Resin Windows Directory Traversal Vulnerability, CVE-2006-1953

Apr21: R7-0023: Symantec Scan Engine File Disclosure Vulnerability, CVE-2006-0232

Apr21: R7-0022: Symantec Scan Engine Known Immutable DSA Private Key, CVE-2006-0231

Apr21: R7-0021: Symantec Scan Engine Authentication Fundamental Design Error, CVE-2006-0230

Aug17: R7-0020: Directory traversal vulnerability in WinAgents TFTP Server for Windows, CVE-2006-1952

Apr21: R7-0019: Directory traversal vulnerability in SolarWinds TFTP Server for Windows, CVE-2006-1951

Mar23: R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities, CVE ID: CAN-2004-0218, CAN-2004-0219, CAN-2004-0220, CAN-2004-0221, CAN-2004-0222

Mar30: R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities, CVE ID: CAN-2004-0183, CAN-2004-0184

Nov20: R7-0016: Sybase ASE 12.5 Remote Password Array Denial of Service, CVE ID: CAN-2003-0327

Jul22: R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server, CVE ID: CAN-2003-0421, CAN-2003-0422, CAN-2003-0423, CAN-2003-0424, CAN-2003-0425, CAN-2003-0426, CAN-2003-0502

June18: R7-0014: RSA SecurID ACE Agent Cross Site Scripting, CVE ID: CAN-2003-0389

Apr11: R7-0013: Heap Corruption in Gaim-Encryption Plugin, CVE ID: CAN-2003-0163

Mar12: R7-0012: Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression, CVE ID: CAN-2001-1311 (regression)

Mar12: R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow, CVE ID: CAN-2003-0123

Mar12: R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication, CVE ID: CAN-2003-0122

Mar06: Lotus Notes/Domino vulnerabilities: impact and how to mitigate your risks

Dec16: R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors, CVE ID: CAN-2002-1357/CAN-2002-1358/CAN-2002-1359/CAN-2002-1360, CERT CA-2002-36, CERT VU#389665

Oct23: R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues, CVE ID: CAN-2002-1167/CAN-2002-1168, BID 6000/6001

Oct23: R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service, CVE ID: CAN-2002-1169, BID 6002

Oct09: R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service, CVE ID: CAN-2002-1118, BID 5678

Sep06: R7-0005: Granite Software ZMerge Administration Database Insecure Default ACLs, CVE ID: CAN-2002-0664; BID 5101

Oct02: R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues, CVE ID: CAN-2002-0370, CERT VU#383779

May02: R7-0003: Nautilus Symlink Vulnerability, CVE ID: CAN-2002-0157; BID 4373

Nov30: R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing, CVE ID: CAN-2001-0870; BID 3598

Nov29: R7-0001: Alchemy Eye HTTP Remote Command Execution, CVE ID: CAN-2001-0871; BID 3599

Supporting Material

The example ZIP files associated with Rapid7 Advisory R7-0004 are available for download.

Related Resources
Advisories Archieve

Most Read

Most Downloaded

Press Releases

Copyright © 2012 Rapid7 ® All Rights Reserved.
Legal
Privacy Policy
Disclosure Policy
Site Map