|
|
Colapse all |
Post message
APPLE-SA-2013-03-19-2 Apple TV 5.2.1 2013-03-19 Apple Product Security (product-security-noreply lists apple com) APPLE-SA-2013-03-19-1 iOS 6.1.3 2013-03-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-19-1 iOS 6.1.3 iOS 6.1.3 is now available and addresses the following: dyld Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Descr [ more ] [ reply ] [waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 2013-03-19 come2waraxe yahoo com [waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 19. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-98.html Description of vulner [ more ] [ reply ] CA20130319-01: Security Notice for SiteMinder products using SAML 2013-03-20 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- CA20130319-01: Security Notice for SiteMinder products using SAML Issued: March 19, 2013 CA Technologies support is alerting customers to a potential risk with certain CA SiteMinder products that implement Security Assertion Markup Language (SAML). Multiple vuln [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087) 2013-03-19 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and incl [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) 2013-03-19 VUPEN Security Research (advisories vupen com) (1 replies) VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and in [ more ] [ reply ] Re: VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) 2013-03-19 Thomas D. (whistl0r googlemail com) VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) 2013-03-19 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser coordinated by Mozilla Corporatio [ more ] [ reply ] Remote command execution in Ruby Gem Command Wrap 2013-03-18 Larry0 me com Remote command execution in Ruby Gem Command Wrap 3/15/2013 http://rubygems.org/gems/command_wrap Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename. Examining the f [ more ] [ reply ] NOPcon 2013 - Call for paper - Istanbul , Turkey 2013-03-18 info nopcon org [+]What is NOPcon? NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers. One more, it's a conference for community. [ more ] [ reply ] Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue 2013-03-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IOS and Cisco IOS XE Type 4 Passwords Issue Document ID: 33464 Revision 1.0 For Public Release 2013 March 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Cisco Response Summary ===================== [ more ] [ reply ] NGS00440 Patch Notification: Windows USB RNDIS driver kernel pool overflow 2013-03-18 NCC Group Research (research nccgroup com) High Risk Vulnerability in Microsoft Windows 18 March 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Microsoft Windows Impact: Windows USB RNDIS driver kernel pool overflow. Exploitation would result in local privilege escalation Versions affected: Microsoft Windows ( [ more ] [ reply ] [SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54) 2013-03-18 Security Explorations (contact security-explorations com) Hello All, We decided to release technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the "allowed behavior". As of Mar 18, 2013 we have no information that Oracle treats Issue 54 as a security vulnerability. We believe that 3 weeks (f [ more ] [ reply ] Remote command execution in fastreader ruby gem 2013-03-17 larry0 me com Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 if the url contains any ; characters code will be executed as the user. for example if fastreader is fed http://www.g;id;.com id will be executed. ./fastreader-1.0.8/lib/entry_controller.rb .strip only removes whitespace before and after the UR [ more ] [ reply ] [SECURITY] [DSA 2650-1] libvirt-bin security update 2013-03-15 Yves-Alexis Perez (corsac debian org) [slackware-security] ruby (SSA:2013-075-01) 2013-03-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ruby (SSA:2013-075-01) New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access 2013-03-15 security nruns com n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2013.001 15-Mar-2013 ________________________________________________________________________ ___ Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: < 3.1.1.2 Vulnerability: Polycom Com [ more ] [ reply ] n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability 2013-03-15 security nruns com n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2013.004 15-Mar-2013 ________________________________________________________________________ ___ Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: < 3.1.1.2 Vulnerability: Polycom H.323 Fo [ more ] [ reply ] n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection 2013-03-15 security nruns com n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2013.003 15-Mar-2013 ________________________________________________________________________ ___ Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: < 3.1.1.2 Vulnerability: Polycom H.323 CD [ more ] [ reply ] n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection 2013-03-15 security nruns com n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2013.002 15-Mar-2013 ________________________________________________________________________ ___ Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: < 3.1.1.2 Vulnerability: Polycom Firmware [ more ] [ reply ] Skype Click to Call Update Service local privilege escalation 2013-03-15 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: Skype Click to Call Update Service local privilege escalation # Date: 10.12.2012 # Author: otr # Software Link: http://www.skype.com # Vendor: Microsoft Corporation # Version: <= 6.2.0.106 # Tested on: Windows 7, Windows XP # Type: Privilege Escalation, DLL Hijacking # # CVE : MS does [ more ] [ reply ] DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal 2013-03-15 ddivulnalert ddifrontline com Title ----- DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal Severity -------- High Date Discovered --------------- January 22, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description ------------------------- The Ever [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
APPLE-SA-2013-03-19-2 Apple TV 5.2.1
Apple TV 5.2.1 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A local user may be able to execute unsigned code
Description: A state management is
[ more ] [ reply ]