[SE-2012-01] An issue with new Java SE 7 security features

Hello All, According to Oracle's Java security head, the company has recently made very significant security improvements to Java, such as to prevent silent exploits. The problem is that people don't understand those features yet [1]. Starting from Java SE 7 Update 10 released in Oct 2012, a

[ MDVSA-2013:005 ] perl

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:005 http://www.mandriva.com/security/

nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities

Title: == nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities Date: = 2013-01-28 References: === http://www.vulnerability-lab.com/get_content.php?id=795 nCircle Tracking ID: 20130117-US11337 VL-ID: = 795 Common Vulnerability Scoring System:

Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities

Title: == Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: = 2013-01-23 References: === http://www.vulnerability-lab.com/get_content.php?id=701 VL-ID: = 701 Common Vulnerability Scoring System: 7.1 Introduction:

ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability EMC Identifier: ESA-2013-010 EMC Identifier: NW147263 CVE Identifier: CVE-2013-0930 Severity Rating: CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Affected product: EMC

Kohana Framework v2.3.3 - Directory Traversal Vulnerability

Title: == Kohana Framework v2.3.3 - Directory Traversal Vulnerability Date: = 2013-01-27 References: === http://www.vulnerability-lab.com/get_content.php?id=841 VL-ID: = 837 Common Vulnerability Scoring System: 7.1 Introduction:

[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability

-- DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability -- • Software Link: http://dleviet.com/ • Affected Version: 9.7 only. • Vulnerability

APPLE-SA-2013-01-28-1 iOS 6.1 Software Update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2013-01-28-1 iOS 6.1 Software Update iOS 6.1 Software Update is now available and addresses the following: Identity Services Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact:

APPLE-SA-2013-01-28-2 Apple TV 5.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2013-01-28-2 Apple TV 5.2 Apple TV 5.2 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: A user-mode process may be able to access the first page of kernel memory Description:

XSS in Elgg 1.8.12, 1.7.16 (core module Twitter widget)

Hello dear XSS bored audience, the PHP based social networking engine Elgg [1], versions 1.8.12 and 1.7.16 and earlier, bears a persistent script injection vulnerability in its core module Twitter widget, which allows for XSS attacks. On installations which have the Twitter widget activated

Adobe Reader XI versions are vulnerable to a heap overflow

1. OVERVIEW Adobe Reader XI versions are vulnerable to a heap overflow 2. BACKGROUND Adobe Reader software is the free trusted standard for reliably viewing, printing, and annotating PDF documents. It's the only PDF file viewer that can open and interact with all types of PDF content,