|
|
Prev week |
Next week |
Colapse all |
Post message
[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks 2013-06-19 VSR Advisories (advisories vsecurity com) Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software 2013-06-19 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Advisory ID: cisco-sa-20130619-tpc Revision 1.0 For Public Release 2013 June 19 16:00 UTC (GMT) +---------------------------------------------------------- [ more ] [ reply ] Facebook critical design flaw 2013-06-19 jjshoe gmail com On or around September 27, 2012 I disclosed to Facebook through https://www.facebook.com/whitehat/report/ a critical design flaw in how users share photos using a URI. Once a URI is known the only action the user can take to hide the contents of a photo album is to delete the album. This means if yo [ more ] [ reply ] ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka ?Lucky Thirteen?) Vulnerability 2013-06-19 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-032: RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka ?Lucky Thirteen?) Vulnerability EMC Identifier: ESA-2013-032 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6 (AV:N/AC [ more ] [ reply ] ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities 2013-06-19 Security Alert (Security_Alert emc com) ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka ?Lucky Thirteen?) Vulnerability 2013-06-19 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka ?Lucky Thirteen?) Vulnerability EMC Identifier: ESA-2013-045 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I: [ more ] [ reply ] APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16 2013-06-18 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16 Java for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available and addresses the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 [ more ] [ reply ] Re: Apple and Wifi Hotspot Credentials Management Vulnerability 2013-06-17 Jeffrey Walton (noloader gmail com) On Mon, Jun 17, 2013 at 3:35 PM, Jeffrey Walton <noloader (at) gmail (dot) com [email concealed]> wrote: > > ... > It appears Apple Wifi hotspot passwords are generated using a wordlist > consisting of 1842 words. The authors built a customer cracker to aide > in recovery of the Wifi hotspot passwords. My bad. The application e [ more ] [ reply ] Apple and Wifi Hotspot Credentials Management Vulnerability 2013-06-17 Jeffrey Walton (noloader gmail com) This vulnerability was published to the OWASP Mobile Security list as a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See "Cracking iOS personal hotspots using a Scrabble crossword game word list," http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June /000640.htm [ more ] [ reply ] [SECURITY] [DSA 2710-1] xml-security-c security update 2013-06-18 Salvatore Bonaccorso (carnil debian org) FreeBSD Security Advisory FreeBSD-SA-13:06.mmap 2013-06-18 FreeBSD Security Advisories (security-advisories freebsd org) Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability 2013-06-18 Cantor, Scott (cantor 2 osu edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2156: Apache Santuario XML Security for C++ contains heap overflow while processing InclusiveNamespace PrefixList Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library ve [ more ] [ reply ] CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability 2013-06-18 Cantor, Scott (cantor 2 osu edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to V [ more ] [ reply ] CVE-2013-2155: Apache Santuario C++ denial of service vulnerability 2013-06-18 Cantor, Scott (cantor 2 osu edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2155: Apache Santuario XML Security for C++ contains denial of service and hash length bypass issues while processing HMAC signatures Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Securit [ more ] [ reply ] CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability 2013-06-18 Cantor, Scott (cantor 2 osu edu) CVE-2013-2153: Apache Santuario XML Security for C++ contains an XML Signature Bypass issue Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to V1.7.1 Description: The implementation of XML digital signature [ more ] [ reply ] [security bulletin] HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access 2013-06-17 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Document ID: c03787836 Version: 2 HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release D [ more ] [ reply ] Re: WordPress 3.5.1, Denial of Service 2013-06-13 Henri Salo (henri nerv fi) On Fri, Jun 07, 2013 at 06:29:48PM +0200, Krzysztof Katowicz-Kowalewski wrote: > Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php). The exploitation of this vulnerability is possible [ more ] [ reply ] LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine 2013-06-13 LSE Leading Security Experts GmbH \(Security Advisories\) (advisories lsexperts de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 === Avira AntiVir Engine -- Denial of Service / Filtering Evasion - ------------------------------------------------------------- Affected Versions ================= Avira AntiVir E [ more ] [ reply ] Slideware of recent presentations about IPv6 security 2013-06-12 Fernando Gont (fgont si6networks com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, FYI, the slideware of two recent presentations is available online: * "Security Assessment of IPv6 Networks and Firewalls", presented at the German IPv6 Kongress (http://www.ipv6-kongress.de/) in Frankfurt/Main, June 6-7, 2013. Slideware avail [ more ] [ reply ] SQL Injection in Dolphin 2013-06-12 advisory htbridge com Advisory ID: HTB23157 Product: Dolphin Vendor: BoonEx Vulnerable Version(s): 7.1.2 and probably prior Tested Version: 7.1.2 Vendor Notification: May 22, 2013 Vendor Patch: May 29, 2013 Public Disclosure: June 12, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2013-3638 Risk Le [ more ] [ reply ] Re: WordPress 3.5.1, Denial of Service 2013-06-11 Solar Designer (solar openwall com) Hi guys, I'll over-quote a little, then comment below: On Tue, Jun 11, 2013 at 08:55:21PM +0200, Peter Bex wrote: > On Fri, Jun 07, 2013 at 06:29:48PM +0200, Krzysztof Katowicz-Kowalewski wrote: > > Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service v [ more ] [ reply ] CORE-2013-0430 - Buffer overflow in Ubiquiti airCam RTSP service 2013-06-11 CORE Security Technologies Advisories (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com Buffer overflow in Ubiquiti airCam RTSP service 1. *Advisory Information* Title: Buffer overflow in Ubiquiti airCam RTSP service Advisory ID: CORE-2013-0430 Advisory URL: http://www.coresecurity.com/advisories/buffer-overflow-ubi [ more ] [ reply ] [security bulletin] HPSBMU02884 rev.1 - HP Service Manager and HP ServiceCenter, Cross Site Scripting (XSS) and Disclosure of Information 2013-06-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03784101 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03784101 Version: 1 HPSBMU02884 re [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
VSR Security Advisory
http://www.vsecurity.com/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=
Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attack
[ more ] [ reply ]