Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/
bugtraq logo
Bugtraq Mailing List

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
201313215715919285
2012192192173233157192172226130147123157
2011193272320296203184236217198218189188
2010286236267274296269271375236273230284
2009298247289297302270263263243314200318
2008443460400323341233304271351269228272
2007704526485492435369387490407453439364
2006519559598603699763564569514524599439
2005383532553516361300524445366393376342
2004329681368393330476367421467366402470
2003274393464396331260155359528352352353
2002393383438440302380433434312435387278
2001507347479301443776436269276311316
2000439488357266397455434450504448409525
19994024862573001998269377451303385395
1998144118231194234243378306240242296222
199710911910616322521119716477150219188
19962025112021717326892166131153
19952832602272662455080112103299937
199433861201895210613696364144264
19933421

Latest Posts

CFP: IEEE SafeConfig: 6th Symposium on Security Analytics and Automation James Joshi (May 23)
CALL FOR PAPERS

IEEE SafeConfig 2013
--------------------
6th Symposium on Security Analytics and Automation (www.safeconfig.org)

(collocated with IEEE Conference on Communications and Network Security)

Washington, D.C., USA
October 14, 2013

Sponsors: IEEE (COMSOC).

Important Dates

Abstract Registration Deadline: June 25
Manuscript Submission: July 1, 2013
Review Notification: August 7, 2013
Camera Ready: August 15, 2012
Conference Dates:...

SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services SEC Consult Vulnerability Lab (May 23)
SEC Consult Vulnerability Lab Security Advisory < 20130523-0 >
=======================================================================
title: JavaScript Execution in WebSphere DataPower Services
product: IBM WebSphere DataPower Integration Appliance XI50
vulnerable version: 3.8.2, 4.0, 4.0.1, 4.0.2, 5.0.0
fixed version: not available, config changes
CVE number: CVE-2013-0499
impact:...

[ANN] Struts 2.3.14.1 GA (fast track | security) Lukasz Lenart (May 23)
The Apache Struts group is pleased to announce that Struts 2.3.14.1 is
available as a "General Availability" release. The GA designation is
our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

Two security issues were...

APPLE-SA-2013-05-22-1 QuickTime 7.7.4 Apple Product Security (May 23)
APPLE-SA-2013-05-22-1 QuickTime 7.7.4

QuickTime 7.7.4 is now available and addresses the following:

QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted TeXML file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
TeXML files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1015...

[SECURITY] [DSA 2672-1] kfreebsd-9 security update Florian Weimer (May 23)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2672-1 security () debian org
http://www.debian.org/security/ Florian Weimer
May 22, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kfreebsd-9
Vulnerability : interpretation conflict
Problem...

[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin come2waraxe (May 22)
[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin
===================================================================================

Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-105.html

Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Spider Catalog is the best WordPress...

[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin come2waraxe (May 22)
[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin
===================================================================================

Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-104.html

Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Spider Event Calendar is a...

Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities Vulnerability Lab (May 22)
Title:
======
Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities

Date:
=====
2013-05-21

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=894

Article: http://www.vulnerability-lab.com/dev/?p=580

Trend Micro (Reference): http://esupport.trendmicro.com/solution/en-US/1096805.aspx
Trend Micro Solution ID: 1096805

Video: http://www.vulnerability-lab.com/get_content.php?id=951

VL-ID:
=====
894

Common...

VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own) VUPEN Security Research (May 22)
VUPEN Security Research - Microsoft Internet Explorer 10-9 Object
Confusion Sandbox Bypass (MS13-037 / Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)...

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own) VUPEN Security Research (May 22)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML
Remote Integer Overflow (MS13-037 / Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)...

[ MDVSA-2013:166 ] krb5 security (May 22)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:166
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : krb5
Date : May 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...

[slackware-security] kernel (SSA:2013-140-01) Slackware Security Team (May 21)
[slackware-security] kernel (SSA:2013-140-01)

New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix
a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.2.45/*: Upgraded.
Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local
users to gain a root shell. Be sure to upgrade your initrd and reinstall
LILO after upgrading...

Sony PS3 Firmware v4.31 - Code Execution Vulnerability Vulnerability Lab (May 21)
Title:
======
Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:
=====
2013-05-12

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=767

VL-ID:
=====
767

Common Vulnerability Scoring System:
====================================
6.5

Introduction:
=============
The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the...

CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall) chudakovma (May 21)
CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk,
Personal Firewall)

CVE reference:
CVE-2013-3496

Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)

Severity:
Medium

Local\Remote:
Local

Vulnerability Class:
Privilege Escalation

Vendor URL:
http://www.infotecs.biz/

Affected OS:
Windows

Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...

Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt) Fernando Gont (May 21)
Folks,

We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".

This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.

This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.

Stay tuned for more IPv6 security news...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]