Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:WinAmp
Vendor URL: www.winamp.com
Type: Pointer Issues [CWE-465]
Date found: 2013-06-05
Date published: 2013-07-01
CVSSv2 Score: 4,4 (AV:L/AC:M/Au:N/C:P/I:P/A:P
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:186
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:180
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:181
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:182
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:183
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:184
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:185
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Email Security
Appliance
Advisory ID: cisco-sa-20130626-esa
Revision 1.0
For Public Release 2013 June 26 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Web Security
Appliance
Advisory ID: cisco-sa-20130626-wsa
Revision 1.0
For Public Release 2013 June 26 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Content Security
Management Appliance
Advisory ID: cisco-sa-20130626-sma
Revision 1.0
For Public Release 2013 June 26 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory:Cisco ASA Next-Generation Firewall Fragmented Traffic
Denial of Service Vulnerability
Advisory ID: cisco-sa-20130626-ngfw
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20130626-ngfw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:179
http://www.mandriva.com/en/support/security
View online: https://drupal.org/node/1762734
* Advisory ID: DRUPAL-SA-CONTRIB-2012-136
* Project: Apache Solr Autocomplete [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-August-29
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross
View online: https://drupal.org/node/2028813
* Advisory ID: DRUPAL-SA-CONTRIB-2013-054
* Project: Fast Permissions Administration [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2013-June-26
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:177
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:178
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:176
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and
TE Software
Advisory ID: cisco-sa-20130619-tpc
Revision 1.0
For Public Release 2013 June 19 16:00 UTC (GMT
View online: https://drupal.org/node/2023585
* Advisory ID: DRUPAL-SA-CONTRIB-2013-053
* Project: Login Security [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2013-June-19
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Multiple vulnerabilities
those building web
sites
and those sending email to configure things properly.
We're just being too kind when it comes to security: we can either have
security and
be real nit-picky about it or have something that only looks like security but
really
just wastes people's time while allowing attackers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:175
http://www.mandriva.com/en/support/security
Valdis,
No, that's how to do it *hardline*. There's many in the
security industry that will explain to you that it's also
doing it *wrong*. Hint - the first time that HR sends out a
posting about a 3-day window next week to change your
insurance plan without penalty, signs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:174
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===
Avira AntiVir Engine -- Denial of Service / Filtering Evasion
- -
Affected Versions
=
Avira AntiVir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:173
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:172
http://www.mandriva.com/en/support/security
View online: https://drupal.org/node/2017933
* Advisory ID: DRUPAL-SA-CONTRIB-2013-052
* Project: Display Suite [1] (third-party module)
* Version: 7.x
* Date: 2013-June-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com
Buffer overflow in Ubiquiti airCam RTSP service
1. *Advisory Information*
Title: Buffer overflow in Ubiquiti airCam RTSP service
Advisory ID: CORE-2013-0430
Advisory URL:
http://www.coresecurity.com/advisories/buffer-overflow
View online: https://drupal.org/node/2012982
* Advisory ID: DRUPAL-SA-CONTRIB-2013-051
* Project: Services [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2013-June-05
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Xpient Cash Drawer Operation Vulnerability
1. *Advisory Information*
Title: Xpient Cash Drawer Operation Vulnerability
Advisory ID: CORE-2013-0517
Advisory URL:
http://www.coresecurity.com/advisories/xpient-cash-drawer
=
INTERNET SECURITY AUDITORS ALERT 2013-009
- Original release date: March 15th, 2013
- Last revised: June 4th, 2013
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
- CVE-ID: CVE-2013-2621,
CVE-2013-2623
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Mac OSX Server DirectoryService buffer overflow
1. *Advisory Information*
Title: Mac OSX Server DirectoryService buffer overflow
Advisory ID: CORE-2013-0103
Advisory URL:
http://www.coresecurity.com/advisories/mac-osx-server
Authentication:
* Obtain cleartext passwords entered by the user when logging into a
Windows system, and stored by the Windows Digest Authentication security
package
Supported Platforms
---
Windows Credentials Editor supports Windows XP, 2003, Vista, 7, 2008,
Windows 8.
Additional
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:171
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:169
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:170
http://www.mandriva.com/en/support/security
View online: http://drupal.org/node/2007048
* Advisory ID: DRUPAL-SA-CONTRIB-2013-048
* Project: Edit Limit [1] (third-party module)
* Version: 7.x
* Date: 2013-May-29
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/2007122
* Advisory ID: DRUPAL-SA-CONTRIB-2013-049
* Project: Node access user reference [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2013-May-29
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access
View online: https://drupal.org/node/2007460
* Advisory ID: DRUPAL-SA-CONTRIB-2013-050
* Project: Webform [1] (third-party module)
* Version: 6.x
* Date: 2013-May-29
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com
Zavio IP Cameras multiple vulnerabilities
1. *Advisory Information*
Title: Zavio IP Cameras multiple vulnerabilities
Advisory ID: CORE-2013-0302
Advisory URL:
http://www.coresecurity.com/advisories/zavio-IP-cameras-multiple
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
MayGion IP Cameras multiple vulnerabilities
1. *Advisory Information*
Title: MayGion IP Cameras multiple vulnerabilities
Advisory ID: CORE-2013-0322
Advisory URL:
http://www.coresecurity.com/advisories/maygion-IP-cameras
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com
TP-Link IP Cameras Multiple Vulnerabilities
1. *Advisory Information*
Title: TP-Link IP Cameras Multiple Vulnerabilities
Advisory ID: CORE-2013-0318
Advisory URL:
http://www.coresecurity.com/advisories/tp-link-IP-cameras
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:167
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:168
http://www.mandriva.com/en/support/security
2013 http://www.is-ra.org/c0c0n/, a 3-day Security and
Hacking Conference (1 day pre-conference workshop and 2 day conference), full of
interesting presentations, talks and of course filled with fun!
The conference topics are divided into four domains as follows:
Info Sec - Technical
Info Sec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:166
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:165
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of
Service Vulnerability
Advisory ID: cisco-sa-20130515-mse
Revision 1.0
For Public Release 2013 May 15 16:00 UTC (GMT
View online: http://drupal.org/node/1995706
* Advisory ID: DRUPAL-SA-CONTRIB-2013-047
* Project: Google Authenticator login [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2013-May-15
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:164
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote
Command Execution Vulnerability
Advisory ID: cisco-sa-20121031-dcnm
Revision 2.0
Last Updated 2013 May 08 16:00 UTC (GMT)
For Public Release 2012 October 31 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Customer
Voice Portal Software
Advisory ID: cisco-sa-20130508-cvp
Revision 1.0
For Public Release 2013 May 8 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:162
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:163
http://www.mandriva.com/en/support/security
Hello All,
Security Explorations discovered 7 additional security issues (#62-68)
in the latest version of IBM SDK, Java Technology Edition software [1].
A majority of the new flaws are due to insecure use or implementation
of Java Reflection API.
Additionally to the above, we found out
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:161
http://www.mandriva.com/en/support/security
[ESNC-2013-005] Remote Code Injection in SAP ERP Central Component -
Project System
Please refer to http://www.esnc.de for the original security advisory,
updates and additional information.
1. Business Impact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:160
http://www.mandriva.com/en/support/security
View online: http://drupal.org/node/1984212
* Advisory ID: DRUPAL-SA-CONTRIB-2013-046
* Project: Filebrowser [1] (third-party module)
* Version: 6.x
* Date: 2013-May-1
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:157
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:158
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:159
http://www.mandriva.com/en/support/security
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2013.005 30-APR-2013
Vendors:IBM, http://www.IBM.com
Product:Lotus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:154
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:155
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:156
http://www.mandriva.com/en/support/security
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com
Vivotek IP Cameras Multiple Vulnerabilities
1. *Advisory Information*
Title: Vivotek IP Cameras Multiple Vulnerabilities
Advisory ID: CORE-2013-0301
Advisory URL:
http://www.coresecurity.com/advisories/vivotek-ip-cameras
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
D-Link IP Cameras Multiple Vulnerabilities
1. *Advisory Information*
Title: D-Link IP Cameras Multiple Vulnerabilities
Advisory ID: CORE-2013-0303
Advisory URL:
http://www.coresecurity.com/advisories/d-link-ip-cameras-multiple
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:151
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:152
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:153
http://www.mandriva.com/en/support/security
[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for
SAP NetWeaver
Please refer to http://www.esnc.de for the original security advisory,
updates and additional information.
1. Business Impact
are not available.
Workarounds that mitigate this vulnerability are available. This advisory is
available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin
affect only Cisco UCS. Additional vulnerabilities that
affect the NX-OS base operating system of UCS are described in Multiple
Vulnerabilities in Cisco NX-OS-Based Products.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory
software updates that address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http
Hello All,
Today, a vulnerability report with an accompanying Proof of
Concept code was sent to Oracle notifying the company of a
new security weakness affecting Java SE 7 software.
The new flaw was verified to affect all versions of Java SE
7 (including the recently released 1.7.0_21-b11
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:148
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:149
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:150
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:145
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:146
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:147
http://www.mandriva.com/en/support/security
vulnerability that
was known to the vendor since 2005. What's also interesting is
that a fix for it is now highlighted by Oracle as a new security
feature of Java [3].
We can't decide what is more surprising to us:
1) finding out that Oracle finally admitted that Java security
issues could affect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Network Admission Control Manager SQL Injection
Vulnerability
Advisory ID: cisco-sa-20130417-nac
Revision 1.0
For Public Release 2013 April 17 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco TelePresence Infrastructure Denial of Service
Vulnerability
Advisory ID: cisco-sa-20130417-tpi
Revision 1.0
For Public Release 2013 April 17 16:00 UTC (GMT
View online: http://drupal.org/node/1972804
* Advisory ID: DRUPAL-SA-CONTRIB-2013-043
* Project: MP3 Player [1] (third-party module)
* Version: 6.x
* Date: 2013-April-17
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1972942
* Advisory ID: DRUPAL-SA-CONTRIB-2013-044
* Project: elFinder file manager [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2013-April-17
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: http://drupal.org/node/1972976
* Advisory ID: DRUPAL-SA-CONTRIB-2013-045
* Project: Autocomplete Widgets for Text and Number Fields [1] (third-party
module)
* Version: 6.x, 7.x
* Date: 2013-April-17
* Security risk: Moderately critical [2]
* Exploitable from: Remote
[ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution
Please refer to www.esnc.de for the original security advisory, updates and
additional information.
1. Business Impact
[ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control
Please refer to www.esnc.de for the original security advisory, updates and
additional information.
1. Business Impact
[ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication
Services
Please refer to www.esnc.de for the original security advisory, updates and
additional information.
1. Business Impact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:144
http://www.mandriva.com/en/support/security
Hello All,
Today, Oracle released Java SE 7 Update 21, which among other
things addresses six security vulnerabilities that were reported
to the company earlier this year (Issues 51, 55 and 57-60).
Our original vulnerability reports and Proof of Concept codes
for these and some previously
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:143
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:125
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:134
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:114
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:127
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:124
http://www.mandriva.com/en/support/security
301 - 400 of 3960 matches
Mail list logo