|
|
Colapse all |
Post message
Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect 2013-01-11 Include Security Research (research includesecurity com) [security bulletin] HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS) 2013-01-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03621178 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03621178 Version: 1 HPSBMU02838 SS [ more ] [ reply ] [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code 2013-01-10 Security Explorations (contact security-explorations com) Hello All, We were notified today of ongoing attacks with the use of a new Java vulnerability affecting latest version 7 Update 10 of the software [1][2]. Due to the unpatched status of Issue 50 [3] and some inquiries received regarding whether the attack code found exploited this bug, we had a q [ more ] [ reply ] DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit 2013-01-10 DefenseCode (defensecode defensecode com) DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit Story behind the vulnerability... Months ago, we've contacted Cisco about a remote preauth (root access) vulnerability in default installation of their Linksys routers that we've discovered. We gave them de [ more ] [ reply ] Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) 2013-01-10 Arne Vidström (arne vidstrom foi se) Hi all, The following vulnerabilities have not been reported at Bugtraq before, and unfortunately they seem to be largely unknown in public even though they are about a year old by now. They have both been patched by the vendors after I discovered them and reported it. It appears to be very hard (o [ more ] [ reply ] Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability 2013-01-10 Beni_vanda yahoo com (1 replies) a bug in Wordpress gallery-3.8.3 plugin that allows to us to occur a Arbitrary File Read on a Local machin ######################################################################## ###################### # # Exploit Title : Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability # [ more ] [ reply ] Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability 2013-01-11 Henri Salo (henri nerv fi) OrangeHRM 2.7.1 Vacancy Name Persistent XSS 2013-01-10 SBV Research (research silverbackventuresllc com) OrangeHRM[1] 2.7.1[2] -- the latest stable release as of this writing -- suffers from a persistent XSS in the vacancy name variable. Steps: 1. Navigate to following URL: http://[domain]/symfony/web/index.php/recruitment/viewJobVacancy 2. Add or Edit a Vacancy 3. In the Vacancy Name parameter pu [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2013-009-02) 2013-01-10 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2013-009-02) New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------- [ more ] [ reply ] [slackware-security] seamonkey (SSA:2013-009-03) 2013-01-10 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2013-009-03) New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packa [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2013-009-01) 2013-01-10 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2013-009-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ p [ more ] [ reply ] Nero MediaHome Multiple Remote DoS Vulnerabilities 2013-01-09 advisory htbridge com Advisory ID: HTB23130 Product: Nero MediaHome Vendor: Nero Vulnerable Version(s): 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: January 9, 2013 Vulnerability Type: Improper Handling of Length Parameter Inconsistency [C [ more ] [ reply ] Remote Buffer Overflow Vulnerability in Samsung Kies 2013-01-09 advisory htbridge com Advisory ID: HTB23136 Product: Samsung Kies Vendor: Samsung Electronics Vulnerable Version(s): 2.5.0.12114_1 Tested Version: 2.5.0.12114_1 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: December 19, 2012 Vendor Patch: December 27, 2012 Public Disclosure: January 9, 2013 Vulnerabi [ more ] [ reply ] Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart 2013-01-09 advisory htbridge com Advisory ID: HTB23135 Product: Quick.Cms, Quick.Cart Vendor: OpenSolution team Vulnerable Version(s): Quick.Cms 5.0, Quick.Cart 6.0 and probably prior Tested Version: Quick.Cms 5.0, Quick.Cart 6.0 Vendor Notification: December 19, 2012 Vendor Patch: December 20, 2012 Public Disclosure: January 9, [ more ] [ reply ] Cisco Security Advisory: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability 2013-01-09 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability Advisory ID: cisco-sa-20130109-uipphone Revision 1.0 For Public Release 2013 January 9 16:00 UTC (GMT) +---------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability 2013-01-09 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Prime LAN Management Solution Command Execution Vulnerability Advisory ID: cisco-sa-20130109-lms Revision 1.0 For Public Release 2013 January 9 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary = [ more ] [ reply ] [security bulletin] HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access 2013-01-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03557425 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03557425 Version: 1 HPSBUX02829 SS [ more ] [ reply ] ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability 2013-01-07 Security Alert (Security_Alert emc com) Chrome for Android - Cookie theft from Chrome by malicious Android app 2013-01-07 mbsdtest01 gmail com Chrome for Android - UXSS via com.android.browser.application_id Intent extra 2013-01-07 mbsdtest01 gmail com |
|
Privacy Statement |
vulnerabilities and report them to vendors. In this particular case
the vendor has unfortunately shown a general disregard for the
security risk of this uncovered vulnerability which was originally
disclosed privately to them on
[ more ] [ reply ]