View online: http://drupal.org/node/1808852
* Advisory ID: DRUPAL-SA-CONTRIB-2012-154
* Project: Basic webmail [1] (third-party module)
* Version: 6.x
* Date: 2012-October-10
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1808856
* Advisory ID: DRUPAL-SA-CONTRIB-2012-155
* Project: ShareThis [1] (third-party module)
* Version: 7.x
* Date: 2012-October-10
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
---
VMware Security Advisory
Advisory ID: VMSA-2012-0014
Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder
security updates
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:151-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:150-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:160
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:157
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:158
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:159
http://www.mandriva.com/security
View online: http://drupal.org/node/1802218
* Advisory ID: DRUPAL-SA-CONTRIB-2012-149
* Project: Hostip [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-October-03
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1802230
* Advisory ID: DRUPAL-SA-CONTRIB-2012-150
* Project: Twitter Pull [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-October-03
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1802258
* Advisory ID: DRUPAL-SA-CONTRIB-2012-151
* Project: Commerce extra panes [1] (third-party module)
* Version: 7.x
* Date: 2012-October-3
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:152-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:156
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:155-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:153-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:154-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:154
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:155
http://www.mandriva.com/security
to the public regarding security
risks identified in a given software / technology. Due to our old
fashioned approach to communication (we don't tweet, blog, etc.),
we carry these warnings by the means of sending posts to Bugtraq
and Full Disclosure mailing lists. I am not sure if you remember
these times
://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses
to the
vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight
updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ios-ips
Note: The September 26, 2012, Cisco IOS Software
at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco
updates that address these
vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security
traffic from
transiting the affected interfaces.
Cisco has released free software updates that addresses this
vulnerability. There are no workarounds for this vulnerability. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa
the DHCP version 6 (DHCPv6) server feature enabled, causing a
reload.
Cisco has released free software updates that address this
vulnerability. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcpv6
Note
released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcp
Note: The September 26, 2012
that address this
vulnerability.
Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
Note: The September 26, 2012, Cisco IOS Software Security Advisory
View online: http://drupal.org/node/1796036
* Advisory ID: DRUPAL-SA-CONTRIB-2012-148
* Project: Organic groups [1] (third-party module)
* Version: 7.x
* Date: 2012-September-26
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
Hello All,
We've recently discovered yet another security vulnerability
affecting all latest versions of Oracle Java SE software. The
impact of this issue is critical - we were able to successfully
exploit it and achieve a complete Java security sandbox bypass
in the environment of Java SE 5, 6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect
Secure Mobility Client
Advisory ID: cisco-sa-20120620-ac
Revision 2.0
Last Updated 2012 September 19 16:01 UTC (GMT)
For Public Release 2012 June 20 16:00 UTC (GMT
View online: http://drupal.org/node/1789242
* Advisory ID: DRUPAL-SA-CONTRIB-2012-142
* Project: Spambot [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-September-19
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1789252
* Advisory ID: DRUPAL-SA-CONTRIB-2012-143
* Project: PRH Search [1] (third-party module)
* Version: 7.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1789258
* Advisory ID: DRUPAL-SA-CONTRIB-2012-144
* Project: Fonecta verify [1] (third-party module)
* Version: 7.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1789260
* Advisory ID: DRUPAL-SA-CONTRIB-2012-145
* Project: Imagemenu [1] (third-party module)
* Version: 6.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1789284
* Advisory ID: DRUPAL-SA-CONTRIB-2012-146
* Project: Simplenews Scheduler [1] (third-party module)
* Version: 6.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Arbitrary PHP
View online: http://drupal.org/node/1789306
* Advisory ID: DRUPAL-SA-CONTRIB-2012-147
* Project: FileField Sources [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:153
http://www.mandriva.com/security
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:Sound Editor Pro v7.5.1
Vendor URL: www.soundeditorpro.com
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2012-08-15
Date published: 2012-09-16
CVSSv2 Score
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:152
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:151
http://www.mandriva.com/security
exploitation of this
vulnerability.
Cisco has released free software updates that address this
vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp
-BEGIN PGP SIGNATURE-
Version: GnuPG
)
+-
Summary
===
Cisco ASA-CX Context-Aware Security appliance and Cisco Prime Security
Manager (PRSM) contain a denial of service (DoS) vulnerability in
versions prior to 9.0.2-103.
Successful exploitation of this vulnerability on the Cisco ASA-CX
could cause the device to stop processing user
View online: http://drupal.org/node/1782686
* Advisory ID: DRUPAL-SA-CONTRIB-2012-140
* Project: Inf08 [1] (third-party module)
* Version: 6.x
* Date: 2012-September-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1782832
* Advisory ID: DRUPAL-SA-CONTRIB-2012-141
* Project: Mass Contact [1] (third-party module)
* Version: 6.x
* Date: 2012-September-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1782580
* Advisory ID: DRUPAL-SA-CONTRIB-2012-139
* Project: PDFThumb [1] (third-party module)
* Version: 7.x
* Date: 2012-September-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: OS Injection
Hello All,
Security Explorations discovered multiple security vulnerabilities
in IBM SDK, Java Technology Edition software [1]. This is IBM [2]
implementation of Java SE technology for AIX, Linux, z/OS and IBMi
platforms.
Among a total of 17 security weaknesses found, there are issues that
can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:150
http://www.mandriva.com/security
View online: http://drupal.org/node/1775470
* Advisory ID: DRUPAL-SA-CONTRIB-2012-137
* Project: Heartbeat [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-September-5
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request
View online: http://drupal.org/node/1775582
* Advisory ID: DRUPAL-SA-CONTRIB-2012-138
* Project: Exposed Filter Data [1] (third-party module)
* Version: 6.x
* Date: 2012-September-05
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
[ * ] ekoparty Security Conference and Trainings - 8th edition [ * ]
http://www.ekoparty.org
Trainings: September 17-18 / Conference: September 19-21, 2012
Ciudad Autónoma de Buenos Aires, Argentina
[*] WHAT?
ekoparty is a one-of-a-kind event in South America; an annual security
conference
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:149
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
VMware Security Advisory
Advisory ID: VMSA-2012-0013
Synopsis: VMware vSphere and vCOps updates to third party libraries
Issue date: 2012-08-30
-up
where we will present many new details of security issues found.
We'll send notification about the paper release to Bugtraq / Full
Disclosure mailing lists. We do not plan to do that prior to the
release of the necessary security fixes by Oracle though.
Thank you.
Best Regards,
Adam Gowdiak
method is used
to achieve a complete JVM sandbox bypass is different from what was
demonstrated to Oracle (different exploitation path).
Thanks.
--
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-explorations.com
We bring security
vector with the use of the sun.awt.SunToolkit class.
Removing getField and getMethod methods from the implementation of
the aforementioned class caused all of our full sandbox bypass Proof
of Concept codes [2] not to work any more (please note, that not all
security issues that were reported in Apr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:074-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:148
http://www.mandriva.com/security
Asterisk Project Security Advisory - AST-2012-012
Product Asterisk
Summary Asterisk Manager User Unauthorized Shell Access
Nature of Advisory Permission Escalation
Asterisk Project Security Advisory - AST-2012-013
ProductAsterisk
SummaryACL rules ignored when placing outbound calls by
certain IAX2 users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:145
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:146
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:147
http://www.mandriva.com/security
View online: http://drupal.org/node/1762480
* Advisory ID: DRUPAL-SA-CONTRIB-2012-132
* Project: Announcements [1] (third-party module)
* Version: 6.x
* Date: 2012-August-29
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1762470
* Advisory ID: DRUPAL-SA-CONTRIB-2012-131
* Project: Email Field [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-August-29
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1762482
* Advisory ID: DRUPAL-SA-CONTRIB-2012-133
* Project: Taxonomy Image [1] (third-party module)
* Version: 6.x
* Date: 2012-August-29
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1762220
* Advisory ID: DRUPAL-SA-CONTRIB-2012-130
* Project: Javascript Tool [1] (third-party module)
* Version: 7.x
* Date: 2012-August-29
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Multiple vulnerabilities
View online: http://drupal.org/node/1762160
* Advisory ID: DRUPAL-SA-CONTRIB-2012-129
* Project: Activism [1] (third-party module)
* Version: 6.x
* Date: 2012-08-29
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access Bypass
View online: http://drupal.org/node/1762492
* Advisory ID: DRUPAL-SA-CONTRIB-2012-134
* Project:
(third-party module)
* Version: 6.x
* Date: 2012-August-29
* Security risk: Critical [1]
* Exploitable from: Remote
* Vulnerability: Privilege escalation
DESCRIPTION
View online: http://drupal.org/node/1762496
* Advisory ID: DRUPAL-SA-CONTRIB-2012-135
* Project: CAPTCHA [1] (third-party module)
* Version: 6.x
* Date: 2011-August-29
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
DESCRIPTION
View online: http://drupal.org/node/1762734
* Advisory ID: DRUPAL-SA-CONTRIB-2012-136
* Project: Apache Solr Autocomplete [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-August-29
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:144
http://www.mandriva.com/security
Hello All,
This post is made in reference to recently discovered attack against
Java SE 7 platform [1][2]. We discovered that the vulnerabilities used
by the attack code are similar to some of the weaknesses that we have
found as part of our SE-2012-01 Java SE security research project [3
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:Aoop CMS
Vendor URL: www.annonyme.de
Type: Cross-site Scripting [CWE-79], SQL-Injection [CWE-89]
Date found: 2012-04-07
Date published: 2012-08-24
CVSSv2 Score
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:143
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:141
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:142
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:140
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:139
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:136
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:138
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:137
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:133
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:134
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:135
http://www.mandriva.com/security
software updates that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:132
http://www.mandriva.com/security
View online: http://drupal.org/node/1732946
* Advisory ID: DRUPAL-SA-CONTRIB-2012-126
* Project: HotBlocks [1] (third-party module)
* Version: 6.x
* Date: 2012-August-15
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1733056
* Advisory ID: DRUPAL-SA-CONTRIB-2012-128
* Project: Elegant Theme [1] (third-party module)
* Version: 7.x
* Date: 2012-August-15
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1732980
* Advisory ID: DRUPAL-SA-CONTRIB-2012-127
* Project: Custom Publishing Options [1] (third-party module)
* Version: 6.x
* Date: 2012-August-15
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:131
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:130
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:129
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:129-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:128
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:126
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:127
http://www.mandriva.com/security
View online: http://drupal.org/node/1719392
* Advisory ID: DRUPAL-SA-CONTRIB-2012-121
* Project: Shorten URLs [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-August-8
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1719402
* Advisory ID: DRUPAL-SA-CONTRIB-2012-122
* Project: Better Revisions [1] (third-party module)
* Version: 7.x
* Date: 2012-August-08
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
701 - 800 of 3960 matches
Mail list logo