View online: http://drupal.org/node/1719462
* Advisory ID: DRUPAL-SA-CONTRIB-2012-123
* Project: Shibboleth authentication [1] (third-party module)
* Version: 6.x
* Date: 2012-August-8
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1719482
* Advisory ID: DRUPAL-SA-CONTRIB-2012-124
* Project: Mime Mail [1] (third-party module)
* Version: 6.x
* Date: 2012-August-8
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
DESCRIPTION
View online: http://drupal.org/node/1719548
* Advisory ID: DRUPAL-SA-CONTRIB-2012-125
* Project: Chaos tool suite (ctools) [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-August-8
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Local File
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:125
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:123
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:124
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:122
http://www.mandriva.com/security
View online: http://drupal.org/node/1708058
* Advisory ID: DRUPAL-SA-CONTRIB-2012-119
* Project: Excluded Users [1] (third-party module)
* Version: 6.x
* Date: 2012-August-1
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1708198
* Advisory ID: DRUPAL-SA-CONTRIB-2012-120
* Project: Monthly Archive by Node Type [1] (third-party module)
* Version: 6.x
* Date: 2012-August-1
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:111
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:121
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:110-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:119
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:117
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:118
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:112
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:113
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:114
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:115
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:116
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:111
http://www.mandriva.com/security
View online: http://drupal.org/node/1700578
* Advisory ID: DRUPAL-SA-CONTRIB-2012-115
* Project: Gallery formatter [1] (third-party module)
* Version: 7.x
* Date: 2012-July-25
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1700584
* Advisory ID: DRUPAL-SA-CONTRIB-2012-116
* Project: Subuser [1] (third-party module)
* Version: 6.x
* Date: 2012-July-25
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass, Cross Site Request
View online: http://drupal.org/node/1700588
* Advisory ID: DRUPAL-SA-CONTRIB-2012-117
* Project: Location [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-July-25
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1700594
* Advisory ID: DRUPAL-SA-CONTRIB-2012-118
* Project: Secure Login [1] (third-party module)
* Version: 7.x
* Date: 2012-July-25
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Open Redirect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:110
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:108
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:109
http://www.mandriva.com/security
View online: http://drupal.org/node/1691446
* Advisory ID: SA-CONTRIB-2012-114
* Project: Campaign Monitor [1] (third-party module)
* Version: 6.x
* Date: 2012-July-18
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Windows Kernel ReadLayoutFile Heap Overflow
1. *Advisory Information*
Title: Windows Kernel ReadLayoutFile Heap Overflow
Advisory ID: CORE-2011-1123
Advisory URL:
http://www.coresecurity.com/content/windows-kernel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:106
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:107
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:103
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:104
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:105
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
---
VMware Security Advisory
Advisory ID: VMSA-2012-0012
Synopsis:VMware ESXi update to third party library
Issue date: 2012-07-12
Updated
is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAk/9izAACgkQUddfH3/BbTpgpwD/TQOz5H0BG4ogU7mv8ZnqT69E
at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAk/9lu0ACgkQUddfH3/BbTqlngD/QXo0Y0ds6xqOEA9HjbtVmqCB
is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAk/9izgACgkQUddfH3/BbTqUmwD/ZHYuMyBcriiQf7IBPNheFjzy
. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAk/9iyEACgkQUddfH3/BbTpDwwD
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Windows Kernel ReadLayoutFile Heap Overflow
1. *Advisory Information*
Title: Windows Kernel ReadLayoutFile Heap Overflow
Advisory ID: CORE-2011-1123
Advisory URL:
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:102
http://www.mandriva.com/security
Asterisk Project Security Advisory - AST-2012-010
ProductAsterisk
SummaryPossible resource leak on uncompleted re-invite
transactions
Asterisk Project Security Advisory - AST-2012-011
ProductAsterisk
SummaryRemote crash vulnerability in voice mail application
Nature of Advisory Denial of Service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:101
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:096-1
http://www.mandriva.com/security
Inshell Security Advisory
http://www.inshell.net/
1. ADVISORY INFORMATION
---
Product:Photodex ProShow Producer
Vendor URL: www.photodex.com
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2012-06-06
Date published: 2012-07-02
CVSSv2 Score
differently
in response to the information received about security flaws in their
products. That's one of the reasons behind our disclosure policy,
vendors status and legal threats pages.
Thank you.
Best Regards,
Adam Gowdiak
-
Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco
WebEx Player
Advisory ID: cisco-sa-20120627-webex
Revision 1.0
For Public Release 2012 June 27 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:100
http://www.mandriva.com/security
Hello All,
Security Explorations decided to release technical details and accompanying
Proof of Concept code for a security vulnerability in Apple QuickTime
software.
This move is made in a response to Apple's evaluation of a reported issue as
a hardening issue rather than a security bug [1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:088-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:098
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:099
http://www.mandriva.com/security
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Lattice Diamond Programmer Buffer Overflow
1. *Advisory Information*
Title: Lattice Diamond Programmer Buffer Overflow
Advisory ID: CORE-2012-0530
Advisory URL:
http://www.coresecurity.com/content/lattice-diamond-programmer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:096
http://www.mandriva.com/security
. Workarounds that mitigate these vulnerabilities are
available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst
6500 Series ASA Services Module Denial of Service Vulnerability
Advisory ID: cisco-sa-20120620-asaipv6
Revision 1.0
For Public Release 2012 June 20 16:00 UTC (GMT
. A workaround is available for this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:097
http://www.mandriva.com/security
View online: http://drupal.org/node/1649346
* Advisory ID: DRUPAL-SA-CONTRIB-2012-104
* Project: Privatemsg [1] (third-party module)
* Version: 7.x
* Date: 2012-June-20
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:094
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:095
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:091
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:092
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:090
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:091
http://www.mandriva.com/security
Asterisk Project Security Advisory - AST-2012-009
Product Asterisk
Summary Skinny Channel Driver Remote Crash Vulnerability
Nature of Advisory Denial of Service
Dear All,
Yesterday, Oracle released its Critical Patch Update for Java SE
software [1], which incorporates fixes for 3 of more than 20+
security issues that were reported to the company in Apr 2012 [2].
We would like to inform, that while some of the Proof of Concept
codes we developed
View online: http://drupal.org/node/1632734
* Advisory ID: DRUPAL-SA-CONTRIB-2012-098
* Project: Janrain Capture [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-June-13
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Open Redirect
View online: http://drupal.org/node/1632900
* Advisory ID: DRUPAL-SA-CONTRIB-2012-099
* Project: Node Hierarchy [1] (third-party module)
* Version: 6.x
* Date: 2012-June-13
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request
View online: http://drupal.org/node/1632908
* Advisory ID: DRUPAL-SA-CONTRIB-2012-100
* Project: SimpleMeta [1] (third-party module)
* Version: 6.x
* Date: 2012-June-13
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request Forgery
View online: http://drupal.org/node/1632918
* Advisory ID: DRUPAL-SA-CONTRIB-2012-101
* Project: Protected node [1] (third-party module)
* Version: 6.x
* Date: 2012-June-13
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1633048
* Advisory ID: DRUPAL-SA-CONTRIB-2012-102
* Project: Ubercart AJAX Cart [1] (third-party module)
* Version: 6.x
* Date: 2012-June-13
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure
View online: http://drupal.org/node/1633054
* Advisory ID: DRUPAL-SA-CONTRIB-2012-103
* Project: Global Redirect [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-June-13
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Open Redirect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
---
VMware Security Advisory
Advisory ID: VMSA-2012-0011
Synopsis:VMware hosted products and ESXi and ESX patches address
security issues
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:089
http://www.mandriva.com/security
Inshell Security Advisory
http://www.inshell.net/
1. ADVISORY INFORMATION
---
Product:Astaro Security Gateway
Vendor URL: www.astaro.com / www.sophos.com
Type: Cross-site Scripting [CWE-79]
Date found: 2012-05-11
Date published: 2012-06-10
CVSSv2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:088
http://www.mandriva.com/security
View online: http://drupal.org/node/1619808
* Advisory ID: DRUPAL-SA-CONTRIB-2012-091
* Project: Tokenauth [1] (third-party module)
* Version: 6.x
* Date: 2012-June-06
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1619810
* Advisory ID: DRUPAL-SA-CONTRIB-2012-092
* Project: Organic groups [1] (third-party module)
* Version: 6.x
* Date: 2012-June-06
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1619824
* Advisory ID: DRUPAL-SA-CONTRIB-2012-093
* Project: Node Embed [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-June-06
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1619830
* Advisory ID: DRUPAL-SA-CONTRIB-2012-094
* Project: Maestro [1] (third-party module)
* Version: 7.x
* Date: 2012-June-06
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting, Cross Site Request
View online: http://drupal.org/node/1619848
* Advisory ID: DRUPAL-SA-CONTRIB-2012-095
* Project: Simplenews [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-June-06
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure
View online: http://drupal.org/node/1619852
* Advisory ID: DRUPAL-SA-CONTRIB-2012-096
* Project: Authoring HTML [1] (third-party module)
* Version: 6.x
* Date: 2012-June-06
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1619856
* Advisory ID: DRUPAL-SA-CONTRIB-2012-097
* Project: Protest [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-June-06
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:087
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:086
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:085
http://www.mandriva.com/security
. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAk/GMvQACgkQQXnnBKKRMNDF2wD6A5yZWmZgCmk5x
View online: http://drupal.org/node/1608780
* Advisory ID: DRUPAL-SA-CONTRIB-2012-086
* Project: Amadou [1] (third-party theme)
* Version: 6.x
* Date: 2012-May-30
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1608822
* Advisory ID: DRUPAL-SA-CONTRIB-2012-087
* Project: Comment Moderation [1] (third-party module)
* Version: 6.x
* Date: 2012-May-30
* Security risk: Less Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request Forgery
View online: http://drupal.org/node/1608828
* Advisory ID: DRUPAL-SA-CONTRIB-2012-088
* Project: Mobile Tools [1] (third-party module)
* Version: 6.x
* Date: 2012-May-30
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1608854
* Advisory ID: DRUPAL-SA-CONTRIB-2012-089
* Project: Counter [1] (third-party module)
* Version: 6.x
* Date: 2012-May-30
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: SQL Injection
DESCRIPTION
View online: http://drupal.org/node/1608864
* Advisory ID: DRUPAL-SA-CONTRIB-2012-090
* Project: filedepot [1] (third-party module)
* Version: 6.x
* Date: 2012-May-30
* Security risk: Critical [2]
* Exploitable from: remote
* Vulnerability: Access bypass
DESCRIPTION
Dear All,
On 24 May 2012, Security Explorations delivered two talks at Hack In
The Box Security Conference in Amsterdam [1] where we disclosed details
pertaining to our 1.5 years long research project verifying security
of a digital satellite TV platform (project SE-2011-01).
Updated (minor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:083
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:084
http://www.mandriva.com/security
Asterisk Project Security Advisory - AST-2012-007
ProductAsterisk
SummaryRemote crash vulnerability in IAX2 channel driver.
Nature of Advisory Remote crash
Asterisk Project Security Advisory - AST-2012-008
Product Asterisk
Summary Skinny Channel Driver Remote Crash Vulnerability
Nature of Advisory Denial of Service
801 - 900 of 3960 matches
Mail list logo