|
|
Prev week |
Colapse all |
Post message
WASC Announcement: Static Analysis Technologies Evaluation Criteria Published 2013-05-10 announcements webappsec org ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting (XSS) Vulnerability 2013-05-10 Security Alert (Security_Alert emc com) [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited 2013-05-10 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitte [ more ] [ reply ] [SECURITY] CVE-2013-2067 Session fixation with FORM authenticator 2013-05-10 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2067 Session fixation with FORM authenticator Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.32 - - Tomcat 6.0.21 to 6.0.36 Description: FORM authentication associates the most recent r [ more ] [ reply ] CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException 2013-05-10 Mark Thomas (markt apache org) CFP: Hacktivity 2013, October 11-12, Budapest, Hungary 2013-05-10 cfp hacktivity com Hi, Hacktivity is the largest IT Security Festival in CEE region which will be held between October 11-12, 2013 in Budapest, Hungary. Hacktivity traditionally brings together the official and alternative representatives of information security profession with all those interested in the area, in a [ more ] [ reply ] DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities 2013-05-09 ddivulnalert ddifrontline com Title ----- DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities Severity -------- High Date Discovered --------------- March 19, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Dennis Lavrinenko, Bobby Lockett, and r@b13$ 1. Actuate ' [ more ] [ reply ] ESA-2013-021: EMC Documentum Multiple Vulnerabilities 2013-05-09 Security Alert (Security_Alert emc com) Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued] 2013-05-08 Stefan Kanthak (stefan kanthak nexgo de) On Sunday, May 05, 2013 10:13 PM I wrote: > Hi @ll, > > Fujitsus <http://www.fsc-pc.de/> factory preinstallation (as > found on a Fujitsu Lifebook A512 purchased a month ago) of > Windows 8 Professional x64 (I'm VERY confident that other > variants of Fujitsu's Windows 8 factory installation are j [ more ] [ reply ] ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability 2013-05-09 Security Alert (Security_Alert emc com) Vulnerability in "Fujitsu Desktop Update" (for Windows) 2013-05-08 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Fujitsu's update utility "Fujitsu Desktop Update" (see <http://support.ts.fujitsu.com/DeskUpdate/Index.asp>), which is factory-preinstalled on every Fujitsu (Siemens) PC with Windows, has a vulnerability which allows the execution of a rogue program in the security context of the current us [ more ] [ reply ] [security bulletin] HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Cod 2013-05-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03360041 Version: 2 HPSBMU02786 SS [ more ] [ reply ] [security bulletin] HPSBUX02876 SSRT101148 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2013-05-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03750073 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03750073 Version: 1 HPSBUX02876 SS [ more ] [ reply ] [2.0 Update] Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability 2013-05-08 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability Advisory ID: cisco-sa-20121031-dcnm Revision 2.0 Last Updated 2013 May 08 16:00 UTC (GMT) For Public Release 2012 October 31 16:00 UTC (GMT) [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software 2013-05-08 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software Advisory ID: cisco-sa-20130508-cvp Revision 1.0 For Public Release 2013 May 8 16:00 UTC (GMT) +---------------------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery (CSRF) in UMI.CMS 2013-05-08 advisory htbridge com Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Version(s): 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2013 [ more ] [ reply ] SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager 2013-05-07 SEC Consult Vulnerability Lab (research sec-consult com) Apache VCL improper input validation 2013-05-06 Josh Thompson (jfthomps apache org) CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion o [ more ] [ reply ] ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities 2013-05-06 Security Alert (Security_Alert emc com) VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6 2013-05-06 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the current 3CXPhone6.msi (for Windows), available from <http://www.3cx.com/VOIP/sip-phone/>, digitally signed on 2012-07-30, installs the following outdated and vulnerable 3rd-party libraries: * libeay32.dll and ssleay32.dll version 0.9.8h (from 2008-05-28) of OpenSSL. The current ve [ more ] [ reply ] [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java 2013-05-06 Security Explorations (contact security-explorations com) Hello All, Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software [1]. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that four [ more ] [ reply ] Multiple Vulnerabilities in D-Link DSL-320B 2013-05-06 devnull s3cur1ty de Device: DSL-320B Firmware Version: EU_DSL-320B v1.23 date: 28.12.2010 Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/ds l-320b-adsl-2-ethernet-modem ============ Vulnerability Overview: ============ * Access to the Config file without authentication => full au [ more ] [ reply ] Multiple buffer overflows on Huawei SNMPv3 service 2013-05-06 roberto paleari emaze net Multiple buffer overflows on Huawei SNMPv3 service ================================================== [ADVISORY INFORMATION] Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits: Roberto Paleari (roberto.paleari (at) emaze (dot) net [email concealed], @rpalea [ more ] [ reply ] Vulnerability in Microsoft Security Essentials <v4.2 2013-05-04 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, versions of Microsoft Security Essentials before the current v4.2 (see <https://support.microsoft.com/kb/2805304>) have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account (almost like <https://support.microsoft.com/kb/2781197> a [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "CDisplayPointer" Use-after-free (MS13-028) 2013-05-03 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "CDisplayPointer" Use-after-free (MS13-028) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free (MS13-028) 2013-05-03 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free (MS13-028) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of [ more ] [ reply ] |
|
Privacy Statement |
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analy
[ more ] [ reply ]