|
|
Prev week |
Colapse all |
Post message
NGS00416 Patch Notification: Oracle 11g TNS listener remote Invalid Pointer Read (pre-auth) 2013-05-02 NCC Group Research (research nccgroup com) NGS00422 Patch Notification: Oracle Retail Integration Bus Manager Directory Traversal 2013-05-02 NCC Group Research (research nccgroup com) High Risk Vulnerability in Oracle Retail Integration Bus Manager 1 May 2013 Andrew Davies of NCC Group has discovered a High risk vulnerability in Oracle Retail Integration Bus Manager Impact: Directory traversal Versions affected: Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2 Secu [ more ] [ reply ] WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability 2013-05-02 admin elites0ft com The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE (XML eXternal Entity) processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C:\ named "test.txt", which [ more ] [ reply ] Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS 2013-05-01 advisory htbridge com Advisory ID: HTB23141 Product: GetSimple CMS Vendor: get-simple.info Vulnerable Version(s): 3.1.2 and probably prior Tested Version: 3.1.2 Vendor Notification: January 23, 2013 Vendor Patch: April 26, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Refere [ more ] [ reply ] SQL Injection in b2evolution 2013-05-01 advisory htbridge com Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Version(s): 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE- [ more ] [ reply ] [HITB-Announce] #HITB2013KUL Call for Papers 2013-05-01 Hafez Kamal (aphesz hackinthebox org) Hi everyone - This is a Call for Papers for the 11th annual HITB Security Conference in Malaysia, #HITB2013KUL which takes place on the 16th and 17th of October in Kuala Lumpur. Keynote speakers for the conference will be Joe Sullivan (Chief Security Officer, Facebook) and Andy Ellis (Chief Securit [ more ] [ reply ] Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution 2013-04-30 az bugreport subscriber gmail com Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution ============================= ==== General Information ==== ============================= == Executive Summary == The function TCPIP_IPV6_ProcessFragmentationHeader() does not correctly validate the "fragment offset" fi [ more ] [ reply ] [security bulletin] HPSBMU02872 SSRT101185 rev.1 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS) 2013-04-30 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03748875 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03748875 Version: 1 HPSBMU02872 SS [ more ] [ reply ] Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability 2013-04-30 demonalex 163 com Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812(Jun 15, 2009) Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 6.4, [ more ] [ reply ] WowzaMediaServer SecureToken bypass (and worse) 2013-04-30 Michal J. (wejn box cz) Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: By default all installations of WMS use four modules in their application's config file: base, properties, logging, flvplayback. I've found out that the `properties [ more ] [ reply ] WowzaMediaServer StorageDir escape (regression) 2013-04-30 Michal J. (wejn box cz) Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: In early 2009 I reported problem with processing of requests with relative paths. The issue surfaced again. In a nutshell, you can escape Applications StorageDir u [ more ] [ reply ] Personal File Share HTTP Server Remote Overflow Vulnerability 2013-04-30 demonalex 163 com Title: Personal File Share HTTP Server Remote Overflow Vulnerability Software : Personal File Share HTTP Server Software Version : UNKNOWN Vendor: http://www.srplab.com/ Vulnerability Published : 2013-04-28 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N [ more ] [ reply ] CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities 2013-04-29 CORE Security Technologies Advisories (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. *Advisory Information* Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL: http://www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vu [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED] 2013-04-29 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver 2013-04-29 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBMU02874 SSRT101184 rev.1 - HP Service Manager, Java Runtime Environment (JRE) Security Update 2013-04-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03748879 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03748879 Version: 1 HPSBMU02874 SS [ more ] [ reply ] [security bulletin] HPSBMU02873 SSRT101182 rev.1 - HP Service Manager, Apache Tomcat Security Update 2013-04-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03748878 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03748878 Version: 1 HPSBMU02873 SS [ more ] [ reply ] Re: Nginx ngx_http_close_connection function integer overflow 2013-04-29 Maxim Konovalov (maxim konovalov gmail com) Hello, Recently a report appeared alleging an integer overflow vulnerability in nginx, claiming remote code execution impact. We've carefully investigated the issue, and cannot confirm the alleged vulnerability exists. Taking this opportunity to remind: if you think you've found a security issue i [ more ] [ reply ] Cisco/Linksys E1200 N300 Reflected XSS 2013-04-29 Carl Benedict (theinfinitenigma gmail com) Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 (others currently untested) Version : 2.0.04 (others currently untested) Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict (theinfinitenigma) Product D [ more ] [ reply ] [KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability 2013-04-26 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------ Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability ------------------------------------------------------------------ [-] Software Link: http://www.joomla.org/ [-] Affected Versions: Version 3.0.3 and earlier 3. [ more ] [ reply ] EDSC 2013 CFP Open 2013-04-26 Michael Eddington (meddington gmail com) The EDSC 2013 CFP is open! EDSC is a new security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. http:/ [ more ] [ reply ] |
|
Privacy Statement |
1 May 2013
Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle Database 11g
Impact: Invalid pointer read (Remote DoS)
Versions affected: Oracle Database 11g
Security patch information can be found at the following URL:
http
[ more ] [ reply ]