VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 --- VMware Security Advisory Advisory ID: VMSA-2012-0005 Synopsis: VMware vCenter Server, Orchestrator, Update Manager, vShield,

[ MDVSA-2012:031 ] firefox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:031 http://www.mandriva.com/security/

Re: WikyBlog 1.7.3RC2 XSS vulnerability

This seems to be same issue as http://secunia.com/advisories/38699/ / http://osvdb.org/show/osvdb/62558 I created item about this case to their sf issue tracker: https://sourceforge.net/tracker/?func=detailaid=3507681group_id=148518atid=771904 - Henri Salo On Thu, Mar 15, 2012 at 05:31:41PM

Android wipe unreliable

We have discovered that the wipe function on Android does not reliably delete data on all devices. On a Nexus S running Android 2.3.6, we were able to recover user data after running a wipe both using the factory data reset from the menu and by wiping the device from recovery. To recover data,

[security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 5 HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin

at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated:

ESA-2012-014: RSA enVision Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2012-014: RSA enVision Multiple Vulnerabilities EMC Identifier:ESA-2012-014 CVE Identifiers: CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403 Severity Rating: CVSS Base Score: See below for scores for

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability Tested against: Microsoft Windows Vista SP2 Microsoft Windows XP SP3 Microsoft Windows 2003 R2 SP2 Internet Explorer 7/8/9 download url

Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?)

The other possible exploit is that I work for company X. After being fired from company X I setup a second rogue network and have people connect to it. Thus giving me the option to steal passwords or present false information via a fake intranet site or whatever. Since I worked there I already

RE: Android wireless accepts fake response (No interaction requires) (Vulnerability ?)

Isn't this just roaming? If the two APs have the same SSID and authentication, then they're one ESSID and the BSSIDs are irrelevant. And if iOS and Win don't move between APs, how can they exist in multi-ap environments? From: Security Mailing List [s3cl...@hotmail.com] Sent: Monday, March

Tor Browser Bundle for Linux (2.2.35-8) EVIL bug

There is an EVIL bug in at least the Linux (2.2.35-8) Tor Browser Bundle start-tor-browser script. It will log things like domain names to a file in the root of the browser bundle. https://trac.torproject.org/projects/tor/ticket/5417 Ticket #5417 (new defect) RelativeLink.sh in Tor browser

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngine_DeviceExpert.exe tested against: Microsoft Windows Server 2003 r2 sp2

VUPEN Security Research - Adobe Flash Player Matrix3D Remote Memory Corruption (CVE-2012-0768)

VUPEN Security Research - Adobe Flash Player Matrix3D Remote Memory Corruption (APSB12-05 / CVE-2012-0768) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based

Evasion attacks expoliting file-parsing vulnerabilities in antivirus products

Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs. Vulnerability Descriptions 1. Specially crafted infected POSIX TAR files with

Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ADVISORY NUMBER 031912 Advisory # 1: TITLE OS Command Injection Vulnerability in Aruba Remote Access Point Diagnostic Web Interface. SUMMARY An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic

[SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2436-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst March 19, 2012

Re: [oss-security] Case YVS Image Gallery

On 02/27/2012 02:39 PM, Henri Salo wrote: On Mon, Feb 27, 2012 at 09:31:52AM -0700, Kurt Seifried wrote: If you make a list of issues (e.g. XSS, CSRF, etc) with the code examples I can assign the various blocks of issues CVEs. 1. ./administration/install.php opens ../functions/db_connect.php