[SECURITY] [DSA 3006-1] xen security update

2014-08-18 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3006-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff August 18, 2014

CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack

2014-08-18 Thread Dirk-Willem van Gulik
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Security Advisory - Apache Software Foundation Apache HttpComponents / hc.apache.org Hostname verification susceptible to MITM attack CVE-2014-3577 / CVSS 1.4 Apache HttpComponents (pri

Outlook.com for Android fails to validate server certificates

2014-08-18 Thread Securify B.V.
Outlook.com for Android fails to validate server certificates Yorick Koster, April 2014 ---

CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request

2014-08-18 Thread tekwizz123
Exploit Details -- Senkas Kolibri WebServer 2.0 (available at http://www.senkas.com/kolibri/download.php) is vulnerable to RCE via an overly long POST request. Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within

Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)

2014-08-18 Thread Stefan Kanthak
Hi @ll, "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe", part of Apple's iCloudServices (see ), is configured to be started as (COM) server via SvcHost.Exe. Unfortunately the developers of this (COM) server (and of course their QA too) did

Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs

2014-08-18 Thread Stefan Kanthak
Hi @ll, the following command lines associated with the URL protocols of Windows Live Mail 2011 (15.4.3538.513) WLMail.Url.Mailto=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /mailurl:"%1" WLMail.Url.news=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:"%1" WLMail.Url.nntp=C

Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)

2014-08-18 Thread Stefan Kanthak
Hi @ll, "C:\Program Files\Apple Software Update\SoftwareUpdate.exe", part of Apple's Software Update and installed together with iTunes, QuickTime and other of Apple's crap for Windows, is periodically called with the argument "-task". This invokes the COM server {91A9E6A9-3935-4A37-AFBA-F0904B16