|
|
Colapse all |
Post message
[slackware-security] ruby (SSA:2013-136-02) 2013-05-16 Slackware Security Team (security slackware com) CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! 2013-05-17 S³awomir Jabs (slawomir jabs gmail com) Everything has a story, everything evolves, adapts to changing circumstances but does your IT Sec strategy evolve with the development of the digital world? Are you wiling to gamble on the security of you systems? Join the upcoming CONFidence conference and meet both renown speakers and specialist [ more ] [ reply ] [slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01) 2013-05-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01) New mozilla-thunderbird packages are available for Slackware64 13.37 and 14.0. These were accidentally omitted from the last upload. Here are the details from the Slackware [ more ] [ reply ] APPLE-SA-2013-05-16-1 iTunes 11.0.3 2013-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-05-16-1 iTunes 11.0.3 iTunes 11.0.3 is now available and addresses the following: iTunes Available for: Mac OS X v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: An attacker in a privileged network position may manipulate HT [ more ] [ reply ] ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability 2013-05-16 Security Alert (Security_Alert emc com) ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability 2013-05-16 Security Alert (Security_Alert emc com) [slackware-security] mozilla-thunderbird (SSA:2013-135-02) 2013-05-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2013-135-02) New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------- [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2013-135-01) 2013-05-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2013-135-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ p [ more ] [ reply ] Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability 2013-05-15 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability Advisory ID: cisco-sa-20130515-mse Revision 1.0 For Public Release 2013 May 15 16:00 UTC (GMT) +------------------------------------------------------ [ more ] [ reply ] Multiple Vulnerabilities in Exponent CMS 2013-05-15 advisory htbridge com Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Version(s): 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection [CWE- [ more ] [ reply ] [security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code 2013-05-15 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03714526 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03714526 Version: 3 HPSBUX02859 SS [ more ] [ reply ] File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities 2013-05-12 Vulnerability Lab (research vulnerability-lab com) ====== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/get_content.php?id=939 VL-ID: ===== 939 Common Vulnerability Scoring System: ==================================== 5.9 Introduction: ============ [ more ] [ reply ] Wifi Album v1.47 iOS - Command Injection Vulnerability 2013-05-12 Vulnerability Lab (research vulnerability-lab com) Title: ====== Wifi Album v1.47 iOS - Command Injection Vulnerability Date: ===== 2013-04-25 References: =========== http://www.vulnerability-lab.com/get_content.php?id=935 VL-ID: ===== 935 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ========= [ more ] [ reply ] Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities 2013-05-12 Vulnerability Lab (research vulnerability-lab com) Title: ====== Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities Date: ===== 2013-04-21 References: =========== http://www.vulnerability-lab.com/get_content.php?id=932 VL-ID: ===== 932 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: === [ more ] [ reply ] Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities 2013-05-12 Vulnerability Lab (research vulnerability-lab com) Title: ====== Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-26 References: =========== http://www.vulnerability-lab.com/get_content.php?id=883 VL-ID: ===== 883 Common Vulnerability Scoring System: ==================================== 6.2 Introduction: ====== [ more ] [ reply ] Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities 2013-05-12 Vulnerability Lab (research vulnerability-lab com) Title: ====== Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities Date: ===== 2013-04-27 References: =========== http://www.vulnerability-lab.com/get_content.php?id=934 VL-ID: ===== 934 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ==== [ more ] [ reply ] SimpleTransfer 2.2.1 - Command Injection Vulnerabilities 2013-05-12 Vulnerability Lab (research vulnerability-lab com) Title: ====== SimpleTransfer 2.2.1 - Command Injection Vulnerabilities Date: ===== 2013-05-03 References: =========== http://www.vulnerability-lab.com/get_content.php?id=937 VL-ID: ===== 937 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ======= [ more ] [ reply ] [RT-SA-2013-001] Advisory: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution 2013-05-13 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution During a penetration test a typical misconfiguration was found in the way Dovecot is used as a local delivery agent by Exim. A common use case for the Dovecot IMAP and POP3 server is the use of Dovecot [ more ] [ reply ] WASC Announcement: Static Analysis Technologies Evaluation Criteria Published 2013-05-10 announcements webappsec org The Web Application Security Consortium (WASC) is pleased to announce the Static Analysis Technologies Evaluation Criteria. The goal of the SATEC project is to create a vendor-neutral set of criteria to help guide application security professionals during the process of acquiring a static code analy [ more ] [ reply ] ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting (XSS) Vulnerability 2013-05-10 Security Alert (Security_Alert emc com) [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited 2013-05-10 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitte [ more ] [ reply ] [SECURITY] CVE-2013-2067 Session fixation with FORM authenticator 2013-05-10 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2067 Session fixation with FORM authenticator Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.32 - - Tomcat 6.0.21 to 6.0.36 Description: FORM authentication associates the most recent r [ more ] [ reply ] CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException 2013-05-10 Mark Thomas (markt apache org) CFP: Hacktivity 2013, October 11-12, Budapest, Hungary 2013-05-10 cfp hacktivity com Hi, Hacktivity is the largest IT Security Festival in CEE region which will be held between October 11-12, 2013 in Budapest, Hungary. Hacktivity traditionally brings together the official and alternative representatives of information security profession with all those interested in the area, in a [ more ] [ reply ] DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities 2013-05-09 ddivulnalert ddifrontline com Title ----- DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities Severity -------- High Date Discovered --------------- March 19, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Dennis Lavrinenko, Bobby Lockett, and r@b13$ 1. Actuate ' [ more ] [ reply ] ESA-2013-021: EMC Documentum Multiple Vulnerabilities 2013-05-09 Security Alert (Security_Alert emc com) Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued] 2013-05-08 Stefan Kanthak (stefan kanthak nexgo de) On Sunday, May 05, 2013 10:13 PM I wrote: > Hi @ll, > > Fujitsus <http://www.fsc-pc.de/> factory preinstallation (as > found on a Fujitsu Lifebook A512 purchased a month ago) of > Windows 8 Professional x64 (I'm VERY confident that other > variants of Fujitsu's Windows 8 factory installation are j [ more ] [ reply ] ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability 2013-05-09 Security Alert (Security_Alert emc com) Vulnerability in "Fujitsu Desktop Update" (for Windows) 2013-05-08 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Fujitsu's update utility "Fujitsu Desktop Update" (see <http://support.ts.fujitsu.com/DeskUpdate/Index.asp>), which is factory-preinstalled on every Fujitsu (Siemens) PC with Windows, has a vulnerability which allows the execution of a rogue program in the security context of the current us [ more ] [ reply ] [security bulletin] HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Cod 2013-05-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03360041 Version: 2 HPSBMU02786 SS [ more ] [ reply ] [security bulletin] HPSBUX02876 SSRT101148 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2013-05-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03750073 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03750073 Version: 1 HPSBUX02876 SS [ more ] [ reply ] [2.0 Update] Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability 2013-05-08 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability Advisory ID: cisco-sa-20121031-dcnm Revision 2.0 Last Updated 2013 May 08 16:00 UTC (GMT) For Public Release 2012 October 31 16:00 UTC (GMT) [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software 2013-05-08 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software Advisory ID: cisco-sa-20130508-cvp Revision 1.0 For Public Release 2013 May 8 16:00 UTC (GMT) +---------------------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery (CSRF) in UMI.CMS 2013-05-08 advisory htbridge com Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Version(s): 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2013 [ more ] [ reply ] SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager 2013-05-07 SEC Consult Vulnerability Lab (research sec-consult com) Apache VCL improper input validation 2013-05-06 Josh Thompson (jfthomps apache org) CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion o [ more ] [ reply ] ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities 2013-05-06 Security Alert (Security_Alert emc com) VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6 2013-05-06 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the current 3CXPhone6.msi (for Windows), available from <http://www.3cx.com/VOIP/sip-phone/>, digitally signed on 2012-07-30, installs the following outdated and vulnerable 3rd-party libraries: * libeay32.dll and ssleay32.dll version 0.9.8h (from 2008-05-28) of OpenSSL. The current ve [ more ] [ reply ] [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java 2013-05-06 Security Explorations (contact security-explorations com) Hello All, Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software [1]. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that four [ more ] [ reply ] Multiple Vulnerabilities in D-Link DSL-320B 2013-05-06 devnull s3cur1ty de Device: DSL-320B Firmware Version: EU_DSL-320B v1.23 date: 28.12.2010 Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/ds l-320b-adsl-2-ethernet-modem ============ Vulnerability Overview: ============ * Access to the Config file without authentication => full au [ more ] [ reply ] Multiple buffer overflows on Huawei SNMPv3 service 2013-05-06 roberto paleari emaze net Multiple buffer overflows on Huawei SNMPv3 service ================================================== [ADVISORY INFORMATION] Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits: Roberto Paleari (roberto.paleari (at) emaze (dot) net [email concealed], @rpalea [ more ] [ reply ] Vulnerability in Microsoft Security Essentials <v4.2 2013-05-04 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, versions of Microsoft Security Essentials before the current v4.2 (see <https://support.microsoft.com/kb/2805304>) have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account (almost like <https://support.microsoft.com/kb/2781197> a [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "CDisplayPointer" Use-after-free (MS13-028) 2013-05-03 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "CDisplayPointer" Use-after-free (MS13-028) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free (MS13-028) 2013-05-03 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free (MS13-028) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of [ more ] [ reply ] ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability 2013-05-02 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-028 EMC Identifier: NW147983 CVE Identifier: CVE-2013- 0940 Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Affected products [ more ] [ reply ] ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability 2013-05-02 Security Alert (Security_Alert emc com) ESA-2013-034: EMC Avamar Improper Authorization vulnerability 2013-05-02 Security Alert (Security_Alert emc com) NGS00415 Patch Notification: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) 2013-05-02 NCC Group Research (research nccgroup com) High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle Database 11g Impact: Null Pointer Dereference (Remote DoS) Versions affected: Oracle Database 11g Security patch information can be found at the following URL: [ more ] [ reply ] [SECURITY] [DSA 2664-1] stunnel4 security update 2013-05-02 Salvatore Bonaccorso (carnil debian org) NGS00423 Patch Notification: Oracle Retail Invoice Manager SQL Injection 2013-05-02 NCC Group Research (research nccgroup com) High Risk Vulnerability in Oracle Retail Central Office 1 May 2013 Andrew Davies of NCC Group has discovered a High risk vulnerability in Oracle Retail Central Office Impact: SQL Injection Versions affected: Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4 Security patch informat [ more ] [ reply ] NGS00416 Patch Notification: Oracle 11g TNS listener remote Invalid Pointer Read (pre-auth) 2013-05-02 NCC Group Research (research nccgroup com) High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle Database 11g Impact: Invalid pointer read (Remote DoS) Versions affected: Oracle Database 11g Security patch information can be found at the following URL: http [ more ] [ reply ] NGS00422 Patch Notification: Oracle Retail Integration Bus Manager Directory Traversal 2013-05-02 NCC Group Research (research nccgroup com) High Risk Vulnerability in Oracle Retail Integration Bus Manager 1 May 2013 Andrew Davies of NCC Group has discovered a High risk vulnerability in Oracle Retail Integration Bus Manager Impact: Directory traversal Versions affected: Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2 Secu [ more ] [ reply ] WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability 2013-05-02 admin elites0ft com The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE (XML eXternal Entity) processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C:\ named "test.txt", which [ more ] [ reply ] Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS 2013-05-01 advisory htbridge com Advisory ID: HTB23141 Product: GetSimple CMS Vendor: get-simple.info Vulnerable Version(s): 3.1.2 and probably prior Tested Version: 3.1.2 Vendor Notification: January 23, 2013 Vendor Patch: April 26, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Refere [ more ] [ reply ] SQL Injection in b2evolution 2013-05-01 advisory htbridge com Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Version(s): 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE- [ more ] [ reply ] [HITB-Announce] #HITB2013KUL Call for Papers 2013-05-01 Hafez Kamal (aphesz hackinthebox org) Hi everyone - This is a Call for Papers for the 11th annual HITB Security Conference in Malaysia, #HITB2013KUL which takes place on the 16th and 17th of October in Kuala Lumpur. Keynote speakers for the conference will be Joe Sullivan (Chief Security Officer, Facebook) and Andy Ellis (Chief Securit [ more ] [ reply ] Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution 2013-04-30 az bugreport subscriber gmail com Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution ============================= ==== General Information ==== ============================= == Executive Summary == The function TCPIP_IPV6_ProcessFragmentationHeader() does not correctly validate the "fragment offset" fi [ more ] [ reply ] [security bulletin] HPSBMU02872 SSRT101185 rev.1 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS) 2013-04-30 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03748875 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03748875 Version: 1 HPSBMU02872 SS [ more ] [ reply ] Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability 2013-04-30 demonalex 163 com Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812(Jun 15, 2009) Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 6.4, [ more ] [ reply ] WowzaMediaServer SecureToken bypass (and worse) 2013-04-30 Michal J. (wejn box cz) Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: By default all installations of WMS use four modules in their application's config file: base, properties, logging, flvplayback. I've found out that the `properties [ more ] [ reply ] WowzaMediaServer StorageDir escape (regression) 2013-04-30 Michal J. (wejn box cz) Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: In early 2009 I reported problem with processing of requests with relative paths. The issue surfaced again. In a nutshell, you can escape Applications StorageDir u [ more ] [ reply ] Personal File Share HTTP Server Remote Overflow Vulnerability 2013-04-30 demonalex 163 com Title: Personal File Share HTTP Server Remote Overflow Vulnerability Software : Personal File Share HTTP Server Software Version : UNKNOWN Vendor: http://www.srplab.com/ Vulnerability Published : 2013-04-28 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N [ more ] [ reply ] CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities 2013-04-29 CORE Security Technologies Advisories (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. *Advisory Information* Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL: http://www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vu [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED] 2013-04-29 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver 2013-04-29 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBMU02874 SSRT101184 rev.1 - HP Service Manager, Java Runtime Environment (JRE) Security Update 2013-04-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03748879 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03748879 Version: 1 HPSBMU02874 SS [ more ] [ reply ] [security bulletin] HPSBMU02873 SSRT101182 rev.1 - HP Service Manager, Apache Tomcat Security Update 2013-04-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03748878 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03748878 Version: 1 HPSBMU02873 SS [ more ] [ reply ] Cisco/Linksys E1200 N300 Reflected XSS 2013-04-29 Carl Benedict (theinfinitenigma gmail com) Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 (others currently untested) Version : 2.0.04 (others currently untested) Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict (theinfinitenigma) Product D [ more ] [ reply ] [KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability 2013-04-26 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------ Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability ------------------------------------------------------------------ [-] Software Link: http://www.joomla.org/ [-] Affected Versions: Version 3.0.3 and earlier 3. [ more ] [ reply ] EDSC 2013 CFP Open 2013-04-26 Michael Eddington (meddington gmail com) The EDSC 2013 CFP is open! EDSC is a new security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. http:/ [ more ] [ reply ] Hacking IPv6 networks training (slideware, upcoming trainings, etc.) 2013-04-26 Fernando Gont (fgont si6networks com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, We have posted part of the materials of the BRUCON 2012 edition of our "Hacking IPv6 Networks" IPv6 security training course. The slideware is available at: <http://www.si6networks.com/presentations/brucon2012/fgont-brucon2012-ha cking-ipv6-netwo [ more ] [ reply ] [security bulletin] HPSBPI02869 SSRT100936 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files 2013-04-25 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03744742 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03744742 Version: 1 HPSBPI02869 SS [ more ] [ reply ] [security bulletin] HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS) 2013-04-25 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03737200 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03737200 Version: 1 HPSBPI02868 SS [ more ] [ reply ] [security bulletin] HPSBMU02830 SSRT100889 rev.2 - HP Data Protector, Local Increase of Privilege 2013-04-25 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03570121 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03570121 Version: 2 HPSBMU02830 SS [ more ] [ reply ] Multiple Vulnerabilities in D'Link DIR-635 2013-04-25 devnull s3cur1ty de Device Name: DIR-635 Vendor: D-Link ============ Vulnerable Firmware Releases: ============ Firmwareversion: 2.34EU Hardware-Version: B1 Produktseite: DIR-635 ============ Vulnerability Overview: ============ * Stored XSS -> Status - WLAN -> SSID Injecting scripts into the parameter config [ more ] [ reply ] Borland Silk Central 12.1 TeeChart Pro Activex control AddSeries Remote Code Execution 2013-04-25 nospam gmail it Borland Silk Central 12.1 TeeChart Pro Activex control AddSeries Remote Code Execution ActiveX Settings: Binary path: C:\Program Files\Silk\Shared Files\teechart.ocx CLSID: {008BBE7E-C096-11D0-B4E3-00A0C901D681} ProgID: TeeChart.TChart Version: 4.0.0.7 Safe for Scripting (IObjectSafety): True Safe [ more ] [ reply ] Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows 2013-04-25 nospam gmail it Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows ActiveX settings: Binary path: C:\Program Files (x86)\Borland\CaliberRM\emsmtp.dll Version: 5.0.0.11 ProgID: EasyMail.SMTP.5 CLSID: {4610E7BF-710F-11D3-813D-00C04F6B92D0} Safe for Scripting: True Safe for Initialization: True Sub [ more ] [ reply ] Nginx ngx_http_close_connection function integer overflow 2013-04-25 safe3q gmail com (1 replies) Website: http://safe3.com.cn I. BACKGROUND --------------------- Nginx is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According [ more ] [ reply ] Re: Nginx ngx_http_close_connection function integer overflow 2013-04-25 Maxim Konovalov (maxim konovalov gmail com) (1 replies) Re: Nginx ngx_http_close_connection function integer overflow 2013-04-29 Maxim Konovalov (maxim konovalov gmail com) |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] ruby (SSA:2013-136-02)
New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix a security issue.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages
[ more ] [ reply ]