|
|
Colapse all |
Post message
[SECURITY] [DSA 2635-1] cfingerd security update 2013-03-01 Salvatore Bonaccorso (carnil debian org) ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability 2013-02-28 Security Alert (Security_Alert emc com) Fileutils ruby gem possible remote command execution and insecure file handling in /tmp 2013-02-28 larry0 me com Fileutils ruby gem possible remote command execution and insecure file handling in /tmp 2/23/2013 Hi list, I was looking at some gem files and noticed a few issues with fileutils-0.7 http://rubygems.org/gems/fileutils "A set of utility classes to extract meta data from different file types". Han [ more ] [ reply ] PHEARCON Call For Papers 2013-02-28 AA (anarchy ang31 gmail com) ::[ About ]:: www.phearcon.org PHEARCON is a hacking conference based in Milwaukee Wisconsin with the goal of bringing hackers together under one roof to learn, hack, and party! ::[ When / Where ]:: October 12th @ 10am [-]location[-] Bucketworks 706 S 5th St. Milwaukee, WI. 53204 ::[ Format ]:: On [ more ] [ reply ] Stored Cross-site Scripting ('XSS') in Airvana HubBub C1-600-RT Femtocell 2013-02-27 scott behrens neohapsis com Advisory ID: NEOCAN-2013-002 Advisory Title: Stored XSS ('cross-site scripting') in Airvana HubBub C1-600-RT router Author: Scott Behrens / Scott.Behrens (at) Neohapsis (dot) com [email concealed] Release Date: 02/27/2013 Vendor: Airvana Application: Airrave 2.5 router administration page Platform: [ more ] [ reply ] Cross-Site Scripting (XSS) in Geeklog 2013-02-27 advisory htbridge com Advisory ID: HTB23143 Product: Geeklog Vendor: http://www.geeklog.net Vulnerable Version(s): 1.8.2 and probably prior Tested Version: 1.8.2 Vendor Notification: February 6, 2013 Vendor Patch: February 20, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] [ more ] [ reply ] Multiple Vulnerabilities in Piwigo 2013-02-27 advisory htbridge com Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352], P [ more ] [ reply ] [KIS-2013-03] Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability 2013-02-27 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------- Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability ------------------------------------------------------------------- [-] Software Link: http://www.joomla.org/ [-] Affected Versions: Version 3.0.2 and earlier [ more ] [ reply ] Unauthenticated remote access to D-Link DIR-645 devices 2013-02-27 roberto greyhats it Unauthenticated remote access to D-Link DIR-645 devices ======================================================= [ADVISORY INFORMATION] Title: Unauthenticated remote access to D-Link DIR-645 devices Discovery date: 20/02/2013 Release date: 27/02/2013 Credits: Roberto Paleari (roberto@greyh [ more ] [ reply ] [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 2013-02-27 come2waraxe yahoo com [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-97.html Description of vulnerable s [ more ] [ reply ] Cisco Security Advisory: Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities 2013-02-27 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities Advisory ID: cisco-sa-20130227-cucm Revision 1.0 For Public Release 2013 February 27 16:00 UTC (GMT) +--------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability 2013-02-27 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability Advisory ID: cisco-sa-20130227-hcs Revision 1.0 For Public Release 2013 February 27 16:00 UTC (GMT) +---------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Unified Presence Server Denial of Service Vulnerability 2013-02-27 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Unified Presence Server Denial of Service Vulnerability Advisory ID: cisco-sa-20130227-cups Revision 1.0 For Public Release 2013 February 27 16:00 UTC (GMT) +--------------------------------------------------------- [ more ] [ reply ] [SECURITY] [DSA 2633-1] fusionforge security update 2013-02-26 Yves-Alexis Perez (corsac debian org) Denial of Service vulnerability in War FTP Daemon 1.82 2013-02-26 Jarle Aase (jgaa jgaa com) Late last week, security researchers at jura.ba reported a Denial of Service vulnerability in War FTP Daemon 1.82. The problem was rooted in the way log messages was relayed from the internal log handler to the Windows Event log when the sever was running as a Windows service. Theoretically, it [ more ] [ reply ] [slackware-security] seamonkey (SSA:2013-056-01) 2013-02-25 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2013-056-01) New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packa [ more ] [ reply ] CONFidence 2013 - Call for Papers - 28-29.05.2013 Krakow, Poland 2013-02-25 Andrzej Targosz (andrzej targosz proidea org pl) Calling all practitioners in the field of IT security! The 11th edition of the international IT security conference, CONFidence 2013, is taking place in May 28/29, 2013 (as usual it will be close to BerlinSides and PXE so if you plan to be around Krakow or Berlin you have to try be a part of all [ more ] [ reply ] Fwd: [SECURITY] CVE-2013-0253 Apache Maven 3.0.4 2013-02-24 Olivier Lamy (olamy apache org) CVE-2013-0253 Apache Maven Severity: Medium Vendor: The Apache Software Foundation Versions Affected: - Apache Maven 3.0.4 - Apache Maven Wagon 2.1, 2.2, 2.3 Description: Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL [ more ] [ reply ] Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities 2013-02-23 Vulnerability Lab (research vulnerability-lab com) Title: ====== Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/get_content.php?id=824 ID: SWIFT-3119 URL: http://dev.kayako.com/browse/SWIFT-3119 VL-ID: ===== 824 Common Vulnerability Scoring System: == [ more ] [ reply ] [Onapsis Security Advisory 2013-005] SAP CCMS Agent Code Injection 2013-02-22 Onapsis Research Labs (research onapsis com) Onapsis Security Advisory 2013-005: SAP CCMS Agent Code Injection This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new r [ more ] [ reply ] [Onapsis Security Advisory 2013-006] SAP SMD Agent Code Injection 2013-02-22 Onapsis Research Labs (research onapsis com) Onapsis Security Advisory 2013-006: SAP SMD Agent Code Injection This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new re [ more ] [ reply ] [Onapsis Security Advisory 2013-004] SAP J2EE Core Service Arbitrary File Access 2013-02-22 Onapsis Research Labs (research onapsis com) Onapsis Security Advisory 2013-004: SAP J2EE Core Service Arbitrary File Access This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentat [ more ] [ reply ] [Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting 2013-02-22 Onapsis Research Labs (research onapsis com) Onapsis Security Advisory 2013-003: SAP Enterprise Portal Cross-Site-Scripting This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentati [ more ] [ reply ] [Onapsis Security Advisory 2013-002] SAP SDM Denial of Service 2013-02-22 Onapsis Research Labs (research onapsis com) Onapsis Security Advisory 2013-002: SAP SDM Denial of Service This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new resea [ more ] [ reply ] [Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure 2013-02-22 Onapsis Research Labs (research onapsis com) Onapsis Security Advisory 2013-001: SAP Portal PDC Information Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations [ more ] [ reply ] [IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability 2013-02-23 Inshell Security (info inshell net) VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability 2013-02-25 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Windows OLE Automation Remote Code Execution Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems and graphical user interfaces produced [ more ] [ reply ] DC4420 - London DEFCON Tuesday 26th Feb 2013 2013-02-25 Major Malfunction (majormal pirate-radio org) Apologies for the late announcement... Tomorrow we have a particularly excellent line-up! Primary Speaker: Arron Finnon - Finux Tech Weekly Title: "The OSNIF Project: NIDS/NIPS Testing and Auditing" Synopsis: Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and that's puttin [ more ] [ reply ] [SE-2012-01] New security issues affecting Oracle's Java SE 7u15 2013-02-25 Security Explorations (contact security-explorations com) Hello All, We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues (numbered 54 and 55), which when combined together can be successfully used to gain a complete Java security sandbox bypass [ more ] [ reply ] NoSuchCon CFP 2.0 / 15-17 May 2013 / Paris, France 2013-02-25 Jonathan Brossard (endrazine gmail com) Samsung Galaxy S3 partial screen-lock bypass 2013-02-21 ukpentestinfo mti com MTI Technology ? Vulnerability Research Team www.mti.com ukpentestinfo"at"mti.com Samsung Galaxy S3 ? partial screen-lock bypass Date found: 17th Feb 2012 Vendor Notified: 20th Feb 2012 Vendor Affected: Samsung Device: Galaxy S3 Model: GT-19300 OS: Android 4.1.2 Kernel Version: 3.0.31-742 [ more ] [ reply ] TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-site scripting in Oracle Enterprise Manager (advReplicationAdmin) TeamSHATTER Security Advisory February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: [ more ] [ reply ] OSEC-2013-01: nagios metacharacter filtering omission 2013-02-21 Rudolph Pereira (rudolph pereira occamsec com) Summary: --------------- CVE-ID: CVE-2013-1362 CVSS: Base Score 7.5 CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L Vendor: Nagios Affected Products: NRPE Affected Platforms: All Affected versions: < 2.14 Remote Exploitable: Yes Local Exploitable: No Patch Status V [ more ] [ reply ] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (Resource Manager) February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 [ more ] [ reply ] TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 1 [ more ] [ reply ] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (streams queue) February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Rem [ more ] [ reply ] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (dBClone) February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote ex [ more ] [ reply ] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (advReplicationAdmin) February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Cr [ more ] [ reply ] TeamSHATTER Security Advisory: HTTP Response Splitting in Oracle EM (policyViewSettings) (CVE-2013-0354) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager (policyViewSettings) February 20, 2013 Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitab [ more ] [ reply ] CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement 2013-02-22 Kurt Seifried (kseifried redhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer (mscherer (at) redhat (dot) com [email concealed]) of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/ruby_parser-2.0.4/lib/gauntlet_rubyparser.rb (ht [ more ] [ reply ] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (SCPLBL_COLLECTED parameters) (CVE-2013-0353) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (SCPLBL_COLLECTED parameters) February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: [ more ] [ reply ] TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Database GeoRaster API overflow February 20, 2013 Risk Level: High Affected versions: Oracle Database 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerabili [ more ] [ reply ] TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Cross Site Scripting in XDBResource cancelURL parameter February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, [ more ] [ reply ] MyFi Wireless Disk 1.2 iPad iPhone - Multiple Vulnerabilities 2013-02-18 Vulnerability Lab (research vulnerability-lab com) Title: ====== MyFi Wireless Disk 1.2 iPad iPhone - Multiple Vulnerabilities Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/get_content.php?id=864 VL-ID: ===== 864 Status: ======== Published Disclaimer: =========== The information provided in this advisory i [ more ] [ reply ] Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability 2013-02-13 Vulnerability Lab (research vulnerability-lab com) Title: ====== Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/get_content.php?id=789 #9984: Investigate Vulnerability Lab issues (this ticket included tracking the creation of our DBI shim to error on sem [ more ] [ reply ] Paper - Hiding Data in Hard-drive Service Areas 2013-02-19 Ariel Berkman (aberkman gmail com) Hi, We've recently released a paper discussing the ability to hide data in hard-drive service areas. The paper is available for download at: http://www.recover.co.il/SA-cover/SA-cover.pdf The introduction section is pasted below: In this paper we will demonstrate how spinning hard-drives? service [ more ] [ reply ] TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes (No authentication to Database Server is need [ more ] [ reply ] TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751) 2013-02-21 Shatter (shatter appsecinc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Alter FBA Table February 20, 2013 Risk Level: High Affected versions: Oracle Database Enterprise Edition 11.1, 11.2 Remote exploitable: Yes Credits: This vulnerability was discovered and resea [ more ] [ reply ] [security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS) 2013-02-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03606700 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03606700 Version: 1 HPSBMU02836 SS [ more ] [ reply ] [CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF 2013-02-20 hip insight-labs org # Exploit Title: Wordpress pretty-link plugin XSS in SWF # Release Date: 20/02/13 # Author: hip [Insight-Labs] # Contact: hip (at) insight-labs (dot) org [email concealed] | Website: http://insight-labs.org # Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip # Vendor Homepage: http://prettylinkpr [ more ] [ reply ] Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability 2013-02-20 demetris papapetrou (demetrispapapetrou gmail com) ======================================================================== ============= Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability ======================================================================== ============= Software: Alt-N MDaemon v13.0.3 and prior v [ more ] [ reply ] [SECURITY] [DSA 2630-1] postgresql-8.4 security update 2013-02-20 Moritz Muehlenhoff (jmm debian org) Alt-N MDaemon Email Body HTML/JS Injection Vulnerability 2013-02-20 demetris papapetrou (demetrispapapetrou gmail com) ============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Rem [ more ] [ reply ] Alt-N MDaemon's WorldClient Username Enumeration Vulnerability 2013-02-20 demetris papapetrou (demetrispapapetrou gmail com) ==================================================================== Alt-N MDaemon's WorldClient Username Enumeration Vulnerability ==================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: Use [ more ] [ reply ] Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability 2013-02-20 demetris papapetrou (demetrispapapetrou gmail com) ================================================================== Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability ================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: Remote Co [ more ] [ reply ] Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability 2013-02-20 demetris papapetrou (demetrispapapetrou gmail com) ======================================================================== ================== Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability ======================================================================== ================== Software: Alt-N MDaemon v13.0. [ more ] [ reply ] Multiple Cross-Site Scripting (XSS) in glFusion 2013-02-20 advisory htbridge com Advisory ID: HTB23142 Product: glFusion Vendor: http://www.glfusion.org/ Vulnerable Version(s): 1.2.2 and probably prior Tested Version: 1.2.2 Vendor Notification: January 30, 2013 Vendor Patch: January 30, 2013 Public Disclosure: February 20, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79 [ more ] [ reply ] Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability 2013-02-20 demetris papapetrou (demetrispapapetrou gmail com) ====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Typ [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2013-050-02) 2013-02-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2013-050-02) New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------- [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2013-050-01) 2013-02-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2013-050-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ p [ more ] [ reply ] APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13 2013-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13 Java for OS X 2013-001 and Mac OS X v10.6 Update 13 is now available and addresses the following: Java Available for: OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-13:02.libc 2013-02-19 FreeBSD Security Advisories (security-advisories freebsd org) SQLi found in Kodak Insite 2013-02-19 robert hipcrime com Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System (for my current employer), an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site. https://creativeworkflow.ko [ more ] [ reply ] Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro. 2013-02-19 George Clark (geonwiki fenachrone com) ---+ Security Alert: Code injection vulnerability in MAKETEXT macro This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext [1], which Foswiki uses to provide translations when {UserI [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-13:01.bind 2013-02-19 FreeBSD Security Advisories (security-advisories freebsd org) Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability 2013-02-18 nauty me04 gmail com ############################# Exploit Title : Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 18/02/13 software link: http://wordpress.org/extend/plugins/responsive-logo-slideshow/ C [ more ] [ reply ] [SECURITY] [DSA 2628-1] nss-pam-ldapd security update 2013-02-18 Moritz Muehlenhoff (jmm debian org) Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability 2013-02-18 nauty me04 gmail com ############################# Exploit Title : Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 18/02/13 software link: http://wordpress.org/extend/plugins/marekkis-watermark/ CVE Assigned - CVE-2013 [ more ] [ reply ] PHP-Fusion 7.02.05 SQL Injection 2013-02-16 Krzysztof Katowicz-Kowalewski (vnd vndh net) SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very high. [ more ] [ reply ] [IA47] Photodex ProShow Producer v5.0.3297 PXT File title Value Handling Buffer Overflow 2013-02-16 Inshell Security (info inshell net) Multiple Vulnerabilities in Netgear DGN2200B 2013-02-16 devnull s3cur1ty de Device Name: DGN2200B Vendor: Netgear ============ Vulnerable Firmware Releases: ============ Hardwareversion DGN2200B Firmwareversion V1.0.0.36_7.0.36 - 04/01/2011 ============ Device Description: ============ Infos: http://www.netgear.com/home/products/wirelessrouters/work-and-play/dgn22 [ more ] [ reply ] Sniffing HDCP crypto keys with a $30 Bus Pirate and a broken HDMI cable 2013-02-18 Adam Laurie (adam algroup co uk) Scanning the IPv6 Internet with the scan6 tool (SI6 IPv6 toolkit) 2013-02-17 Fernando Gont (fgont si6networks com) (1 replies) Folks, A while ago we had published an IETF Internet-Draft about IPv6 Network Reconnaissance ("Network Reconnaissance in IPv6 Networks", available at: <http://tools.ietf.org/html/draft-ietf-opsec-ipv6-host-scanning-00>). Our scan6 tool (part of the SI6 Networks' IPv6 toolkit <http://www.si6network [ more ] [ reply ] Re: Scanning the IPv6 Internet with the scan6 tool (SI6 IPv6 toolkit) 2013-02-17 Marc Heuse (mh mh-sec de) SI6 Networks IPv6 Toolkit v1.3 released! 2013-02-16 Fernando Gont (fgont si6networks com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, We are pleased to release the SI6 Networks' IPv6 Toolkit v1.3: a security assessment and trouble-shooting toolkit for the IPv6 protocol suite. The toolkit is available at: <http://www.si6networks.com/tools/ipv6toolkit>, where you can find a the [ more ] [ reply ] CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities 2013-02-15 CORE Security Technologies Advisories (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. *Advisory Information* Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulne rabilities D [ more ] [ reply ] Empirum Password Obfuscation Design Flaw 2013-02-14 otr bockcay de # Vuln Title: Empirum Password Obfuscation Design Flaw # Date: 20.12.2012 # Author: otr # Software Link: http://www.matrix42.com/products/workplace-automation-empirum/ # Version: 14.0 # Tested on: Windows # CVE : To be assigned # Risk: medium # Type: Privilege Escalation # Vendor: Matrix42 # STATU [ more ] [ reply ] [IA46] Photodex ProShow Producer v5.0.3297 ColorPickerProc() Memory Corruption 2013-02-14 Inshell Security (info inshell net) Multiple Vulnerabilities in TP-Link TL-WA701N / TL-WA701ND 2013-02-14 devnull s3cur1ty de Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link ============ Vulnerable Firmware Releases: ============ Firmware Version: 3.12.6 Build 110210 Rel.37112n Firmware Version: 3.12.16 Build 120228 Rel.37317n - Published Date 2/28/2012 Hardware Version: WA701N v1 00000000 Model No.: TL-WA701N / TL-W [ more ] [ reply ] [security bulletin] HPSBMU02815 SSRT100715 rev.5 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution 2013-02-14 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03489683 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03489683 Version: 5 HPSBMU02815 SS [ more ] [ reply ] Re: Aastra IP Telephone encrypted .tuz configuration file leakage 2013-02-14 noreply aastra com (1 replies) Vulnerability fixed in August 2012 release of anacrypt V1.04 encryption tool. Available on the www.aastra.com website. IP Phone Configuration File Encryption Tool - Microsoft Windows (Version 1.04, 08/2012, gz) (English, 45.78 KB) IP Phone Configuration File Encryption Tool - Linux 32 bit (Versi [ more ] [ reply ] Re: Aastra IP Telephone encrypted .tuz configuration file leakage 2013-02-18 Timo Juhani Lindfors (timo lindfors iki fi) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2636-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 01, 2013
[ more ] [ reply ]