Vulnerability Research & Development

AISG discloses vulnerabilities scheduled for public release either through the various vulnerability purchasing programs, bug bounty programs, directly to US-CERT, or to the Full Disclosure mailing list. You may review these programs' disclosure policies by clicking on the appropriate links in the policy list below.


Full Disclosure

Date AISG ID CVE Disclosure Title Dossier Exploit
2012.08.16 AISG-12-004 Full Disclosure Red Star OS Local Privilege Escalation TBD TBD
2012.08.16 AISG-12-003 Full Dislcosure Red Star OS Local Privilege Escalation TBD TBD
2012.07.04 AISG-12-002 CVE-2012-2983 US-CERT Webmin Remote Arbitrary File Disclosure AISG-12-002.pdf TBD
2012.07.04 AISG-12-001 CVE-2012-2982 US-CERT Webmin Privileged Remote and Client-Side Command Execution AISG-12-001.pdf EH-12-473
2012.07.04 AISG-12-000 CVE-2012-2981 US-CERT Webmin Privileged Remote Code Execution AISG-12-000.pdf EH-12-645