|
|
Prev week |
Colapse all |
Post message
Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460 2011-06-29 support nntws com Background ----------------- The product employs a portion of legacy code as referenced in the original post. This is used for the product key and some database entries but whilst the strength of the encryption being used here may be a problem for the NNT licensing team, there is no genuine securit [ more ] [ reply ] AST-2011-011: Possible enumeration of SIP users due to differing authentication responses 2011-06-28 Asterisk Security Team (security asterisk org) APPLE-SA-2011-06-28-2 Java for Mac OS X 10.5 Update 10 2011-06-28 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-06-28-2 Java for Mac OS X 10.5 Update 10 Java for Mac OS X 10.5 Update 10 is now available and addresses the following: Java Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8 Impact: Multiple vulnerabilities in Java 1.6.0_24 Des [ more ] [ reply ] APPLE-SA-2011-06-28-1 Java for Mac OS X 10.6 Update 5 2011-06-28 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-06-28-1 Java for Mac OS X 10.6 Update 5 Java for Mac OS X 10.6 Update 5 is now available and addresses the following: Java Available for: Mac OS X v10.6.6 and later, Mac OS X Server v10.6.6 and later Impact: Multiple vulnerabilities in [ more ] [ reply ] Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method 2011-06-28 advisory htbridge ch Vulnerability ID: HTB23019 Reference: http://www.htbridge.ch/advisory/ashampoo_3d_cad_professional_3_activex_c ontrol_insecure_method.html Product: Ashampoo 3D CAD Professional 3 Vendor: Ashampoo GmbH & Co ( http://www.ashampoo.com ) Vulnerable Version: 3.0.1 and probably prior Tested on: 3.0.1 [ more ] [ reply ] XSS in FlatPress 2011-06-28 advisory htbridge ch Vulnerability ID: HTB23022 Reference: http://www.htbridge.ch/advisory/xss_in_flatpress.html Product: FlatPress Vendor: Edoardo Vacchi ( http://flatpress.org ) Vulnerable Version: 0.1010.1 and probably prior Tested on: 0.1010.1 Vendor Notification: 07 June 2011 Vulnerability Type: XSS (Cross Site [ more ] [ reply ] Multiple vulnerabilities in Open-Realty 2011-06-28 advisory htbridge ch Vulnerability ID: HTB23023 Reference: http://www.htbridge.ch/advisory/multiple_vulnerabilities_in_open_realty. html Product: Open-Realty Vendor: Transparent Technologies, Inc. ( http://www.open-realty.org/ ) Vulnerable Version: 3.1.5 and probably prior Tested on: 3.1.5 Vendor Notification: 07 June 2 [ more ] [ reply ] NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow 2011-06-28 Research@NGSSecure (research ngssecure com) ======= Summary ======= Name: Apple Mac OS X ImageIO TIFF Integer Overflow Release Date: 28 June 2011 Reference: NGS00057 Discoverer: Dominic Chell <dominic.chell (at) ngssecure (dot) com [email concealed]> Vendor: Apple Vendor Reference: 142522746 Systems Affected: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through [ more ] [ reply ] NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows 2011-06-28 Research@NGSSecure (research ngssecure com) ======= Summary ======= Name: OS X 10.6.6 Camera Raw Library Memory Corruption Release Date: 28 June 2011 Reference: NGS00052 Discoverer: Paul Harrington <paul.harrington (at) ngssecure (dot) com [email concealed]> Vendor: Apple Vendor Reference: 140299872 Systems Affected: OS X 10.6.6 with RawCamera.bundle < 3.6 Risk: High St [ more ] [ reply ] NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation 2011-06-28 Research@NGSSecure (research ngssecure com) ======= Summary ======= Name: Cisco VPN Client Privilege Escalation Release Date: 28 June 2011 Reference: NGS00051 Discoverer: Gavin Jones <gavin.jones (at) ngssecure (dot) com [email concealed]> Vendor: Cisco Vendor Reference: Systems Affected: Cisco VPN client (Windows 64 Bit) Risk: High Status: Fixed ======== TimeLine ==== [ more ] [ reply ] NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow 2011-06-28 Research@NGSSecure (research ngssecure com) Apple Mac OS X ImageIO TIFF Heap Overflow - CVE-2011-0204 28/06/2011 Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Versions affected i [ more ] [ reply ] Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities 2011-06-28 YGN Ethical Hacker Group (lists yehg net) Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities 1. OVERVIEW Joomla! 1.6.3 and lower are vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web [ more ] [ reply ] [slackware-security] pidgin (SSA:2011-178-01) 2011-06-28 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] pidgin (SSA:2011-178-01) New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patch [ more ] [ reply ] ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability 2011-06-27 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-227 June 27, 2011 -- CVE ID: CVE-2011-2220 -- CVSS: 9.7, (AV:N/AC:L/Au:N/C:C/I:C/A:P) -- Affected Vendors: Novell -- Affected Products: Novell File [ more ] [ reply ] ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability 2011-06-27 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-226 June 27, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Citrix -- Affected Products: Citrix EdgeSight -- TippingPoint(TM) IPS Customer P [ more ] [ reply ] APPLE-SA-2011-06-23-1 Mac OS X v10.6.8 and Security Update 2011-004 2011-06-23 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-06-23-1 Mac OS X v10.6.8 and Security Update 2011-004 Mac OS X v10.6.8 and Security Update 2011-004 are now available and address the following: AirPort Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8 Impact: When connected to [ more ] [ reply ] MySQLDriverCS Cross-Parameter SQL Injection Vulnerability 2011-06-27 vuln nipc org cn Background: MySQLDriverCS is a free simple .NET compliant MySQL driver. Made in C# but it would be used in all .NET compatible languages (VB.NET, Managed C++,...). It is one of the most common used .NET MySQL drivers. This project was developed by M.L. Vias Livschitz in collaboration with CeDEI, Ram [ more ] [ reply ] Arbitrary files deletion in Novell File Reporter 1.0.4.2 2011-06-27 Luigi Auriemma (aluigi autistici org) Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2 2011-06-27 Luigi Auriemma (aluigi autistici org) Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities 2011-06-27 YGN Ethical Hacker Group (lists yehg net) Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites t [ more ] [ reply ] Re: Perfect PDF products distributed with vulnerable MSVC++ libraries 2011-06-26 Jeffrey Walton (noloader gmail com) On Tue, Jun 21, 2011 at 7:22 AM, Brad Hards <bradh (at) frogmouth (dot) net [email concealed]> wrote: > On Sunday 19 June 2011 11:37:33 Stefan Kanthak wrote: >> soft Xpansion <www.soft-xpansion.com> distributes their (freeware) >> products "Perfect PDF 7 Master" and "Perfect PDF 7 Reader" (the >> current files are dated 2011-05 [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2011-174-01) 2011-06-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2011-174-01) New mozilla-firefox packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +---------------------- [ more ] [ reply ] [PRE-SA-2011-05] Buffer overflow in tftp-hpa daemon 2011-06-24 Timo Warns (warns pre-sense de) PRE-CERT Security Advisory ========================== * Advisory: PRE-SA-2011-05 * Released on: 22 Jun 2011 * Last updated on: 22 Jun 2011 * Affected product: tftp-hpa 0.30 - 5.0 * Impact: buffer overflow * Origin: remote tftp client * Credit: Timo Warns (PRESENSE Technologies GmbH) * CVE Identifie [ more ] [ reply ] 2wire password reset module 2011-06-22 techhelperjax gmail com attached is a metasploit module I coded to reset the admin password on a 2wire wireless router. enjoy ======================================================================== ====================== require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpCli [ more ] [ reply ] HTB23016: Kofax e-Transactions Sender Sendbox ActiveX Control Insecure Method 2011-06-22 advisory htbridge ch Vulnerability ID: HTB23016 Reference: http://www.htbridge.ch/advisory/kofax_e_transactions_sender_sendbox_acti vex_control_savemessage_insecure_method.html Product: Kofax e-Transactions Sender Sendbox Vendor: Kofax, Inc ( http://www.kofax.com/ ) Vulnerable Version: 2.5.0.933 and probably prior Teste [ more ] [ reply ] |
|
Privacy Statement |
Luigi Auriemma
Application: Winamp
http://www.winamp.com
Versions: <= 5.61
Platforms: Windows
Bugs: A] in_midi Controller messages heap overflow
B] in_mi
[ more ] [ reply ]