re: Real player resource exhaustion Vulnerability

2013-07-03 Thread security curmudgeon
: Real player resource exhaustion Vulnerability : Real Networks Real Player is prone to Resource exhaustion vulnerability. : When processing specially crafted HTML file, Real Player uses a value : from the file to control a loop operation. Real player fails to validate : the value before usin

Re: Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access

2013-07-03 Thread krlovett
Just a quick update, that the newest firmware versions for E4200 and EA45000 are still being tested, but it is a safe bet to upgrade to Ver.2.1.39.145204, even though the bug hasn't been tested yet against this ver yet. http://support.linksys.com/en-eu/support/routers/EA4500/download

Multiple Vulnerabilities in OpenX

2013-07-03 Thread advisory
Advisory ID: HTB23155 Product: OpenX Vendor: OpenX Vulnerable Version(s): 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: May 8, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: PHP File Inclusion [CWE-98], Cross-Site Scripting [CWE-79] C

Multiple Vulnerabilities in Kasseler CMS

2013-07-03 Thread advisory
Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Version(s): 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scriptin

Slots open for Security Projects :Open Source Showcase at AppSec Research / EU 2013

2013-07-03 Thread Dirk W
Hi all, this year's OWASP AppSec Research / EU (https://appsec.eu/) has still some slots open for security projects which wants to demo their project @AppSecEU : https://appsec.eu/submissions/open-source-showcase-call-for-entries/ It doesn't have to be an OWASP project -- everybody's welcome --

APPLE-SA-2013-07-02-1 Security Update 2013-003

2013-07-03 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2013-07-02-1 Security Update 2013-003 Security Update 2013-003 is now available and addresses the following: QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v

[security bulletin] HPSBUX02889 SSRT101252 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

2013-07-03 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03809278 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03809278 Version: 1 HPSBUX02889 S

[security bulletin] HPSBUX02893 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Cross Site Scripting (XSS)

2013-07-03 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03820647 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03820647 Version: 1 HPSBUX02893 r

[SECURITY] [DSA 2718-1] wordpress security update

2013-07-03 Thread Yves-Alexis Perez
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2718-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez July 01, 2013

[ MDVSA-2013:192 ] php-radius

2013-07-03 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:192 http://www.mandriva.com/en/support/security/ __