[IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Incorrect Default Permissions CWE-276 Date found: 2013-03-18 Date published: 2013-03-19 CVSSv2 Score: 7,2 AV:L/AC:L/Au:N/C:C/I:C/A...

OpenSSH security vulnerabilities

DoS, information leakage...

[ MDVSA-2013:022 ] openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:022 http://www.mandriva.com/en/support/security/ Package : openssh Date : March 13, 2013 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in openssh:...

Safari / WebKit multiple security vulnerabilities

Crossite scripting...

CA SiteMinder privilege escalation

Invalid SAML signature verification...

Apple TV multiple security vulnerabilities

Protection bypass, information leakage...

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free MS13-021 / CVE-2013-0087 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included...

Mozilla Firefox / Thunderbird / Seamonkey use-after-free vulnerability

HTML editor use-after-free...

Apple iOS multiple security vulnerabilities

Protection bypass, privilege escalation, code execution...

[USN-1771-1] OpenStack Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-1771-1 March 20, 2013 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free MS13-021 / CVE-2013-0087 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and includ...

APPLE-SA-2013-03-19-1 iOS 6.1.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-19-1 iOS 6.1.3 iOS 6.1.3 is now available and addresses the following: dyld Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: A local user may be able to execute unsigned code...

APPLE-SA-2013-03-19-2 Apple TV 5.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-19-2 Apple TV 5.2.1 Apple TV 5.2.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to execute unsigned code Description: A state management issue...

OpenStack security vulnerabilities

Nova and Glances information leakages, Keystone resources exhaustion...

[USN-1763-1] NSS vulnerability

========================================================================== Ubuntu Security Notice USN-1763-1 March 14, 2013 nss vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

Microsoft Internet Explorer multiple security vulnerabilities

Multiple use-after-free vulnerabilities...

[USN-1773-1] ClamAV vulnerabilities

========================================================================== Ubuntu Security Notice USN-1773-1 March 21, 2013 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787)

VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free MFSA-2013-29 / CVE-2013-0787 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser coordinated by Mozilla Corporation an...

[USN-1762-1] APT vulnerability

========================================================================== Ubuntu Security Notice USN-1762-1 March 14, 2013 apt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal

Title ----- DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal Severity -------- High Date Discovered --------------- January 22, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description ------------------------- The...

[USN-1772-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-1772-1 March 20, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Puppet multiple security vulnerabilities

Code execution, privilege escalation, protection bypass, information spoofing...

[USN-1759-1] Puppet vulnerabilities

========================================================================== Ubuntu Security Notice USN-1759-1 March 12, 2013 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Apple Mac OS X multiple security vulnerabilities

Crossite scripting, authentication bypass, buffer overflows and memory corruptions in graphics libraries, information leakage, protection bypass, PDF parsing memory corruptions, different packages security vulnerabilities...

APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 OS X Mountain Lion v10.8.3 and Security Update 2013-001 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lio...

Skype Click to Call Update Service local privilege escalation

Vuln Title: Skype Click to Call Update Service local privilege escalation Date: 10.12.2012 Author: otr Software Link: http://www.skype.com Vendor: Microsoft Corporation Version: = 6.2.0.106 Tested on: Windows 7, Windows XP Type: Privilege Escalation, DLL Hijacking CVE : MS does not assign CVE for...

libvirt weak permissions

libvirtd sets weak permissions for devices...

n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.001 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Command Shell Grants System-Level Access Risk: LOW Overview: The Polycom Command Shell ...

n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...

[USN-1766-1] pam-xdg-support vulnerability

========================================================================== Ubuntu Security Notice USN-1766-1 March 18, 2013 pam-xdg-support vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

[SECURITY] [DSA 2648-1] firebird2.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2648-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2013 http://www.debian.org/security/faq -...

lighthttpd symbolic links vulnerabilities

Unix socket with fixed name is created in world-writable directory...

[SECURITY] [DSA 2649-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2649-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...

[USN-1764-1] OpenStack Glance vulnerability

========================================================================== Ubuntu Security Notice USN-1764-1 March 14, 2013 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

Linux kernel multiple security vulnerabilities

DoS, privilege escalation, information leakage...

n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.003 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 CDR Database SQL Injection Risk: HIGH Overview: For every received H.323 SETUP...

Cisco IOS cryptography vulnerability

Invalid hash algorithm implementation for type 4 passwords...

pam-xdg-support privilege escalation

Invalid PATH processing...

[SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54)

Hello All, We decided to release technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the "allowed behavior". As of Mar 18, 2013 we have no information that Oracle treats Issue 54 as a security vulnerability. We believe that 3 weeks fr...

NGS00440 Patch Notification: Windows USB RNDIS driver kernel pool overflow

High Risk Vulnerability in Microsoft Windows 18 March 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Microsoft Windows Impact: Windows USB RNDIS driver kernel pool overflow. Exploitation would result in local privilege escalation Versions affected: Microsoft Windows all...

Polycom HDX multiple security vulnerabilities

Format string vulnerability, SQL injection, code execution, privilege escalation...

Microsoft Windows USB devices privilege escalation

Few different vulnerabilities on USB device plugging with ability of code execution...

[USN-1767-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1767-1 March 18, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.002 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Firmware Update Command Injection Risk: MEDIUM Overview: Polycom HDX systems can be...

[SECURITY] [DSA 2650-1] libvirt-bin security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2650-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...

Firebird security vulnerabilities

Buffer overflow, DoS...

Skype privilege escalation

Skype Click to Call Update Service weak executable files permission...

Oracle Java multiple security vulnerabilities

50 of different vulnerabilities are fixed with CPU...

Microsoft Outlook for Mac information leakage

External content is requested during message parsing...

Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503

Privoxy Proxy Authentication Credential Exposure Product: Privoxy Project Homepage: privoxy.org Advisory ID: c22-2013-01 Vulnerable Versions: 3.0.20 and possibly prior Tested Version: 3.0.20-1 tested using Debian Sid Vendor Notification: March 6, 2013 Public Disclosure: March 11, 2013 Vulnerabili...