Rapid7 Security Advisories

We release vulnerability reports as part of our ongoing research into computer security. Below are the public announcements made so far.

Advisories

R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability; Mar 10, 2008
R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities; Dec 6, 2007
R7-0030: Caucho Resin Multiple Path Disclosure Vulnerabilities; May 14, 2007; CVE-2007-2441
R7-0029: Caucho Resin Web Application Directory Traversal; May 14, 2007; CVE-2007-2440
R7-0028: Caucho Resin World Readable DOS Device; May 14, 2007; CVE-2007-2439
R7-0027: Denial-of-Service in the Xrender Extension's Trapezoid Drawing Routines; April 30, 2007; CVE-2007-2437
R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin; October 17, 2006
R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux; October 16, 2006
R7-0024: Caucho Resin Windows Directory Traversal Vulnerability; May 16, 2006; CVE-2006-1953
R7-0023: Symantec Scan Engine File Disclosure Vulnerability; Apr 21, 2006; CVE-2006-0232
R7-0022: Symantec Scan Engine Known Immutable DSA Private Key; Apr 21, 2006; CVE-2006-0231
R7-0021: Symantec Scan Engine Authentication Fundamental Design Error; Apr 21, 2006; CVE-2006-0230
R7-0020: Directory traversal vulnerability in WinAgents TFTP Server for Windows; August 17, 2005; CVE-2006-1952
R7-0019: Directory traversal vulnerability in SolarWinds TFTP Server for Windows; Apr 21, 2006: CVE-2006-1951
R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities; Mar 23, 2004: CVE ID: CAN-2004-0218, CAN-2004-0219, CAN-2004-0220, CAN-2004-0221, CAN-2004-0222
R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities; Mar 30, 2004: CVE ID: CAN-2004-0183, CAN-2004-0184
R7-0016: Sybase ASE 12.5 Remote Password Array Denial of Service; Nov 20, 2003: CVE ID: CAN-2003-0327
R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server; Jul 22, 2003: CVE ID: CAN-2003-0421, CAN-2003-0422, CAN-2003-0423, CAN-2003-0424, CAN-2003-0425, CAN-2003-0426, CAN-2003-0502
R7-0014: RSA SecurID ACE Agent Cross Site Scripting; Jun 18, 2003: CVE ID: CAN-2003-0389
R7-0013: Heap Corruption in Gaim-Encryption Plugin; Apr 11, 2003: CVE ID: CAN-2003-0163
R7-0012: Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression; Mar 12, 2003; CVE ID: CAN-2001-1311 (regression)
R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow; Mar 12, 2003; CVE ID: CAN-2003-0123
R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication; Mar 12, 2003; CVE ID: CAN-2003-0122
Lotus Notes/Domino vulnerabilities: impact and how to mitigate your risks; - Mar 06 2003
R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors; Dec 16, 2002; CVE ID: CAN-2002-1357/CAN-2002-1358/CAN-2002-1359/CAN-2002-1360, CERT CA-2002-36, CERT VU#389665
R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues; Oct 23, 2002; CVE ID: CAN-2002-1167/CAN-2002-1168, BID 6000/6001
R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service; Oct 23, 2002; CVE ID: CAN-2002-1169, BID 6002
R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service; Oct 9, 2002; CVE ID: CAN-2002-1118, BID 5678
R7-0005: Granite Software ZMerge Administration Database Insecure Default ACLs; Sep 6, 2002; CVE ID: CAN-2002-0664; BID 5101
R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues; Oct 2, 2002; CVE ID: CAN-2002-0370, CERT VU#383779
R7-0003: Nautilus Symlink Vulnerability; May 2, 2002; CVE ID: CAN-2002-0157; BID 4373
R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing; November 30, 2001; CVE ID: CAN-2001-0870; BID 3598
R7-0001: Alchemy Eye HTTP Remote Command Execution; November 29, 2001; CVE ID: CAN-2001-0871; BID 3599

Supporting Material

The example ZIP files associated with Rapid7 Advisory R7-0004 are available for download.