TerraMedusa Security Advisories
TerraMedusa is the first Turkish firm that studied about information security and that announced the first information security announcement in the world security instutition (1999). Until today, TerraMedusa has announced more than 50 security announcements belonging to the producers like Microsoft, HP, Novell, AOL, Redhat. Within this context TerraMedusa is not just a consumer also a producer firm for the world information security institution.
Benefiting its customers by keeping the security weaknesses it discovered in its archive, TerraMedusa has over 70 zero-day weaknesses archive.
You can find some information security announcements of TerraMedusa below:
IBM X-Force
X-Force, the information security department of IBM does researches and advances about information security. By non-stop monitoring the security weaknesses and the dangerous data transfer over the internet, X force keeps and archive and shares it with its customers. On the data base of IBM X-Force there are a number of TerraMedusa information security announcements.
- HP AdvanceStack 10Base-T Switching Hub could allow an attacker to bypass authentication
- Red Hat Stronghold Secure Web server request for sample script could reveal path to Web root
- Novell GroupWise incorrect script variable argument path disclosure
- Polycom Video Conference System ViewStation a_security.htm plaintext passwords
- Essentia Web Server “dot dot” directory traversal
- Essentia Web Server long request denial of service
- Perception LiteServe could allow an attacker to access password protected files
- BadBlue could allow an attacker to access password protected files
- Enceladus Server Suite long CD command buffer overflow
- Hyperion FTP Server “dot dot” directory traversal
- Falcon Web Server could allow an attacker to access protected virtual directories
- Web Server 4 Everyone HTTP “Host:” field buffer overflow
- ScriptEase: Mini WebServer long HTTP request denial of service
- Web Server 4D plaintext passwords and usernames
- Lil’HTTP Server protected file access
- INweb Mail Server HELO command buffer overflow
- LocalWeb2000 users.lst file stores passwords in plain text
- LocalWeb2000 could allow an attacker to bypass protection and view restricted files
Common Vulnerabilities and Exposures
CVE (Common Vulnerabilities and Exposures) is a database that list the main security weaknesses sponsored by the USA Ministry of Internal Affairs. Many security announcements of TerraMedusa were published in the archives of CVE.
- Novell GroupWise Web Access Path Disclosure Vulnerability
- Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
- Essentia Web Server Directory Traversal Vulnerability
- Essentia Web Server DoS Vulnerability
- Liteserve Web Server Authorization Bypass Vulnerability
- BadBlue Web Server Protected File Access Vulnerability
- Enceladus Server Suite Buffer Overflow Vulnerability
- Hyperion Ftp Server Directory Traversal Vulnerability
- Falcon Web Server Authentication Circumvention Vulnerability
- BRS WebWeaver Web Server Protected File Access Vulnerability
- Liteserve Web Server Authorization Bypass Vulnerability
- Web Server 4 Everyone Host Field Denial of Service Vulnerability
- ScriptEase MiniWeb Server DoS Vulnerability
- Webserver 4D Weak Password Preservation Vulnerability
- BadBlue Web Server Protected File Access Vulnerability
- LilHTTP Web Server Protected File Access Vulnerability
- INweb Mail Server Denial of Service Vulnerability
- LocalWeb2000 Insecure Password Storage
- LocalWeb2000 Web Server Protected File Access Vulnerability
NIST National Vulnerability Database
NIST is an institution in the USA that set the standards of technology researches. It is financed by the USA Computer Emergency Action Institution US-CERT. National Vulnerability Database keeps the records of the database related with the national security of the USA.
- BRS WebWeaver Web Server Protected File Access Vulnerability
- Liteserve Web Server Authorization Bypass Vulnerability
- LocalWEB 2000 Insecure Password Storage
Symantec / Verisign
Verisign is an institution that gives service in many information security branches such as SSL, PKI.
After purchasing the iDefense Veridesign, it published announcements about the information security. By paying the expenses of the copyrights Veridesign purchased the right of usage of TerraMedusa’s announcements. Below, there are some of the security announcements.