Google sets 7 Day deadline For vulnerability disclosure

Google will release details of any zero-day flaws it finds in software, if the affected vendor fails to issue a patch or disclose the issue itself within a week. Now, Google is shortening that timeline a good bit to just 7 days. “Based on our experience...we believe that more urgent action within...

Microsoft Internet Explorer CVE-2013-0091 Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Cisco VoIP phone vulnerability allow eavesdropping remotely

Cui, a fifth year grad student from the Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, has demonstrated an attack on common Cisco-branded Voice over IP VoIP phones that could easily eavesdrop on private conversations remotely. The vulnerability Cui...

Cisco VoIP phone vulnerability allow eavesdropping remotely

Cui, a fifth year grad student from the Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, has demonstrated an attack on common Cisco-branded Voice over IP VoIP phones that could easily eavesdrop on private conversations remotely. The vulnerability Cui...

Python不安全文件权限漏洞

BUGTRAQ ID: 55882 Python是一种面向对象、直译式计算机程序设计语言。 Python 3.3.0及其他版本的安装目录存在不安全文件权限漏洞，本地攻击者可利用此漏洞以提升的权限执行任意代码。 0 python 3.x 厂商补丁： Python ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： www.python.org...

MyBB 1.6.8 'announcements.php'远程SQL注入漏洞

BUGTRAQ ID: 54130 MyBB是一款流行的Web论坛程序。 MyBB 1.6.8没有正确过滤用户提供的输入即用在SQL查询中，导致攻击者利用此漏洞控制应用、访问或修改数据或利用下层数据库中的其他漏洞。 0 MyBB 1.6.8 厂商补丁： MyBB ---- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.mybboard.com/...

Cisco Patches Vulnerabilities in VPN Client, ACE Product

Cisco warned customers Wednesday of several vulnerabilities in its AnyConnect Secure Mobility virtual private network VPN client, claiming that if not patched, the VPN software could be exploited by a remote attacker. The holes are present in versions of Cisco’s VPN client for Microsoft’s Windows...

Microsoft Internet Explorer CVE-2012-1878 'OnBeforeDeactivate' Event Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...

Apple iTunes多个安全漏洞

CVE ID:...

DSA-2302-1 bcfg2 - arbitrary code execution

Bulletin has no description...

PT-2011-27: Multiple Vulnerabilities in Cisco ACS Web Interface

Positive Research Center has discovered multiple vulnerabilities in the Cisco ACS web interface. Cross-site scripting vulnerabilities are triggered when a specially crafted value is assigned to different variables in scripts, which allows one to manage device through Web-interface. This can be...

[security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02712867 Version: 1 HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as...

Debian DSA-2132-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

LANDesk管理套件HTML表单请求命令注入漏洞

BUGTRAQ ID: 44781 CVE ID: CVE-2010-2892 Landesk管理套件是一款网络管理系统，可控制桌面，服务器和移动设备等。 Landesk没有正确地验证提交特制请求的用户来源。如果管理员使用攻击者的浏览器登录到了设备，攻击者就可以以gsbadmin用户权限执行任意代码。 LANDesk Software LANDesk Management Gateway 4.2 GSBWEB v1.61 LANDesk Software LANDesk Management Gateway 4.0 GSBWEB v1.61s 临时解决方法： 1...

Unofficial Patch Released for Adobe Reader Bug

As users await the Oct. 4 release of a patch for the CoolType.dll vulnerability in Adobe Reader, a software and security company has published an unofficial patch for the bug that essentially replaces the vulnerable DLL with a patched one. The patch was published Wednesday by RamzAfzar, a softwar...

Apple QuickTime QuickTimeStreaming.qtx远程栈溢出漏洞

BUGTRAQ ID: 41962 Apple QuickTime是一款非常流行的多媒体播放器。 QuickTimeStreaming.qtx在创建将要写入到调试日志文件的字符串时存在栈溢出漏洞，如果用户所查看的网页引用了包含有超长URL的 SMIL文件就可以触发这个溢出，导致执行任意代码。 Apple QuickTime Player 7.6.6 1671 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com...

360安全浏览器远程代码执行漏洞

360安全浏览器（360SE）是互联网上好用、安全的新一代浏览器，和360安全卫士、360杀毒等软件等产品一同成为360安全中心的系列产品，官方网站在http://se.360.cn。 在360浏览器中存在一个设计上的问题，结合一些其他的漏洞可能导致远程代码执行。 360安全浏览器 厂商补丁： 360SE -------- 目前厂商已经提供补丁或者升级程序，我们建议使用此软件的用户到官方获取最新版本： http://bbs.360.cn/4000002/37699391.html...

ECShop商城系统任意用户登录漏洞

ECSHOP是一款开源免费的网上商店系统。由专业的开发团队升级维护，为您提供及时高效的技术支持，您还可以根据自己的商务特征对ECSHOP进行定制，增加自己商城的特色功能。 文件/includes/init.php第250行 / session 不存在，检查 cookie / if !emptyempty$COOKIE'ECS''userid' && !emptyempty$COOKIE'ECS''password' // 找到了cookie, 验证cookie信息 $sql = 'SELECT userid, username, password ' . ' FROM '...

Software Patch Needed on Windows Every 5 Days

The average Microsoft Windows user has software from 22 vendors on her PC, and needs to install a new security update roughly every five days in order to use these programs safely, according to an insightful new study released this week. Read the full article. KrebsonSecurity...

DSA-1998-1 kdelibs - arbitrary code execution

Bulletin has no description...