|
|
Colapse all |
Post message
[security bulletin] HPSBMU02830 SSRT100889 rev.2 - HP Data Protector, Local Increase of Privilege 2013-04-25 security-alert hp com Multiple Vulnerabilities in D'Link DIR-635 2013-04-25 devnull s3cur1ty de Device Name: DIR-635 Vendor: D-Link ============ Vulnerable Firmware Releases: ============ Firmwareversion: 2.34EU Hardware-Version: B1 Produktseite: DIR-635 ============ Vulnerability Overview: ============ * Stored XSS -> Status - WLAN -> SSID Injecting scripts into the parameter config [ more ] [ reply ] Borland Silk Central 12.1 TeeChart Pro Activex control AddSeries Remote Code Execution 2013-04-25 nospam gmail it Borland Silk Central 12.1 TeeChart Pro Activex control AddSeries Remote Code Execution ActiveX Settings: Binary path: C:\Program Files\Silk\Shared Files\teechart.ocx CLSID: {008BBE7E-C096-11D0-B4E3-00A0C901D681} ProgID: TeeChart.TChart Version: 4.0.0.7 Safe for Scripting (IObjectSafety): True Safe [ more ] [ reply ] Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows 2013-04-25 nospam gmail it Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows ActiveX settings: Binary path: C:\Program Files (x86)\Borland\CaliberRM\emsmtp.dll Version: 5.0.0.11 ProgID: EasyMail.SMTP.5 CLSID: {4610E7BF-710F-11D3-813D-00C04F6B92D0} Safe for Scripting: True Safe for Initialization: True Sub [ more ] [ reply ] Nginx ngx_http_close_connection function integer overflow 2013-04-25 safe3q gmail com (1 replies) Website: http://safe3.com.cn I. BACKGROUND --------------------- Nginx is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According [ more ] [ reply ] Re: Nginx ngx_http_close_connection function integer overflow 2013-04-25 Maxim Konovalov (maxim konovalov gmail com) [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin 2013-04-24 come2waraxe yahoo com [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin ======================================================================== ======= Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software: ~ [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Product 2013-04-24 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco NX-OS-Based Products Advisory ID: cisco-sa-20130424-nxosmulti Revision 1.0 For Public Release 2013 April 24 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Computing System 2013-04-24 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco Unified Computing System Advisory ID: cisco-sa-20130424-ucsmulti Revision 1.0 For Public Release 2013 April 24 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ====== [ more ] [ reply ] Cisco Security Advisory: Cisco Device Manager Command Execution Vulnerability 2013-04-24 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Device Manager Command Execution Vulnerability Advisory ID: cisco-sa-20130424-fmdm Revision 1.0 For Public Release 2013 April 24 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco [ more ] [ reply ] [ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver 2013-04-24 ESNC Security (secure esnc de) [ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact ----------------- [ more ] [ reply ] Cisco/Linksys HTTP Service Remote DoS (Denial of Service) 2013-04-24 Carl Benedict (theinfinitenigma gmail com) Summary -------------------- Software : Cisco/Linksys Router OS Hardware : WRT310N v2 (others currently untested) Version : 2.0.00 (others currently untested) Website : http://www.linksys.com Issue : Remote Denial of Service Severity : High Researcher: Carl Benedict (theinfinitenigma) [ more ] [ reply ] [security bulletin] HPSBHF02865 SSRT101158 rev.1 - HP ElitePad 900, Secure Boot Configuration Inconsistency 2013-04-23 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03727435 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03727435 Version: 1 HPSBHF02865 SS [ more ] [ reply ] Multiple Vulnerabilities in D'Link DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A 2013-04-22 devnull s3cur1ty de Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele ... DIR-615: http://www.dlink.com/de/de/support/product/dir-615-wireless-n-300-r [ more ] [ reply ] [SQLi] vBilling for FreeSWITCH 2013-04-22 MichaÅ? BÅ?aszczak (blaszczakm gmail com) vBilling for FreeSWITCH. http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html Michal Blaszczak 1) SQL Injection reset password any SIP account file: controllers/customer.php $sql2 = "UPDATE directory_params SET param_value = '".$new_password."' WHERE directory_id = '".$record_id." [ more ] [ reply ] 44Café 23rd April details 2013-04-22 Steve (steve 44con com) ---- 44Café: The vendor-free event returns tomorrow! 44Café is the free vendor-free one-day event taking place upstairs at O'Neill's, 326 Earl's Court Road, London on the 23rd of April. We'll have talks, beer and free bacon butties to give away. If you're tired of vendors at the main exhibition [ more ] [ reply ] [SE-2012-01] Yet another Reflection API flaw affecting Oracle's Java SE 2013-04-22 Security Explorations (contact security-explorations com) Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 (including the recently released 1.7.0_21-b11). It ca [ more ] [ reply ] Re: SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption 2013-04-19 SEC Consult Vulnerability Lab (research sec-consult com) TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation 2013-04-18 Trustwave Advisories (TrustwaveAdvisories trustwave com) Trustwave SpiderLabs Security Advisory TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation https://www.trustwave.com/spiderlabs/advisories/TWSL2013-004.txt Published: 04/18/13 Version: 1.0 Vendor: Cisco (www.cisco.com) Product: ASA (Adaptive Security Appliance) Versions [ more ] [ reply ] VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) 2013-04-18 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion Code Execution (CVE-2013-2555) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that d [ more ] [ reply ] [SECURITY] [DSA 2661-1] xorg-server security update 2013-04-17 Yves-Alexis Perez (corsac debian org) Cisco Security Advisory: Cisco TelePresence Infrastructure Denial of Service Vulnerability 2013-04-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco TelePresence Infrastructure Denial of Service Vulnerability Advisory ID: cisco-sa-20130417-tpi Revision 1.0 For Public Release 2013 April 17 16:00 UTC (GMT) +--------------------------------------------------------- [ more ] [ reply ] VUPEN Security Research - Oracle Java JavaFX Video Frame Decoding Remote Heap Overflow (Pwn2Own 2013) 2013-04-18 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Oracle Java JavaFX Video Frame Decoding Remote Heap Overflow (Pwn2Own 2013) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global [ more ] [ reply ] Cisco Security Advisory: Cisco Network Admission Control Manager SQL Injection Vulnerability 2013-04-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Network Admission Control Manager SQL Injection Vulnerability Advisory ID: cisco-sa-20130417-nac Revision 1.0 For Public Release 2013 April 17 16:00 UTC (GMT) +------------------------------------------------------- [ more ] [ reply ] DC4420 - London DEFCON - April meet - Tuesday 23rd April 2013 2013-04-18 Major Malfunction (majormal pirate-radio org) Whether you're coming to town next week for London Infosec or BSides, or you're in the smoke anyway, come and join us for what is normally our busiest and most entertaining night of the year... This time should be no exception: we have managed to retain our normal venue - The Phoenix - and we ha [ more ] [ reply ] SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption 2013-04-17 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20130417-2 :: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server 2013-04-17 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey 2013-04-17 SEC Consult Vulnerability Lab (research sec-consult com) SI6 Networks' IPv6 Toolkit v1.3.4 released! 2013-04-17 Fernando Gont (fgont si6networks com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, We have just released SI6 Networks' IPv6 Toolkit v1.3.4: a security assessment and troubleshooting toolkit for the IPv6 protocol suite. The toolkit is available at: <http://www.si6networks.com/tools/ipv6toolkit>, where you can find a the usual [ more ] [ reply ] Multiple Vulnerabilities in KrisonAV CMS 2013-04-17 advisory htbridge com Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Version(s): 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79], C [ more ] [ reply ] APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 2013-04-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 [ more ] [ reply ] APPLE-SA-2013-04-16-1 Safari 6.0.4 2013-04-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-04-16-1 Safari 6.0.4 Safari 6.0.4 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to an [ more ] [ reply ] Open-Xchange Security Advisory 2013-04-17 2013-04-17 Martin Braun (martin braun open-xchange com) Open-Xchange Security Advisory (multiple vulnerabilities) Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provide [ more ] [ reply ] [ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control 2013-04-16 ESNC Security (secure esnc de) [ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control Please refer to www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact ------------------------------ [ more ] [ reply ] Sitecom WLM-3500 backdoor accounts 2013-04-16 roberto paleari emaze net Sitecom WLM-3500 backdoor accounts ================================== [ADVISORY INFORMATION] Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits: Roberto Paleari (roberto.paleari (at) emaze (dot) net [email concealed], @rpaleari) Advisory URL: http://blog.emaze.net/2013/0 [ more ] [ reply ] [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services 2013-04-16 ESNC Security (secure esnc de) [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services Please refer to www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact -------------------------- [ more ] [ reply ] [ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution 2013-04-16 ESNC Security (secure esnc de) [ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution Please refer to www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact --------------------------------- [ more ] [ reply ] [SE-2012-01] Details of issues fixed by Java SE 7 Update 21 2013-04-16 Security Explorations (contact security-explorations com) (1 replies) Hello All, Today, Oracle released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60). Our original vulnerability reports and Proof of Concept codes for these and some previously disclos [ more ] [ reply ] Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21 2013-04-17 Security Explorations (contact security-explorations com) [security bulletin] HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities 2013-04-15 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03734195 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03734195 Version: 1 HPSBUX02866 SS [ more ] [ reply ] DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal 2013-04-15 ddivulnalert ddifrontline com Title ----- DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal Severity -------- High Discovered By ------------- Evan Sylvester and r@b13$ Date Discovered --------------- February 19, 2013 Vulnerability Description ------------------------- The Dell EqualLogic PS6110X is vulnerable to a [ more ] [ reply ] Remote command injection in Ruby Gem kelredd-pruview 0.3.8 2013-04-11 larry0 me com Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar 4/4/2013 @_larry0 Description: "A gem to ease generating image previews (thumbnails) of various files." https://rubygems.org/gems/kelredd-pruview Remote commands can be executed if the file name contains shell meta ch [ more ] [ reply ] MacOSX 10.8.3 ftpd Remote Resource Exhaustion 2013-04-11 submit cxsec org MacOSX 10.8.3 ftpd Remote Resource Exhaustion Maksymilian Arciemowicz http://cxsecurity.com/ http://cvemap.org/ Public Date: 01.02.2013 http://cxsecurity.com/cveshow/CVE-2010-2632 http://cxsecurity.com/cveshow/CVE-2011-0418 --- 1. Description --- Old vulnerability in libc allow to denial of servic [ more ] [ reply ] [SECURITY] [DSA 2659-1] libapache-mod-security security update 2013-04-10 Salvatore Bonaccorso (carnil debian org) Cisco Security Advisory: Cisco Prime Network Control Systems Database Default Credentials Vulnerability 2013-04-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Network Control Systems Database Default Credentials Vulnerability Advisory ID: cisco-sa-20130410-ncs Revision 1.0 For Public Release 2013 April 10 16:00 UTC (GMT) +-------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers 2013-04-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers Advisory ID: cisco-sa-20130410-asr1000 Revision 1.0 For Public Release 2013 April 10 16:00 UTC (GMT) +------------------------ [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution 2013-04-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution Advisory ID: cisco-sa-20130410-mp Revision 1.0 For Public Release 2013 April 10 16:00 UTC (GMT) +------------------------------------------------------------ [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Software 2013-04-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Software Advisory ID: cisco-sa-20130410-fwsm Revision 1.0 For Public Release 2013 April 10 16:00 UTC (GMT) +------------------------------------------------------ [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2013-04-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20130410-asa Revision 1.0 For Public Release 2013 April 10 16:00 UTC (GMT) +---------------------------------------------------------------------- Sum [ more ] [ reply ] [security bulletin] HPSBUX02864 SSRT101156 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2013-04-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03725347 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03725347 Version: 1 HPSBUX02864 SS [ more ] [ reply ] [security bulletin] HPSBUX02859 SSRT101144 rev.2 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code 2013-04-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03714526 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03714526 Version: 2 HPSBUX02859 SS [ more ] [ reply ] DeepSec 2013 - Call for Papers 2013-04-10 DeepSec Conference (deepsec deepsec net) DeepSec 2013 "Seven Seas" - Call for Papers Dear Researchers, Hackers, Developers, dear Members of the IT-Security Community: This is our call for papers for DeepSec 2013, the seventh DeepSec In-Depth Security Conference. Our annual event will take place from November 19th to 22th at the Imperial R [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03570121
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03570121
Version: 2
HPSBMU02830 SS
[ more ] [ reply ]