47153 matches found
Photodex ProShow Producer multiple security vulnerabilities
Buffer overflow on .pxs / .pxt files parsing. Privilege escalations via weak executable permissions and incorrect DLL paths...
Apple iOS multiple security vulnerabilities
Protection bypass, privilege escalation, code execution...
CA SiteMinder privilege escalation
Invalid SAML signature verification...
OpenSSH security vulnerabilities
DoS, information leakage...
[ MDVSA-2013:022 ] openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:022 http://www.mandriva.com/en/support/security/ Package : openssh Date : March 13, 2013 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in openssh:...
Microsoft Internet Explorer multiple security vulnerabilities
Multiple use-after-free vulnerabilities...
OpenStack security vulnerabilities
Nova and Glances information leakages, Keystone resources exhaustion...
Mozilla NSS library TLS timing attacks
"Lucky Thirteen" attacks are possible...
Apple TV multiple security vulnerabilities
Protection bypass, information leakage...
Safari / WebKit multiple security vulnerabilities
Crossite scripting...
[USN-1762-1] APT vulnerability
========================================================================== Ubuntu Security Notice USN-1762-1 March 14, 2013 apt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
LibreOffice update spoofing
Updates are checked via insecure connection, digital signature is not validated...
[USN-1773-1] ClamAV vulnerabilities
========================================================================== Ubuntu Security Notice USN-1773-1 March 21, 2013 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
apt protection bypass
Man-in-the middle attack is possible against repository if InRelease files are used...
[waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2
waraxe-2013-SA099 - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 =============================================================================== Author: Janek Vind "waraxe" Date: 21. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-99.html Description of vulnerable...
CA20130319-01: Security Notice for SiteMinder products using SAML
-----BEGIN PGP SIGNED MESSAGE----- CA20130319-01: Security Notice for SiteMinder products using SAML Issued: March 19, 2013 CA Technologies support is alerting customers to a potential risk with certain CA SiteMinder products that implement Security Assertion Markup Language SAML. Multiple...
[USN-1763-1] NSS vulnerability
========================================================================== Ubuntu Security Notice USN-1763-1 March 14, 2013 nss vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal
Title ----- DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal Severity -------- High Date Discovered --------------- January 22, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description ------------------------- The...
APPLE-SA-2013-03-14-2 Safari 6.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-2 Safari 6.0.3 Safari 6.0.3 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an...
EverFocus EPARA264-16X1 directory traversal
Directory traversal in embedded http server...
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free MS13-021 / CVE-2013-0087 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included...
Mozilla Firefox / Thunderbird / Seamonkey use-after-free vulnerability
HTML editor use-after-free...
VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787)
VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free MFSA-2013-29 / CVE-2013-0787 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser coordinated by Mozilla Corporation an...
APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 OS X Mountain Lion v10.8.3 and Security Update 2013-001 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lio...
Apple Mac OS X multiple security vulnerabilities
Crossite scripting, authentication bypass, buffer overflows and memory corruptions in graphics libraries, information leakage, protection bypass, PDF parsing memory corruptions, different packages security vulnerabilities...
[SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54)
Hello All, We decided to release technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the "allowed behavior". As of Mar 18, 2013 we have no information that Oracle treats Issue 54 as a security vulnerability. We believe that 3 weeks fr...
n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.001 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Command Shell Grants System-Level Access Risk: LOW Overview: The Polycom Command Shell ...
lighthttpd symbolic links vulnerabilities
Unix socket with fixed name is created in world-writable directory...
[SECURITY] [DSA 2649-1] lighttpd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2649-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2648-1] firebird2.5 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2648-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2013 http://www.debian.org/security/faq -...
Skype privilege escalation
Skype Click to Call Update Service weak executable files permission...
Cisco IOS cryptography vulnerability
Invalid hash algorithm implementation for type 4 passwords...
Oracle Java multiple security vulnerabilities
50 of different vulnerabilities are fixed with CPU...
Microsoft Windows USB devices privilege escalation
Few different vulnerabilities on USB device plugging with ability of code execution...
[USN-1766-1] pam-xdg-support vulnerability
========================================================================== Ubuntu Security Notice USN-1766-1 March 18, 2013 pam-xdg-support vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
NGS00440 Patch Notification: Windows USB RNDIS driver kernel pool overflow
High Risk Vulnerability in Microsoft Windows 18 March 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Microsoft Windows Impact: Windows USB RNDIS driver kernel pool overflow. Exploitation would result in local privilege escalation Versions affected: Microsoft Windows all...
Polycom HDX multiple security vulnerabilities
Format string vulnerability, SQL injection, code execution, privilege escalation...
[SECURITY] [DSA 2650-1] libvirt-bin security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2650-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...
[USN-1764-1] OpenStack Glance vulnerability
========================================================================== Ubuntu Security Notice USN-1764-1 March 14, 2013 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Firebird security vulnerabilities
Buffer overflow, DoS...
n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.003 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 CDR Database SQL Injection Risk: HIGH Overview: For every received H.323 SETUP...
pam-xdg-support privilege escalation
Invalid PATH processing...
Skype Click to Call Update Service local privilege escalation
Vuln Title: Skype Click to Call Update Service local privilege escalation Date: 10.12.2012 Author: otr Software Link: http://www.skype.com Vendor: Microsoft Corporation Version: = 6.2.0.106 Tested on: Windows 7, Windows XP Type: Privilege Escalation, DLL Hijacking CVE : MS does not assign CVE for...
n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.002 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Firmware Update Command Injection Risk: MEDIUM Overview: Polycom HDX systems can be...
n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...
libvirt weak permissions
libvirtd sets weak permissions for devices...
Linux kernel multiple security vulnerabilities
DoS, privilege escalation, information leakage...
[USN-1767-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1767-1 March 18, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503
Privoxy Proxy Authentication Credential Exposure Product: Privoxy Project Homepage: privoxy.org Advisory ID: c22-2013-01 Vulnerable Versions: 3.0.20 and possibly prior Tested Version: 3.0.20-1 tested using Debian Sid Vendor Notification: March 6, 2013 Public Disclosure: March 11, 2013 Vulnerabili...
Microsoft Silverlight code execution
Memory corruption...