|
|
Colapse all |
Post message
[SECURITY] [DSA 2658-1] postgresql-9.1 security update 2013-04-04 Giuseppe Iuculano (iuculano debian org) [SECURITY] [DSA 2657-1] postgresql-8.4 security update 2013-04-04 Giuseppe Iuculano (iuculano debian org) Novell GroupWise Multiple Remote Code Execution Vulnerabilities 2013-04-03 advisory htbridge com Advisory ID: HTB23131 Product: Novell GroupWise Vendor: Novell Inc. Vulnerable Version(s): 12.0.0.8586 and probably prior Tested Version: 12.0.0.8586 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: November 26, 2012 Vendor Patch: January 30, 2013 Public Disclosure: April 3, 2013 V [ more ] [ reply ] TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2 2013-04-03 Simon Bieber (sbieber tele-consulting com) TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2 Published: 2013/04/03 Version 1.0 Affected Products: e107 version 1.0.2 (others not tested) http://www.e107.org References: TC-SA-2013-01 www.tele-consulting.com/advisories/TC-SA-2013-01.txt (used f [ more ] [ reply ] PHP Code Injection in FUDforum 2013-04-03 advisory htbridge com Advisory ID: HTB23146 Product: FUDforum Vendor: FUDforum Vulnerable Version(s): 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: Code Injection [CWE-94] CVE Reference: CVE-2013-2 [ more ] [ reply ] SQL Injection Vulnerability in Symphony 2013-04-03 advisory htbridge com Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Version(s): 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2013-093-01) 2013-04-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2013-093-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ p [ more ] [ reply ] Google AD Sync Tool - Exposure of Sensitive Information Vulnerability - Security Advisory - SOS-13-001 2013-04-03 Lists (lists senseofsecurity com) [slackware-security] mozilla-thunderbird (SSA:2013-093-02) 2013-04-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2013-093-02) New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------- [ more ] [ reply ] SEC Consult SA-20130403-0 :: Multiple vulnerabilities in Sophos Web Protection Appliance 2013-04-03 SEC Consult Vulnerability Lab (research sec-consult com) FreeBSD Security Advisory FreeBSD-SA-13:04.bind 2013-04-02 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-13:03.openssl 2013-04-02 FreeBSD Security Advisories (security-advisories freebsd org) NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities 2013-04-02 NCC Group Research (research nccgroup com) High Risk Vulnerability in Virtual Access Monitor 2 April 2013 Ken Wolstencroft of NCC Group has discovered a High risk vulnerability in Virtual Access Monitor Impact: Multiple SQL Injection Vulnerabilities Versions affected: Virtual Access Monitor 3.10.17 (and previous) Details of the most re [ more ] [ reply ] Remote command execution in Ruby Gem ldoce 0.0.2 2013-04-02 larry0 me com Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @_larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depends on the afplay command. https://rubygems.org/gems/ldoce https://github.c [ more ] [ reply ] [security bulletin] HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities 2013-04-01 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03716627 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03716627 Version: 1 HPSBUX02860 SS [ more ] [ reply ] US-CERT Alert TA13-088A: DNS Amplification Attacks 2013-03-29 US-CERT Alerts (technical-alerts us-cert gov) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System TA13-088A: DNS Amplification Attacks Original release date: March 29, 2013 Systems Affected * Domain Name System (DNS) servers Overview A Domain Name Server (DNS) Amplification attack is a popular form of Distribu [ more ] [ reply ] Authentication bypass on Netgear WNR1000 2013-03-29 roberto greyhats it Authentication bypass on Netgear WNR1000 ======================================== [ADVISORY INFORMATION] Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari (roberto (at) greyhats (dot) it [email concealed], twitter: @rpaleari) [VULNERABILITY I [ more ] [ reply ] [waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5 2013-03-29 come2waraxe yahoo com [waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-101.html Description of vulnerable so [ more ] [ reply ] [Suspected Spam] [slackware-security] libssh (SSA:2013-087-01) 2013-03-29 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libssh (SSA:2013-087-01) New libssh packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/libssh-0 [ more ] [ reply ] [waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50 2013-03-29 come2waraxe yahoo com [waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-100.html Description of vulnerable soft [ more ] [ reply ] [security bulletin] HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code 2013-03-28 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03714526 Version: 1 HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code NOTICE: The information in this Security Bulletin should be acted [ more ] [ reply ] MailOrderWorks v5.907 - Multiple Web Vulnerabilities 2013-03-28 Vulnerability Lab (research vulnerability-lab com) Title: ====== MailOrderWorks v5.907 - Multiple Web Vulnerabilities Date: ===== 2013-01-02 References: =========== http://www.vulnerability-lab.com/get_content.php?id=798 VL-ID: ===== 796 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: =========== [ more ] [ reply ] Workshop Proposal/Paper Submission Deadlines 2013-03-27 asemailing gmail com Dear Colleagues: We apologize if you receive multiple copies of this message. ------------------------------------------------------------------------ --- Workshop Proposal Submission Deadline: April 15, 2013 ------------------------------------------------------------------------ Paper Submission [ more ] [ reply ] AST-2013-003: Username disclosure in SIP channel driver 2013-03-27 Asterisk Security Team (security asterisk org) AST-2013-002: Denial of Service in HTTP server 2013-03-27 Asterisk Security Team (security asterisk org) AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header 2013-03-27 Asterisk Security Team (security asterisk org) WordPress podPress Plugin XSS in SWF 2013-03-28 hip insight-labs org # Exploit Title: WordPress podPress Plugin XSS in SWF # Release Date: 28/03/13 # Author: hip [Insight-Labs] # Contact: hip (at) insight-labs (dot) org [email concealed] | Website: http://insight-labs.org # Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip # Tested on: XPsp3 # Affected version: 8.8.10.1 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2658-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
April 04, 2013
[ more ] [ reply ]