Vulnerability in Microsoft Security Essentials v4.2

2013-05-06 Thread Stefan Kanthak
Hi @ll, versions of Microsoft Security Essentials before the current v4.2 (see https://support.microsoft.com/kb/2805304) have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account (almost like https://support.microsoft.com/kb/2781197

Multiple buffer overflows on Huawei SNMPv3 service

2013-05-06 Thread roberto . paleari
Multiple buffer overflows on Huawei SNMPv3 service == [ADVISORY INFORMATION] Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits:Roberto Paleari

Multiple Vulnerabilities in D-Link DSL-320B

2013-05-06 Thread devnull
Device: DSL-320B Firmware Version: EU_DSL-320B v1.23 date: 28.12.2010 Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/dsl-320b-adsl-2-ethernet-modem Vulnerability Overview: * Access to the Config file without authentication = full

[SE-2012-01] New security vulnerabilities and broken fixes in IBM Java

2013-05-06 Thread Security Explorations
Hello All, Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software [1]. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that

VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6

2013-05-06 Thread Stefan Kanthak
Hi @ll, the current 3CXPhone6.msi (for Windows), available from http://www.3cx.com/VOIP/sip-phone/, digitally signed on 2012-07-30, installs the following outdated and vulnerable 3rd-party libraries: * libeay32.dll and ssleay32.dll version 0.9.8h (from 2008-05-28) of OpenSSL. The current

ESA-2013-015: RSA ArcherĀ® GRC Multiple Vulnerabilities

2013-05-06 Thread Security Alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2013-015: RSA ArcherĀ® GRC Multiple Vulnerabilities EMC Identifier: ESA-2013-015 CVE Identifier: CVE-2013-0932, CVE-2013-0933, CVE-2013-0934 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: RSA Archer

[ MDVSA-2013:161 ] java-1.7.0-openjdk

2013-05-06 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:161 http://www.mandriva.com/en/support/security/

Apache VCL improper input validation

2013-05-06 Thread Josh Thompson
CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion