Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability

2015-09-04 Thread David Coomber
Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability -- http://www.info-sec.ca/advisories/Webroot-SecureAnywhere.html Overview "Webroot SecureAnywhere Business – Mobile Protection provides essential security for iPhones and iPads and includes lost device protection that a

Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability

2015-09-04 Thread David Coomber
Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability -- http://www.info-sec.ca/advisories/Avira-Mobile-Security.html Overview "Avira Mobile Security is the ideal tool to recover a lost phone and ensure that your email has not been compromised." "Avira Mobile Security helps

Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation

2015-09-04 Thread Stefan Kanthak
Hi @ll, in I showed an elaborated way for privilege elevation using IExpress (and other self-extracting) installers containing *.MSI or *.MSP which works "in certain situations". Microsoft addressed this vulnerability with

Oracle Hyperion password disclosure...

2015-09-04 Thread Jeff Kayser
Hi, all. Oracle Hyperion Rapid Deployment installer leaves plaintext passwords in config files and logfiles. Oracle has known about this for 2 years, and has decided not to patch any of the product versions prior to the latest version. I have additional details if anyone is interested. Jeff

[SECURITY] [DSA 3352-1] screen security update

2015-09-04 Thread Laszlo Boszormenyi
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3352-1 secur...@debian.org https://www.debian.org/security/ Laszlo Boszormenyi (GCS) September 04, 2015

[slackware-security] seamonkey (SSA:2015-246-01)

2015-09-04 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] seamonkey (SSA:2015-246-01) New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/packa

[SECURITY] [DSA 3351-1] chromium-browser security update

2015-09-04 Thread Michael Gilbert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3351-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert September 03, 2015