|
|
Colapse all |
Post message
TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation 2013-04-18 Trustwave Advisories (TrustwaveAdvisories trustwave com) VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) 2013-04-18 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion Code Execution (CVE-2013-2555) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that d [ more ] [ reply ] [SECURITY] [DSA 2661-1] xorg-server security update 2013-04-17 Yves-Alexis Perez (corsac debian org) Cisco Security Advisory: Cisco TelePresence Infrastructure Denial of Service Vulnerability 2013-04-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco TelePresence Infrastructure Denial of Service Vulnerability Advisory ID: cisco-sa-20130417-tpi Revision 1.0 For Public Release 2013 April 17 16:00 UTC (GMT) +--------------------------------------------------------- [ more ] [ reply ] VUPEN Security Research - Oracle Java JavaFX Video Frame Decoding Remote Heap Overflow (Pwn2Own 2013) 2013-04-18 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Oracle Java JavaFX Video Frame Decoding Remote Heap Overflow (Pwn2Own 2013) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global [ more ] [ reply ] Cisco Security Advisory: Cisco Network Admission Control Manager SQL Injection Vulnerability 2013-04-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Network Admission Control Manager SQL Injection Vulnerability Advisory ID: cisco-sa-20130417-nac Revision 1.0 For Public Release 2013 April 17 16:00 UTC (GMT) +------------------------------------------------------- [ more ] [ reply ] DC4420 - London DEFCON - April meet - Tuesday 23rd April 2013 2013-04-18 Major Malfunction (majormal pirate-radio org) Whether you're coming to town next week for London Infosec or BSides, or you're in the smoke anyway, come and join us for what is normally our busiest and most entertaining night of the year... This time should be no exception: we have managed to retain our normal venue - The Phoenix - and we ha [ more ] [ reply ] SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption 2013-04-17 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20130417-2 :: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server 2013-04-17 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey 2013-04-17 SEC Consult Vulnerability Lab (research sec-consult com) SI6 Networks' IPv6 Toolkit v1.3.4 released! 2013-04-17 Fernando Gont (fgont si6networks com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, We have just released SI6 Networks' IPv6 Toolkit v1.3.4: a security assessment and troubleshooting toolkit for the IPv6 protocol suite. The toolkit is available at: <http://www.si6networks.com/tools/ipv6toolkit>, where you can find a the usual [ more ] [ reply ] Multiple Vulnerabilities in KrisonAV CMS 2013-04-17 advisory htbridge com Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Version(s): 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79], C [ more ] [ reply ] APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 2013-04-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 [ more ] [ reply ] APPLE-SA-2013-04-16-1 Safari 6.0.4 2013-04-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-04-16-1 Safari 6.0.4 Safari 6.0.4 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to an [ more ] [ reply ] Open-Xchange Security Advisory 2013-04-17 2013-04-17 Martin Braun (martin braun open-xchange com) Open-Xchange Security Advisory (multiple vulnerabilities) Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provide [ more ] [ reply ] [ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control 2013-04-16 ESNC Security (secure esnc de) [ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control Please refer to www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact ------------------------------ [ more ] [ reply ] Sitecom WLM-3500 backdoor accounts 2013-04-16 roberto paleari emaze net Sitecom WLM-3500 backdoor accounts ================================== [ADVISORY INFORMATION] Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits: Roberto Paleari (roberto.paleari (at) emaze (dot) net [email concealed], @rpaleari) Advisory URL: http://blog.emaze.net/2013/0 [ more ] [ reply ] [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services 2013-04-16 ESNC Security (secure esnc de) [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services Please refer to www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact -------------------------- [ more ] [ reply ] [ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution 2013-04-16 ESNC Security (secure esnc de) [ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution Please refer to www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact --------------------------------- [ more ] [ reply ] [SE-2012-01] Details of issues fixed by Java SE 7 Update 21 2013-04-16 Security Explorations (contact security-explorations com) (1 replies) Hello All, Today, Oracle released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60). Our original vulnerability reports and Proof of Concept codes for these and some previously disclos [ more ] [ reply ] Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21 2013-04-17 Security Explorations (contact security-explorations com) [security bulletin] HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities 2013-04-15 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03734195 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03734195 Version: 1 HPSBUX02866 SS [ more ] [ reply ] DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal 2013-04-15 ddivulnalert ddifrontline com Title ----- DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal Severity -------- High Discovered By ------------- Evan Sylvester and r@b13$ Date Discovered --------------- February 19, 2013 Vulnerability Description ------------------------- The Dell EqualLogic PS6110X is vulnerable to a [ more ] [ reply ] Remote command injection in Ruby Gem kelredd-pruview 0.3.8 2013-04-11 larry0 me com Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar 4/4/2013 @_larry0 Description: "A gem to ease generating image previews (thumbnails) of various files." https://rubygems.org/gems/kelredd-pruview Remote commands can be executed if the file name contains shell meta ch [ more ] [ reply ] MacOSX 10.8.3 ftpd Remote Resource Exhaustion 2013-04-11 submit cxsec org MacOSX 10.8.3 ftpd Remote Resource Exhaustion Maksymilian Arciemowicz http://cxsecurity.com/ http://cvemap.org/ Public Date: 01.02.2013 http://cxsecurity.com/cveshow/CVE-2010-2632 http://cxsecurity.com/cveshow/CVE-2011-0418 --- 1. Description --- Old vulnerability in libc allow to denial of servic [ more ] [ reply ] |
|
Privacy Statement |
Group Name Enumeration Vulnerability in Cisco IKE Implementation
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-004.txt
Published: 04/18/13
Version: 1.0
Vendor: Cisco (www.cisco.com)
Product: ASA (Adaptive Security Appliance)
Versions
[ more ] [ reply ]