[security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS)

2013-02-21 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03606700 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03606700 Version: 1 HPSBMU02836

TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751)

2013-02-21 Thread Shatter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Alter FBA Table February 20, 2013 Risk Level: High Affected versions: Oracle Database Enterprise Edition 11.1, 11.2 Remote exploitable: Yes Credits: This vulnerability was discovered and

TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137)

2013-02-21 Thread Shatter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes (No authentication to Database Server is

Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability

2013-02-21 Thread Vulnerability Lab
Title: == Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: = 2013-02-13 References: === http://www.vulnerability-lab.com/get_content.php?id=789 #9984: Investigate Vulnerability Lab issues (this ticket included tracking the creation of our DBI shim to error on

MyFi Wireless Disk 1.2 iPad iPhone - Multiple Vulnerabilities

2013-02-21 Thread Vulnerability Lab
Title: == MyFi Wireless Disk 1.2 iPad iPhone - Multiple Vulnerabilities Date: = 2013-02-13 References: === http://www.vulnerability-lab.com/get_content.php?id=864 VL-ID: = 864 Status: Published Disclaimer: === The information provided in this advisory

Re: Alt-N MDaemon Email Body HTML/JS Injection Vulnerability

2013-02-21 Thread brad . wyro
This has been fixed. More information can be found in the first line in the MDaemon release notes: [10385] fix to WorldClient HTML injection vulnerability

Paper - Hiding Data in Hard-drive Service Areas

2013-02-21 Thread Ariel Berkman
Hi, We've recently released a paper discussing the ability to hide data in hard-drive service areas. The paper is available for download at: http://www.recover.co.il/SA-cover/SA-cover.pdf The introduction section is pasted below: In this paper we will demonstrate how spinning hard-drives’