[SECURITY] [DSA 2329-1] torque security update

2011-10-28 Thread Nico Golde
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2329-1secur...@debian.org http://www.debian.org/security/ Nico Golde Oct 27th, 2011

SANS AppSec 2012 CFP is Open

2011-10-28 Thread SANS AppSec CFP
Hi everyone, We're happy to announce that the sixth annual SANS AppSec Summit will be held in Las Vegas, Nevada on April 30 - May 1, 2012. The theme for this conference is Application Security at Scale. Billions of records in the cloud. Millions of smart mobile devices. Millions of

ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-303 October 26, 2011 -- CVE ID: CVE-2011-3219 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-304 October 26, 2011 -- CVE ID: CVE-2011-3252 -- CVSS: 8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products:

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-305 October 26, 2011 -- CVE ID: CVE-2011-3544 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-306 October 26, 2011 -- CVE ID: CVE-2011-3521 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle

ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-307 October 26, 2011 -- CVE ID: CVE-2011-3545 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products:

ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-308 October 26, 2011 -- CVE ID: CVE-2011-4004 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Cisco -- Affected Products: Cisco WebEx

ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-309 October 26, 2011 -- CVE ID: CVE-2011-3173 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Novell -- Affected Products:

ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-310 October 26, 2011 -- CVE ID: CVE-2011-2441 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe

DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315]

2011-10-28 Thread ddivulnalert
Title - DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315] Severity High Date Discovered --- August 9, 2011 Discovered By - Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description

[ GLSA 201110-24 ] Squid: Multiple vulnerabilities

2011-10-28 Thread Tim Sammut
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities

2011-10-28 Thread Tim Sammut
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ GLSA 201110-26 ] libxml2: Multiple vulnerabilities

2011-10-28 Thread Tim Sammut
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

APPLE-SA-2011-10-26-1 QuickTime 7.7.1

2011-10-28 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2011-10-26-1 QuickTime 7.7.1 QuickTime 7.7.1 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application

foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage

2011-10-28 Thread percx
Foofus.net Security Advisory: foofus-20111026 Title:Toshiba eStudio Multifunction Printer Information Leakage Version: e-Studio

[SECURITY] [DSA 2330-1] simplesamlphp security update

2011-10-28 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2330-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011

ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-311 October 27, 2011 -- CVE ID: CVE-2011-3220 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime

ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-313 October 27, 2011 -- CVE ID: CVE-2011-3223 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple

ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-312 October 27, 2011 -- CVE ID: CVE-2011-3221 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products:

ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-314 October 27, 2011 -- CVE ID: CVE-2011-3247 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple

ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-315 October 27, 2011 -- CVE ID: CVE-2011-3249 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime

ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability

2011-10-28 Thread ZDI Disclosures
ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-316 October 27, 2011 -- CVE ID: CVE-2011-3251 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime

[security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)

2011-10-28 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03070783 Version: 1 HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as

[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges

2011-10-28 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057703 Version: 2 HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges NOTICE: The information in this Security Bulletin should be acted

VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

2011-10-28 Thread VMware Security Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2011-0013 Synopsis:VMware third party component updates for VMware vCenter Server, vCenter

Re: jara 1.6 sql injection vulnerability

2011-10-28 Thread Henri Salo
On Sun, Oct 23, 2011 at 01:06:07AM +0200, muuratsalo experimental hack lab wrote: jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsalo[at]gmail.com exploit

[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS

2011-10-28 Thread noreply
-- (PT-2011-20) Positive Technologies Security Advisory Authorization bypass vulnerability in OneOrZero AIMS -- ---[Vulnerable software]

[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS

2011-10-28 Thread noreply
-- (PT-2011-21) Positive Technologies Security Advisory SQL injection vulnerability in OneOrZero AIMS -- ---[Vulnerable software]

[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

2011-10-28 Thread noreply
-- (PT-2011-29) Positive Technologies Security Advisory Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300. --

[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router

2011-10-28 Thread noreply
-- (PT-2011-30) Positive Technologies Security Advisory Disclosure of sensitive information in D-Link DIR-300 Router -- ---[Vulnerable software]

[SECURITY] [DSA 2323-1] radvd security update

2011-10-28 Thread Yves-Alexis Perez
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2323-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011

[SECURITY] [DSA 2331-1] tor security update

2011-10-28 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2331-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff October 28, 2011

eFront = 3.6.10 (build 11944) Multiple Security Vulnerabilities

2011-10-28 Thread n0b0d13s
eFront = 3.6.10 (build 11944) Multiple Security Vulnerabilities author.: EgiX mail...: n0b0d13s[at]gmail[dot]com software

RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command injection / sanitization issues.

2011-10-28 Thread Paul Oxman (poxman)
Hello, This is Paul Oxman with Cisco PSIRT. Please confirms the vulnerability reported by Peter Adkins, and has published an Intellishield response http://tools.cisco.com/security/center/viewAlert.x?alertId=24458 Additional information below. For current updates to Cisco PSIRT response,