 The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
List Archives
Latest Posts
[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin
come2waraxe (May 22)
[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin
===================================================================================
Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-105.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Spider Catalog is the best WordPress...
[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin
come2waraxe (May 22)
[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin
===================================================================================
Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-104.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Spider Event Calendar is a...
Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities
Vulnerability Lab (May 22)
Title:
======
Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities
Date:
=====
2013-05-21
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=894
Article: http://www.vulnerability-lab.com/dev/?p=580
Trend Micro (Reference): http://esupport.trendmicro.com/solution/en-US/1096805.aspx
Trend Micro Solution ID: 1096805
Video: http://www.vulnerability-lab.com/get_content.php?id=951
VL-ID:
=====
894
Common...
VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own)
VUPEN Security Research (May 22)
VUPEN Security Research - Microsoft Internet Explorer 10-9 Object
Confusion Sandbox Bypass (MS13-037 / Pwn2Own)
Website : http://www.vupen.com
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)...
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own)
VUPEN Security Research (May 22)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML
Remote Integer Overflow (MS13-037 / Pwn2Own)
Website : http://www.vupen.com
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)...
[ MDVSA-2013:166 ] krb5
security (May 22)
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:166
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : krb5
Date : May 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem...
[slackware-security] kernel (SSA:2013-140-01)
Slackware Security Team (May 21)
[slackware-security] kernel (SSA:2013-140-01)
New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix
a security issue.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.2.45/*: Upgraded.
Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local
users to gain a root shell. Be sure to upgrade your initrd and reinstall
LILO after upgrading...
Sony PS3 Firmware v4.31 - Code Execution Vulnerability
Vulnerability Lab (May 21)
Title:
======
Sony PS3 Firmware v4.31 - Code Execution Vulnerability
Date:
=====
2013-05-12
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=767
VL-ID:
=====
767
Common Vulnerability Scoring System:
====================================
6.5
Introduction:
=============
The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the...
CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)
chudakovma (May 21)
CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk,
Personal Firewall)
CVE reference:
CVE-2013-3496
Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)
Severity:
Medium
Local\Remote:
Local
Vulnerability Class:
Privilege Escalation
Vendor URL:
http://www.infotecs.biz/
Affected OS:
Windows
Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...
Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt)
Fernando Gont (May 21)
Folks,
We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".
This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.
This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.
Stay tuned for more IPv6 security news...
Defense in depth -- the Microsoft way
Stefan Kanthak (May 21)
Hi @ll,
the "Microsoft Installer" creates for applications installed via an
.MSI the following uninstall information in the Windows registry
(see <http://msdn.microsoft.com/library/aa372105.aspx>):
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
"UninstallString"="MsiExec.Exe /X{<GUID>}"
"ModifyPath"="MsiExec.Exe /I{<GUID>}"
Note the unqualified path...
Static analysis tool exposition (SATE) V Call for participation
aure (May 21)
NIST is preparing the fifth Static Analysis Tool Exposition (SATE V). Briefly, participating tool makers run their
static analyzer on a set of programs. Researchers led by NIST analyze the tool reports and present the results and
experiences at a workshop. A detailed plan is available at:
http://samate.nist.gov/SATE.html
We plan to provide test cases by June 3rd. Tool makers will have until August 1st (if at all possible; September 1st at...
CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!
Sławomir Jabs (May 17)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?
Are you wiling to gamble on the security of you systems?
Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...
We will...
[slackware-security] ruby (SSA:2013-136-02)
Slackware Security Team (May 17)
[slackware-security] ruby (SSA:2013-136-02)
New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix a security issue.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/ruby-1.9.3_p429-i486-1_slack14.0.txz: Upgraded.
This update fixes a security issue in DL and Fiddle included in Ruby where
tainted strings can be used by system calls regardless of the $SAFE...
[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)
Slackware Security Team (May 17)
[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)
New mozilla-thunderbird packages are available for Slackware64 13.37 and
14.0. These were accidentally omitted from the last upload.
Here are the details from the Slackware64 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.6-x86_64-1_slack14.0.txz: Upgraded.
Here's the package that was missing from the last batch. The...
More Lists
Dozens of other network security lists are archived at
SecLists.Org.
|