Re: FastStone Image Viewer 4.6 = ReadAVonIP Arbitrary Code Execution

2012-10-10 Thread pereira
Sorry, that's actually a NULL pointer bug. :) It's not exploitable.

[slackware-security] mozilla-firefox (SSA:2012-283-01)

2012-10-10 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2012-283-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--+

[ MDVSA-2012:162 ] bind

2012-10-10 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:162 http://www.mandriva.com/security/

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

2012-10-10 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Advisory ID: cisco-sa-20121010-asa Revision 1.0 For Public Release 2012 October 10 16:00 UTC (GMT

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module

2012-10-10 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Multiple Vulnerabilities in Cisco Firewall Services Module Advisory ID: cisco-sa-20121010-fwsm Revision 1.0 For Public Release 2012 October 10 16:00 UTC (GMT) - -- Summary

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format Player

2012-10-10 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player Advisory ID: cisco-sa-20121010-webex Revision 1.0 For Public Release 2012 October 10 16:00 UTC (GMT

[CVE-2012-4501] CloudStack configuration vulnerability

2012-10-10 Thread John Kinsella
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2012-4501: Apache CloudStack configuration vulnerability Severity: Critical Vendors: The Apache Software Foundation Citrix, Inc. Versions Affected: As no official releases have been made, this does not affect any official Apache CloudStack

VLC Player 2.0.3 = ReadAV Arbitrary Code Execution (Update)

2012-10-10 Thread pereira
#!/usr/bin/perl # VLC Player 2.0.3 = ReadAV Arbitrary Code Execution # Author: Jean Pascal Pereira pere...@secbiz.de # Vendor URI: http://www.videolan.org/vlc/ # Vendor Description: # VLC is a free and open source cross-platform multimedia player # and framework that plays most multimedia

Microsoft Office Excel ReadAV Arbitrary Code Execution

2012-10-10 Thread pereira
#!/usr/bin/perl # Microsoft Office Excel ReadAV Arbitrary Code Execution # Author: Jean Pascal Pereira pere...@secbiz.de # Vendor URI: http://office.microsoft.com # Vendor Description: # Microsoft Excel is a commercial spreadsheet application written and distributed by Microsoft for

Multiple vulnerabilities in OpenX

2012-10-10 Thread advisory
Advisory ID: HTB23116 Product: OpenX Vendor: OpenX Vulnerable Version(s): 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: September 19, 2012 Public Disclosure: October 10, 2012 Vulnerability Type: Cross-Site Scripting [CWE-79], SQL Injection [CWE-89] CVE References:

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

2012-10-10 Thread Vulnerability Lab
Title: == vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Date: = 2012-10-09 References: === http://www.vulnerability-lab.com/get_content.php?id=721 VL-ID: = 721 Common Vulnerability Scoring System: 8.3 Introduction: