[security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02573176 Version: 1 HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download NOTICE: The information in this Security Bulletin should be...

CVE-2010-4103

Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors...

CVE-2010-4103

HP Insight Managed System Setup Wizard for Windows prior to version 6.2 is affected by a vulnerability that could allow a remote attacker to download arbitrary files. The issue is documented as CVE-2010-4103 and is cited by HP’s security bulletin HPSBMA02605 (SSRT100238 rev.1), which lists HP Ins...

Frequent VoIP Attacks Result in Honeypot

A security expert at a managed services provider has kicked off a project to expose and blacklist the networks hosting VoIP attacks against his and other companies’ VoIP PBX servers. Read the full article. Dark Reading...

Mac OS X 10.5.6 Update / Mac OS X Security Update 2008-008

The remote host is missing Mac OS X 10.5.6 Update / Mac OS X Security Update 2008-008. One or more of the following components are affected: ATS BOM CoreGraphics CoreServices CoreTypes Flash Player Plug-in Kernel Libsystem Managed Client networkcmds Podcast Producer UDF OpenVAS Vulnerability Test...

Mac OS X 10.5.6 Update / Mac OS X Security Update 2008-008

The remote host is missing Mac OS X 10.5.6 Update / Mac OS X Security Update 2008-008. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

ID Theft Gang Using Amazon's EC2 as Command and Control Server

Security researchers have intercepted a new variant of the Zeus crimeware using Amazon’s EC2 services to command and control the botnet. The cybercriminals appear to be using Amazon’s RDS managed database hosting service as a backend alternative in case they lose access to the original domain,...

[IVIZ-09-005] CA HIPS Remote Kernel Vulnerability

--------------------------------------------------------------------------------------------------- iViZ Security Advisory 09-005 19/08/2009 --------------------------------------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd...

Gartner Sees Better Days Ahead For Security Budgets

From SearchSecurity.com Robert Westervelt The dismal economy has put the brakes on a lot of security projects, but the need to maintain the basics and automate some security functions has fueled interest in managed security services and some specific security areas, according to analysts at Gartn...

Economy, SMB security to dominate at RSA Conference

As a security show, the RSA Conference leaves a lot to be desired. Its technical sessions carry an uncomfortable load of marketing baggage and don’t have either the cachet or entertaining edge of those at Black Hat or CanSecWest. Anyone will tell you that the real business of RSA is happening off...

Code injection

Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting...

CVE-2008-4237

Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting...

Mac OS X 10.5.x < 10.5.6 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.6. Mac OS X 10.5.6 contains security fixes for the following products : - ATS - BOM - CoreGraphics - CoreServices - CoreTypes - Flash Player Plug-in - Kernel - Libsystem - Managed Client - networkcmds - Podcast Producer...

Code injection

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors...

CVE-2008-4692

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors...

CVE-2008-4692

CVE-2008-4692 affects IBM DB2’s Native Managed Provider for .NET. When a definer cannot maintain objects, it preserves views and triggers without marking them inoperative or dropping them, giving an unknown impact. Remediation is provided via fixes: IBM DB2 9.1 FP6 and DB2 9.5 FP2 (and related pa...

Microsoft VBScript和JScript脚本引擎远程溢出漏洞（MS08-022）

BUGTRAQ ID: 28551 CVECAN ID: CVE-2008-0083 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的VBScript和JScript脚本引擎在处理畸形数据时存在漏洞，远程攻击者可能利用此漏洞控制用户系统。 Windows的VBScript和JScript脚本引擎在解码网页中的脚本时允许脚本加载到内存中运行，这可能导致缓冲区溢出。如果用户打开了特制文件或访问正在运行特制脚本的网站，则此漏洞可能允许远程执行代码。 Microsoft VBScript/JScript 5.1 - Microsoft Windows 2000...

Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow

!-- aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 07-Apr-2008 Software: Tumbleweed Communications - SecureTransport FileTransfer http://www.tumbleweed.com/ Description: "Tumbleweed SecureTransport is the industry's most secure Managed File...

CVE-2008-0636

Level Platforms, Inc. LPI Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SCAbout.htm, which provides version and patch information...

CVE-2008-0636

Level Platforms, Inc. (LPI) Managed Workplace Service Center versions 4.x–6.x expose_version and patch information via a direct request to About/SC_About.htm, enabling information disclosure to remote attackers. The underlying vulnerability is an information-leak through an unprotected About page...