Security Advisories

The Qualys Vulnerability and Malware Research Labs (VMRL) is tasked with the investigation of software packages to find new flaws. Once found, we work with the software owner to get the flaw registered (CVEs), and then we assist with the quickest resolution possible by providing detailed technical information, including proof of concept code.

This list of advisories provides insight into the specific vulnerabilities reported.

Jun 19, 2017

The Stack Clash

Accompanying exploits:
solaris_rsh.c
openbsd_at.c
netbsd_cve-2017-1000375.c
linux_offset2lib.c
linux_ldso_hwcap.c
linux_ldso_hwcap_64.c
linux_ldso_dynamic.c
freebsd_cve-2017-fgpu.c
freebsd_cve-2017-fgpe.c
freebsd_cve-2017-1085.c
May 30, 2017

Sudo's get_process_ttyname() for Linux (CVE-2017-1000367)

linux_sudo_cve-2017-1000367.c - accompanying Sudoer-to-root exploit
Mar 12, 2017

D-Link DIR-615 Router Multiple Vulnerabilities (CVE-2017-7404, CVE-2017-7405 and CVE-2017-7406)
Mar 10, 2017

Manage Engine OpManager Multiple Security Vulnerabilities
Feb 28, 2017

Session Fixation Vulnerability in Sophos Secure Web Appliance
Feb 22, 2017

Insecure CrossDomain.XML in D-Link DCS Series Cameras
Jan 12, 2017

Multiple Vulnerabilities in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x
Dec 6, 2016

Accellion FTP Multiple Security Vulnerabilities
Nov 2, 2016

Sensitive Information Disclosure Vulnerability in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x
Oct 26, 2016

Multiple Vulnerabilities in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x
Jun 10, 2016

Netgear D6000 and D3600 hard-coded cryptographic keys authentication bypass (CVE-2015-8288, CVE-2015-8289)
Jan 14, 2016

OpenSSH (CVE-2016-0777 and CVE-2016-0778)
Oct 15, 2015

LibreSSL (CVE-2015-5333 and CVE-2015-5334)
Oct 2, 2015

OpenSMTPD Audit Report (CVE TBA)
Jul 23, 2015

userhelper chfn() newline filtering and libuser passwd file handling (CVE-2015-3245 and CVE-2015-3246)

roothelper.c - an unusual local root exploit
Jan 27, 2015

GHOST: glibc gethostbyname buffer overflow vulnerability (CVE-2015-0235)
Feb 2, 2014

Foscam Dynamic DNS Predictable Credentials Vulnerability (CVE-2014-1849)
Jun 15, 2012

ModSecurity and ModSecurity Core Rule Set Multipart Bypasses
May 7, 2012

Memory Corruption when Apple Quicktime Parses .pct File (CVE-2012-0671)
May 7, 2012

Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2031)
May 7, 2012

Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2030)
May 7, 2012

Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2029)
May 7, 2012

Adobe Reader All Versions Memory Corruption - APB11-16 (CVE-2011-2098)
May 4, 2012

Apache Reverse Proxy Security Bypass Vulnerability (CVE-2011-4317)

Solutions +

Qualys Solutions

Subscription Packages

Platform +

Customers

Partners +

About +

Company

News & Events

Training & Support

Community

Search

Security Advisories

Subscription Packages

Qualys Solutions

Qualys Community

Company

Free Trial & Tools