|
|
Prev week |
Colapse all |
Post message
Microsoft Patches Binary Planting Issues In Various Vendors' Products 2011-04-13 ACROS Security Lists (lists acros si) ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability 2011-04-12 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-125 April 12, 2011 -- CVE ID: CVE-2011-0656 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microso [ more ] [ reply ] [USN-1109-1] GIMP vulnerabilities 2011-04-13 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1109-1 April 13, 2011 gimp vulnerabilities CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543 =========================================================== A security issue affects the following [ more ] [ reply ] Re: joomlacontenteditor (com_jce) BLIND sql injection vulnerability 2011-04-12 Stephen Brandon (stephen brandonitconsulting co uk) This alert is bunk. There is no mention of "Itemid" in relation to database operations in the entire source code of com_jce, which there would need to be for blind sql injection. The behaviour of the Itemid parameter in Joomla is complex and I won't go into all the details here. Suffice it to say t [ more ] [ reply ] iDefense Security Advisory 04.12.11: Microsoft Excel Memory Corruption Vulnerability 2011-04-12 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website: http://office.micr [ more ] [ reply ] [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel 2011-04-13 Timo Warns (warns pre-sense de) PRE-CERT Security Advisory ========================== * Advisory: PRE-SA-2011-03 * Released on: 13 Apr 2011 * Last updated on: 13 Apr 2011 * Affected product: Linux Kernel 2.4 and 2.6 * Impact: denial-of-service * Origin: storage devices * Credit: Timo Warns (PRESENSE Technologies GmbH) * CVE Ident [ more ] [ reply ] VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability 2011-04-13 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows h [ more ] [ reply ] [security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) 2011-04-13 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02746026 Version: 1 HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) NOTICE: The information in [ more ] [ reply ] ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability 2011-04-12 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-123 April 12, 2011 -- CVE ID: CVE-2011-0655 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microso [ more ] [ reply ] VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability 2011-04-13 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office is a proprietary commercial office suite of inter-related desktop applications, servers and services for th [ more ] [ reply ] nSense-2011-001: VeryPDF pdf2tif 2011-04-13 Henri Lindberg henri+lists (at) nsense (dot) fi [email concealed] (henri+lists nsense fi) [security bulletin] HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS) 2011-04-13 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02729035 Version: 2 HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS) NOTICE: The information in this Se [ more ] [ reply ] ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability 2011-04-12 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-122 April 12, 2011 -- CVE ID: CVE-2011-1426 -- CVSS: 9.7, (AV:N/AC:L/Au:N/C:C/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: Real [ more ] [ reply ] iDefense Security Advisory 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability 2011-04-12 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer, pl [ more ] [ reply ] ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability 2011-04-12 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-121 April 12, 2011 -- CVE ID: CVE-2011-0105 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: Micro [ more ] [ reply ] [security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS) 2011-04-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02777287 Version: 1 HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as pos [ more ] [ reply ] [security bulletin] HPSBUX02655 SSRT100353 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2011-04-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02783438 Version: 1 HPSBUX02655 SSRT100353 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. [ more ] [ reply ] [DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption 2011-04-12 Flavio do Carmo Junior aka waKKu (carmo flavio dclabs com br) [DCA-2011-0010] [Discussion] - DcLabs Security Research Group advises about following vulnerability(ies): [Software] - TOTVS ERP Microsiga Protheus (Application Server) [Vendor Product Description] - Software de Gestão - TOTVS - TOTVS is a software company, innovation, relationship and support m [ more ] [ reply ] ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability 2011-04-12 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-124 April 12, 2011 -- CVE ID: CVE-2011-0655 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Microsoft -- Affect [ more ] [ reply ] ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability 2011-04-12 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-120 April 12, 2011 -- CVE ID: CVE-2011-0101 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Microsoft -- Affected Products: Micros [ more ] [ reply ] Announcing TakeDownCon Dallas - May 14-19 - Dallas, TX 2011-04-12 EC-Council USA (eccouncil usa gmail com) Announcing TakeDownCon Dallas - May 14-19 - Dallas, TX It?s right around the corner. TakeDownCon Dallas - the inaugural event in EC-Council?s new technical IT security conference series - will be taking place from May 14-19, at the InterContinental Dallas, in Dallas, TX. Pre-event training, from [ more ] [ reply ] ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability 2011-04-12 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-119 April 12, 2011 -- CVE ID: CVE-2011-1345 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Microsoft -- Affected Products: M [ more ] [ reply ] HTB22928: Multiple SQL Injections in WebsiteBaker 2011-04-12 advisory htbridge ch Vulnerability ID: HTB22928 Reference: http://www.htbridge.ch/advisory/multiple_sql_injections_in_websitebaker. html Product: WebsiteBaker Vendor: Website Baker Org ( http://www.websitebaker2.org/ ) Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: SQL Injection Risk l [ more ] [ reply ] HTB22929: Multiple Path disclosure in WebsiteBaker 2011-04-12 advisory htbridge ch Vulnerability ID: HTB22929 Reference: http://www.htbridge.ch/advisory/multiple_path_disclosure_in_websitebaker .html Product: WebsiteBaker Vendor: Website Baker Org ( http://www.websitebaker2.org/ ) Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure Ris [ more ] [ reply ] [security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS) 2011-04-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02267197 Version: 1 HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should [ more ] [ reply ] HTB22926: XSS vulnerability in Plogger 2011-04-12 advisory htbridge ch Vulnerability ID: HTB22926 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_plogger.html Product: Plogger Vendor: Plogger Team ( http://www.plogger.org/ ) Vulnerable Version: 1.0 RC1 Vendor Notification: 29 March 2011 Vulnerability Type: XSS Risk level: Medium Credit: High-Tech Bri [ more ] [ reply ] Stack overflow in Microsoft HTML Help 6.1 (CHM files) 2011-04-12 Luigi Auriemma (aluigi autistici org) [IMF 2011] Call for Participation 2011-04-12 Oliver Goebel (goebel cert uni-stuttgart de) Dear all, please find enclosed the call for participation for IMF 2011. See the program at: http://www.imf-conference.org/imf2011/program.html The conference will take place from Tuesday, May 10th through Thursday, May 12th in Stuttgart, Germany. Registration Details can be found at: http://www. [ more ] [ reply ] |
|
Privacy Statement |
The latest security updates from Microsoft fix binary planting issues (loading of
dwmapi.dll) in the following applications (and probably many more):
1. Autodesk 3ds Max 2010 Release 12.0
2. Autodesk 3ds Max 2011 Release 13.0
3. Avast! Free Antivirus 5.0.545
4. Avira Premium Security Suite 10.0.0.
[ more ] [ reply ]