|
|
Colapse all |
Post message
[SECURITY] [DSA 2549-1] devscripts security update 2012-09-15 Raphael Geissert (geissert debian org) [SECURITY] [DSA 2480-4] request-tracker3.8 regression update 2012-09-15 Raphael Geissert (geissert debian org) Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities 2012-09-12 Vulnerability Lab (research vulnerability-lab com) Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-09-06 References: =========== http://www.vulnerability-lab.com/get_content.php?id=557 VL-ID: ===== 557 Common Vulnerability Scoring System: ==================================== 5 Introduction: ======= [ more ] [ reply ] Knowledge Base EE v4.62.0 - SQL Injection Vulnerability 2012-09-12 Vulnerability Lab (research vulnerability-lab com) Title: ====== Knowledge Base EE v4.62.0 - SQL Injection Vulnerability Date: ===== 2012-09-11 References: =========== http://www.vulnerability-lab.com/get_content.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ======== [ more ] [ reply ] APPLE-SA-2012-09-12-1 iTunes 10.7 2012-09-12 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-12-1 iTunes 10.7 iTunes 10.7 is now available and addresses the following: WebKit Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or a [ more ] [ reply ] Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center 2012-09-12 mattijs alcyon nl Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 12, 2012 Vulnerability Type= Command injection Impact= System access Severity= Alcyon rates t [ more ] [ reply ] Cisco Security Advisory: Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability 2012-09-12 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability Advisory ID: cisco-sa-20120912-cupxcp Revision 1.0 For Public Release 2012 September 12 16:00 UTC (GMT) +--------------------------- [ more ] [ reply ] Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center 2012-09-12 mattijs alcyon nl Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 11, 2012 Vulnerability Type= Arbitrary file upload Impact= Loss of system integrity Sever [ more ] [ reply ] Cisco Security Advisory: Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability 2012-09-12 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability Advisory ID: cisco-sa-20120912-asacx Revision 1.0 For Public Release 2012 September 12 16:00 UTC (GMT) +--------------------------------------------------------------------- [ more ] [ reply ] VUPEN - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58) 2012-09-11 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser and c [ more ] [ reply ] VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060) 2012-09-11 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating syste [ more ] [ reply ] VUPEN - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution (APSB12-19) 2012-09-11 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution (APSB12-19) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime [ more ] [ reply ] ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities 2012-09-11 Security Alert (Security_Alert emc com) Multiple vulnerabilities in Ezylog photovoltaic management server 2012-09-11 roberto greyhats it Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= [ADVISORY INFORMATION] Title: Multiple vulnerabilities in Ezylog photovoltaic management server Discovery date: 27/08/2012 Release date: 11/09/2012 Credits: [ more ] [ reply ] GreHack 2012 - 19th Oct. Grenoble, France - Call For [ Participation, Student Grants Application, Music Bands/Artists/DJ ] 2012-09-11 Fabien DUCHENE (f duchene car-online fr) Wordpress Download Monitor - Download Page Cross-Site Scripting 2012-09-09 Joseph Sheridan (joe reactionis com) /-----------------------------------------------------------------| Wordpress Download Monitor - Download Page Cross-Site Scripting | \-----------------------------------------------------------------/ Summary ======= Wordpress Download Monitor 3.3.5.7 is subject to a cross-site scripting vulne [ more ] [ reply ] [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods 2012-09-10 Timo Warns (Warns Pre-Sense DE) PRE-CERT Security Advisory ========================== * Advisory: PRE-SA-2012-06 * Released on: 10 September 2012 * Affected product: FreeRADIUS 2.1.10 - 2.1.12 * Impact: remote code execution * Origin: specially crafted client certificates * CVSS Base Score: 10 Impact Subscore: 10 Exploita [ more ] [ reply ] nullcon CTF HackIM is on 2012-09-07 nullcon (nullcon nullcon net) n00bs & haXors, We are proud to present the most awaited edition of HackIM for the second time in the same year .. This time its bigger, better and more twisted then ever. We've got se7en categories, each with 5 levels (Total of whopping 35 levels!) - Trivia - Crypto - Programming - Web - Reverse [ more ] [ reply ] ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks 2012-09-07 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) [ more ] [ reply ] [SE-2012-01] Security vulnerabilities in IBM Java 2012-09-11 Security Explorations (contact security-explorations com) Hello All, Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software [1]. This is IBM [2] implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can le [ more ] [ reply ] [SECURITY] [DSA 2543-1] xen-qemu-dm-4.0 security update 2012-09-08 Raphael Geissert (geissert debian org) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2549-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Raphael Geissert
September 15, 2012
[ more ] [ reply ]