Documented Security Vulnerabilities

Security Vulnerabilities

In the fast paced world of cybersecurity, the list of vulnerabilities grows daily.  Researching, discovery, remediation, and patching is a never-ending cycle.  Keeping up with them can be an exhausting task, which is why we keep a list of document list of vulnerabilities:

.NET Framework | Apache | Cisco | DNS | Flash | HTTP | IIS | Microsoft | MSSQL | Netbios | NFS | Oracle | PHP | RPC | SMB | SMTP | SNMP | SQL | SSH | SSL | Telnet | VMware | Windows | xml 

Implementing offensive security as a layered tier of cybersecurity solutions is one of the best ways to stay ahead of retroactively patching and remediation.  With the right proactive security layers for static application security testing, dynamic application security testing, and vulnerability management security issues can be discovered before product deployment and help minimize remediation efforts, saving time and money.

Security Vulnerabilities Related to a .NET Framework

Here are known vulnerabilities for the .NET Framework, which are APIs that support advanced type systems, data, graphics, network, file handling that are used to write apps in the Microsoft Enterprise System.

• Finding and Fixing Vulnerabilities in .NET Framework Allows Code Execution (MS11-044) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in .NET Framework Allows Code Execution (MS11-028) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in .NET Framework Allows Code Execution (MS12-038) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in .NET Framework and Microsoft Silverlight Allow Code Execution (MS11-078) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in .NET Framework Allow Code Execution (MS12-035) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in NET Framework Allow Code Execution (MS12_074) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in .NET Framework and Microsoft Silverlight Allow Code Execution (MS12-016)

Security Vulnerabilities Related to Apache

These are known security vulnerabilities in versions of Apache HTTP Server.

• Finding and Fixing Vulnerabilities in Apache Tomcat Default Error Page Version Detection
• Finding and Fixing Vulnerabilities in Apache HTTP Server httpOnly Cookie Information Leak , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache APR apr_fnmatch DoS , a Medium Risk Vulnerability
• Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities Fix
• Apache mod_proxy_ajp DoS Vulnerability Fix
• Apache Running Version Prior to 2.2.22 Vulnerability Fix
• Finding and Fixing Vulnerabilities in Apache Running Version Prior to 2.2.23 , a Medium Risk Vulnerability
• Vulnerabilities in Apache HTTP Server Byte Range DoS Fix
• Finding and Fixing Vulnerabilities in Apache Running Version Prior to 2.2.27 , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache Running Version Prior to 2.2.24 , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache Running Version Prior to 2.2.28, a High Risk Vulnerability
• Finding and Fixing Apache APR apr_palloc Heap Overflow, a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache UserDir Sensitive Information Disclosure , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache HTTP Server Range Header Denial of Service Vulnerability (DoS) , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache Tomcat Transfer-Encoding Header Vulnerability , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache HTTP Server httpOnly Cookie Information Disclosure , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache Jakarta Cross-Site Scripting Vulnerability , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache mod_suexec Multiple Privilege Escalation , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Apache Running Version Prior to 2.2.25 , a Medium Risk Vulnerability

Security Vulnerabilities Related to Cisco

• Finding and Fixing Vulnerability in Cisco IOS Software Processing of SAA Packets Flaw , a High Risk Vulnerability
• Finding and Fixing Cisco SSH Malformed Packet DoS Vulnerability, a High Risk Vulnerability

Security Vulnerabilities Related to DNS

• Finding and Fixing Vulnerabilities in DNS Amplification , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in DNS Server Allows Recursive Queries
• Finding and Fixing Vulnerabilities in DNS Bypass Firewall Rules (UDP 53) , a Low Risk Vulnerability

Security Vulnerabilities Related to Flash

Here’s a list of Flash security vulnerabilities.

• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.51 / 11.5.502.149 (APSB13-05) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.24 / 11.4.402.279 (APSB12-22) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.2.152.26 (APSB11-02) , a High Risk Vulnerability
• Finding and Fixing Vulnerability in Flash Player Multiple Memory Corruption Vulnerabilities (APSB12-07), a High Risk Vulnerability
• Flash Player Running Version Prior to 10.3.183.48 / 11.5.502.135 (APSB13-01) Vulnerability Fix
• Flash Player Object Confusion Vulnerability (APSB12-09) Fix
• Flash Player Running Version Prior to 10.3.183.23 / 11.4.402.265 (APSB12-19) Vulnerability Fix
• Finding and Fixing Vulnerabilities in Flash Player Unspecified Memory Corruption (APSA11-01) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Adobe Flash Player Multiple Vulnerabilities (ASPB10-14) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player ActionScript Predefined Class Prototype Addition Code Execution (APSB11-07) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.5 (APSB11-21) , a High Risk Vulnerability
• Flash Cross-Domain Policy File Vulnerability Fix
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.67 / 11.6.602.171 (APSB13-08) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Versions Prior to 10.3.183.10 / 11.0.1.152 (APSB11-28) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Unspecified Code Execution (APSB10-22) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.43 / 11.5.502.110 (APSB12-24) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-11)
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.181.26 (APSB11-18) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.19 / 11.3.300.256 (APSB12-14) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.43 / 11.5.502.110 (APSB12-27) a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.50 / 11.5.502.146 (APSB13-04), a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in , Flash Player Running Version Prior to 10.3.183.7 (APSB11-26) a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Adobe Flash Player Multiple Vulnerabilities (APSB10-26) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.68 / 11.6.602.180 (APSB13-09) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.181.14 (APSB11-12) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Memory Corruption (APSB13-16) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-14) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 11.7.700.232 / 11.8.800.94 (APSB13-17) , a High Risk Vulnerability

Security Vulnerabilities Related to HTTP/HTTPS

Here is a list of security vulnerabilities related to HTTP/HTTPS.

• Finding and Fixing Vulnerability in HTTP.sys Allows Remote Code Execution (MS15-034, Network Check), a High Risk Vulnerability
• HTTP Server Backported Security Patches Vulnerability Fix
• Finding and Fixing Vulnerabilities in Appweb HTTP Server Version , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in HTTP Packet Inspection , a Low Risk Vulnerability
• Finding and Fixing the HTTP TRACE Method XSS Vulnerability (CVE-2010-0386)
• Finding and Fixing Vulnerabilities in HSTS Missing From HTTPS Server, a Medium Risk Vulnerability

Security Vulnerabilities Related to IIS

This is a list of known security vulnerabilities for IIS.

• Finding and Fixing Vulnerabilities in IIS Content-Location HTTP Header , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsoft IIS Default Page , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsoft IIS Tilde Character Information Disclosure Vulnerability , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in IIS Sensitive Authentication Information Disclosure

Security Vulnerabilities Related to Microsoft

Here is a list of known Microsoft security vulnerabilities.

• Microsoft Malware Protection Engine Allows Code Execution (KB2846338) Vulnerability Fix
• Finding and Fixing .NET Framework and Microsoft Silverlight Allows Code Execution (MS11-039), a High Risk Vulnerability
• Microsoft Malware Protection Engine (MMPE) Privilege Escalation (2491888) Vulnerability Fix
• Microsoft Windows Kernel Win32k.sys PATHRECORD chain Vulnerability Fix
• Microsoft .NET Handlers Enumeration Vulnerability Fix
• Microsoft ASP.NET Information Disclosure Vulnerability (Network, MS10-070) Scanner and Fix

Security Vulnerabilities Related to MSSQL

• Finding and Fixing Vulnerabilities in MS SQL Server Resolution Service Amplification Reflected DRDoS , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsoft SQL Server Allows Code Execution (MS09-004, KB959420) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsofts SQL UDP Info Query , a Low Risk Vulnerability

Security Vulnerabilities Related to Netbios

• Finding and Fixing Vulnerabilities in NetBIOS Information Retrieval , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in Windows Host NetBIOS to Information Retrieval , a Low Risk Vulnerability

Security Vulnerabilities Related to NFS

Here is a list of known security vulnerabilities for NFS.

• Finding and Fixing Vulnerabilities in NFS Shares World Readable
• Finding and Fixing Vulnerabilities in NFS Server Superfluous , a Medium Risk Vulnerability
• Finding and Fixing Mountable NFS Shares, a High Risk Vulnerability

Security Vulnerabilities Related to Oracle

Here is a list of known security vulnerabilities related to Oracle.

• Oracle tnslsnr Version Detection Vulnerability Fix
• Finding and Fixing Vulnerabilities in Oracle Java SE Multiple Vulnerabilities (June 2011 CPU) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) , a High Risk Vulnerability

Security Vulnerabilities Related to PHP

A list of PHP-related known security vulnerabilities.

• Finding and Fixing Vulnerabilities in PHP expose_php Information Disclosure
• Finding and Fixing Vulnerabilities in PHP Unsupported Version Detection, a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in PHP Running Version Prior to 5.3.22 , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in PHP-CSL Cross Site Scripting , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in PHP Running Version Prior to 5.3.26 , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in phpCMS parser.php XSS , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in PHP Running Version Prior to 5.4.17 , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in PHP Running Version Prior to 5.3.13 , a High Risk Vulnerability
• Finding and Fixing Vulnerability in PHP Running Version Prior to 5.3.2 / 5.2.13
• Finding and Fixing Vulnerabilities in PHP CGI Query String Code Execution , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in PHP Running Version Prior to 5.3.14 , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in PHP Running Version Prior to 5.3.13 , a High Risk Vulnerability
• Finding and Fixing Vulnerability in PHP Running Version Prior to 5.3.15 , a High Risk Vulnerability

Security Vulnerabilities Related to RPC

Here is a list of security vulnerabilities related to RPC.

• Finding and Fixing Vulnerabilities in RPC Portmapper , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in statd RPC Format String , a High Risk Vulnerability

Security Vulnerabilities Related to SMB

Here is a list of known security vulnerabilities for SMB.

• Finding and Fixing SMB Signing Disabled Vulnerability
• Finding and Fixing Vulnerabilities in NULL Session Available (SMB), a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsoft Windows SMB Shares Unprivileged Access , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SMB Listens on Port
• Finding and Fixing Vulnerabilities in SMB Shares Enumeration , a Medium Risk Vulnerability
• Finding and Fixing Vulnerability in Microsoft Windows SMB2 _Smb2ValidateProviderCallback() Vulnerability (MS09-050, Network Check) , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Database Reachable from the Internet , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SMB Users Listing , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SMB Use Host SID to Enumerate Local Users Without Credentials , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SMB Host SID User Enumeration , a Medium Risk Vulnerability

Security Vulnerabilities Related to SMTP

Here is a known list of security vulnerabilities for SMTP.

• Finding and Fixing Vulnerabilities in SMTP Server Listening on a Non-Default Port , a Medium Risk Vulnerability
• SMTP Authentication Methods Vulnerability Fix
• Finding and Fixing Vulnerabilities in SMTP Server Listening on a Non-Default Port , a Medium Risk Vulnerability
• SMTP Service STARTTLS Command Support Vulnerability Fix
• Finding and Fixing Vulnerabilities in SMTP Service Cleartext Login Permitted , a Medium Risk Vulnerability

Security Vulnerabilities Related to SNMP

This is a list of known security vulnerabilities related to SNMP.

• Finding and Fixing Vulnerabilities in SNMP Agent Default Community Name (public), a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SNMP Protocol Version Detection , a Low Risk Vulnerability
• Finding and Fixing Vulnerability in SNMP Disclosure of HP JetDirect EWS Password , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Enumerate LANMAN Users via SNMP , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Enumerate LANMAN Services via SNMP , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Enumerate LANMAN Shares via SNMP , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SNMP Route Enumeration , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in Obtain Processes List via SNMP , a Medium Risk Vulnerability

Security Vulnerabilities Related to SQL

Here’s a list of known security vulnerabilities for SQL.

• Finding and Fixing Vulnerabilities in SQL Injection, a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in SQL Server Allows Elevation of Privilege (MS12-070, Network), a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsoft SQL Server Blank Password , a High Risk Vulnerability

Security Vulnerabilities Related to SSH

These are a list of known security vulnerabilities for SSH.

• Finding and Fixing Vulnerabilities in SSH Protocol Version 1 Detection , a Medium Risk Vulnerability
• Finding and Fixing Vulnerability in OpenSSH Running Version Prior to 7.0 , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in OpenSSH ForceCommand Directive Bypass , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in OpenSSH S/KEY Authentication Account Enumeration , a Medium Risk Vulnerability
• Finding and Fixing OpenSSH Privilege Separation Monitor Weakness, a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in OpenSSH X11 Session Hijacking Vulnerability , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SSH Server Backported Security Patches , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in OpenSSH Multiple Vulnerabilities , a Medium Risk Vulnerability

Security Vulnerabilities Related to SSL

Here is a list of security vulnerabilities that are known in SSL.

• Finding and Fixing Vulnerabilities in SSL Verification Test , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in SSL Suites Weak Ciphers, a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SSL Certificate is a Self Signed, a Medium Risk Vulnerability
• Finding and Fixing SSL RC4 Cipher Suites Supported Vulnerability
• Finding and Fixing Vulnerabilities in SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE) , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Non-SSL Login , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in SSL Certificate Expiry , a Medium Risk Vulnerability
• OpenSSL Heartbeat Vulnerability (Heartbleed) Vulnerability Fix
• Finding and Fixing Vulnerabilities in OpenSSL Running Version Prior to 0.9.8za , a Medium Risk Vulnerability
• OpenSSL Running Version Prior to 0.9.8zf Vulnerability Fix
• Deprecated SSL Protocol Usage Vulnerability Fix
• Finding and Fixing Vulnerabilities in OpenSSL Running Version Prior to 1.0.1i , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Appweb Insecure SSL Renegotiation , a Medium Risk Vulnerability
• Finding and Fixing OpenSSL Running Version Prior to 0.9.8zc POODLE, a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in Supported SSL Ciphers Suites , a Low Risk Vulnerability

Security Vulnerabilities Related to Telnet

Here is a list of security vulnerabilities that pertain to Telnet.

• Finding and Fixing Vulnerabilities in Telnet Detection , a Low Risk Vulnerability
• Finding and Fixing Vulnerabilities in Unencrypted Telnet Server , a Medium Risk Vulnerability

Security Vulnerabilities Related to VMware

This is a list of security vulnerabilities that are known in VMware.

• Finding and Fixing Vulnerabilities in VMware ESXi 3.5 , a High Risk Vulnerability
• Finding and Fixing Vulnerabilities in VMWare Host Detection , a Low Risk Vulnerability

Security Vulnerabilities Related to VNC

Here is a list of security vulnerabilities related to VNC.

• Finding and Fixing Vulnerabilities in VNC Server Authentication-less , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in VNC Security Types Detection

Security Vulnerabilities Related to Windows

These are a known security vulnerabilities that pertain to Windows.

• Finding and Fixing Vulnerabilities in Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
• Windows Terminal Service Detection Vulnerability Fix
• Finding and Fixing Vulnerabilities in Windows Kernel-Mode Drivers Allow Elevation of Privilege (MS12-047), a High Risk Vulnerability
• Finding and Fixing Microsoft Windows HTTP.sys Code Execution, a High Risk Vulnerability

Security Vulnerabilities Related to XML

Here is a list of security vulnerabilities related to XML.

• Finding and Fixing Vulnerabilities in Unsupported Microsoft XML Parser (MSXML) and XML Core Services , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsoft XML Core Services Allow sCode Execution (MS07-042) , a Medium Risk Vulnerability
• Finding and Fixing Vulnerabilities in Microsoft XML Core Services Allows Code Execution (KB2719615) , a High Risk Vulnerability