-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:039
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:001-1
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:040
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:041
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:042
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:043
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:044
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:045
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:046
http://www.mandriva.com/en/support/security
and Call for
Workshops for c0c0n 2013 http://www.is-ra.org/c0c0n/, a 3-day Security and
Hacking Conference (1 day pre-conference workshop and 2 day conference), full of
interesting presentations, talks and of course filled with fun!
The conference topics are divided into four domains as follows:
Info
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:055
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:048
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:052
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:049
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:047
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:050
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:054
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:051
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:015-1
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:015-1
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:016
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:017
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:018
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:019
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:027-1
http://www.mandriva.com/en/support/security
View online: http://drupal.org/node/1960338
* Advisory ID: DRUPAL-SA-CONTRIB-2013-040
* Project: Commerce Skrill (Formerly Moneybookers) [1] (third-party module)
* Version: 7.x
* Date: 2013-April-03
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Access
View online: http://drupal.org/node/1960406
* Advisory ID: DRUPAL-SA-CONTRIB-2013-041
* Project: Chaos tool suite (ctools) [1] (third-party module)
* Version: 7.x
* Date: 2013-April-03
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
=
INTERNET SECURITY AUDITORS ALERT 2013-004
- Original release date: March 9th, 2013
- Last revised: March 25th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID: CVE-2013-2585
this
vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp
Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled
publication includes seven Cisco Security Advisories. All advisories
/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-cce
Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled
publication includes seven Cisco Security Advisories. All advisories
address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software
Security Advisory
that address this
vulnerability. Mitigations for this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ipsla
Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled
are
available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-pt
Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled
publication includes seven Cisco Security Advisories. All advisories
address
://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ike
Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled
publication includes seven Cisco Security Advisories. All advisories
address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software
released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are not
available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-nat
Note: The March 27, 2013, Cisco
.
Cisco has released free software updates that address this
vulnerability. There are no workarounds for devices that have the
Smart Install client feature enabled.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327
Asterisk Project Security Advisory - AST-2013-001
Product Asterisk
Summary Buffer Overflow Exploit Through SIP SDP Header
Nature of Advisory Exploitable Stack Buffer Overflow
Asterisk Project Security Advisory - AST-2013-002
Product Asterisk
Summary Denial of Service in HTTP server
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2013-003
Product Asterisk
Summary Username disclosure in SIP channel driver
Nature of Advisory Unauthorized data disclosure
View online: http://drupal.org/node/1954588
* Advisory ID: DRUPAL-SA-CONTRIB-2013-036
* Project: Zero Point [1] (third-party module)
* Version: 7.x
* Date: 2013-March-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1954764
* Advisory ID: DRUPAL-SA-CONTRIB-2013-038
* Project: Commons Groups [1] (third-party module)
* Version: 7.x
* Date: 2013-March-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass, Multiple
View online: http://drupal.org/node/1954592
* Advisory ID: DRUPAL-SA-CONTRIB-2013-037
* Project: Rules [1] (third-party module)
* Version: 7.x
* Date: 2013-March-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1954766
* Advisory ID: DRUPAL-SA-CONTRIB-2013-039
* Project: Commons Wikis [1] (third-party module)
* Version: 7.x
* Date: 2013-March-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass, Multiple
=
INTERNET SECURITY AUDITORS ALERT 2013-001
- Original release date: January 30th, 2013
- Last revised: March 25th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Score)
=
I
=
INTERNET SECURITY AUDITORS ALERT 2013-006
- Original release date: 4th March 2013
- Last revised: 25th March 2013
- Discovered by: Eduardo Garcia Melia
- Severity: 4.3/10 (CVSS Base Scored)
=
I
Hello All,
Last year, we disclosed information pertaining to security issues
discovered as a result of our digital satellite TV research [1].
It's been over a year and we haven't received [2] information with
respect to the status and impact of the vulnerabilities found in:
- digital satellite
View online: http://drupal.org/node/1948358
* Advisory ID: DRUPAL-SA-CONTRIB-2013-035
* Project: Views [1] (third-party module)
* Version: 7.x
* Date: 2013-March-20
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:Photodex ProShow Producer
Vendor URL: www.photodex.com
Type: Incorrect Default Permissions [CWE-276]
Date found: 2013-03-18
Date published: 2013-03-19
CVSSv2 Score
Hello All,
We decided to release technical details of Issue 54 that was
reported to Oracle on Feb 25, 2013 and that was evaluated by
the company as the allowed behavior.
As of Mar 18, 2013 we have no information that Oracle treats
Issue 54 as a security vulnerability. We believe that 3 weeks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:026
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:027
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:028
http://www.mandriva.com/en/support/security
to be a stronger
alternative to the existing Type 5 and Type 7 algorithms to increase
the resiliency of passwords used for the 'enable secret password' and
'username username secret password' commands against brute-force
attacks.
For additional information please see the full Cisco Security
n.runs AG
http://www.nruns.com/
security(at)nruns.com
n.runs-SA-2013.001 15-Mar-2013
___
Vendor: Polycom, http://www.polycom.com
Affected Products: Polycom HDX Series
n.runs AG
http://www.nruns.com/
security(at)nruns.com
n.runs-SA-2013.002
15-Mar-2013
___
Vendor: Polycom, http://www.polycom.com
Affected Products: Polycom HDX Series
Affected Version:3.1.1.2
Vulnerability
n.runs AG
http://www.nruns.com/
security(at)nruns.com
n.runs-SA-2013.003
15-Mar-2013
___
Vendor: Polycom, http://www.polycom.com
Affected Products: Polycom HDX Series
Affected Version:3.1.1.2
Vulnerability
n.runs AG
http://www.nruns.com/
security(at)nruns.com
n.runs-SA-2013.004
15-Mar-2013
___
Vendor: Polycom, http://www.polycom.com
Affected Products: Polycom HDX Series
Affected Version:3.1.1.2
Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:025
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:022
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:023
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:024
http://www.mandriva.com/en/support/security
View online: http://drupal.org/node/1942330
* Advisory ID: DRUPAL-SA-CONTRIB-2013-034
* Project: Node Parameter Control [1] (third-party module)
* Version: 6.x
* Date: 2013-Mar-13
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
=
INTERNET SECURITY AUDITORS ALERT 2013-002
- Original release date: January 22nd, 2013
- Last revised: March 10th, 2013
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:020
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:021
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:019
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:018
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:017
http://www.mandriva.com/security
turned out to be
quite fruitful. It made us look into Java SE 7 code and its docs
once again (gathering counterargument material). As a result:
- we confirmed that company's initial judgment of Issue 54 as the
allowed behavior contradicts both Java SE documentation as well
as existing security
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:HP Intelligent Management Center
Vendor URL: www.hp.com
Type: Cross-Site Scripting [CWE-79]
Date found: 2012-06-08
Date published: 2013-03-04
CVSSv2 Score: CWE-79
View online: http://drupal.org/node/1929508
* Advisory ID: DRUPAL-SA-CONTRIB-2013-031
* Project: Premium Responsive [1] (third-party theme)
* Version: 7.x
* Date: 2013-February-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
new security issues (numbered 54 and 55),
which when combined together can be successfully used to gain
a complete Java security sandbox bypass in the environment of
Java SE 7 Update 15 (1.7.0_15-b03).
Following our Disclosure Policy [1], we provided Oracle with
a brief technical description
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:016
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Unified Presence Server Denial of Service
Vulnerability
Advisory ID: cisco-sa-20130227-cups
Revision 1.0
For Public Release 2013 February 27 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration
Solution Assurance Excessive CPU Utilization Vulnerability
Advisory ID: cisco-sa-20130227-hcs
Revision 1.0
For Public Release 2013 February 27 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:015
http://www.mandriva.com/security
View online: https://drupal.org/node/1929474
* Advisory ID: DRUPAL-SA-CONTRIB-2013-024
* Project: Creative Theme [1] (third-party theme)
* Version: 7.x
* Date: 2013-February-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/1929484
* Advisory ID: DRUPAL-SA-CONTRIB-2013-026
* Project: Best Responsive [1] (third-party theme)
* Version: 7.x
* Date: 2013-February-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/1929482
* Advisory ID: DRUPAL-SA-CONTRIB-2013-025
* Project: Fresh theme [1] (third-party theme)
* Version: 7.x
* Date: 2013-February-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/1929486
* Advisory ID: DRUPAL-SA-CONTRIB-2013-015
* Project: Professional [1] (third-party theme)
* Version: 7.x
* Date: 2013-February-06
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/1929512
* Advisory ID: DRUPAL-SA-CONTRIB-2013-032
* Project: Company theme [1] (third-party theme)
* Version: 7.x
* Date: 2013-February-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1929500
* Advisory ID: DRUPAL-SA-CONTRIB-2013-030
* Project: Clean Theme [1] (third-party theme)
* Version: 7.x
* Date: 2013-February-27
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:013
http://www.mandriva.com/security
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:Photodex ProShow Producer
Vendor URL: www.photodex.com
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2013-02-16
Date published: 2013-02-16
CVSSv2 Score
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:012
http://www.mandriva.com/security
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
CORE-2012-1128
1. *Advisory Information*
Title: SAP Netweaver Message Server Multiple Vulnerabilities
Advisory ID: CORE-2012-1128
Advisory URL:
http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:Photodex ProShow Producer
Vendor URL: www.photodex.com
Type: Improper Restriction of Operations within the Bounds
of a Memory Buffer[CWE-119]
Date found
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:011
http://www.mandriva.com/security
View online: http://drupal.org/node/1916370
* Advisory ID: DRUPAL-SA-CONTRIB-2013-016
* Project: Banckle Chat [1] (third-party module)
* Version: 7.x
* Date: 2013-February-13
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1916312
* Advisory ID: DRUPAL-SA-CONTRIB-2013-015
* Project: Manager Change for Organic Groups [1] (third-party module)
* Version: 7.x
* Date: 2013-February-13
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:010
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:009
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:008
http://www.mandriva.com/security
. Workarounds that mitigate this vulnerability are
available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http
RMI server. It can be downloaded from our
project details page:
http://www.security-explorations.com/en/SE-2012-01-details.html
Thank You.
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-explorations.com
We bring security research
Hello All,
A new variant of Facebook Token Hijacker is in wild. This variant is
capable of posting on behalf of victim, creating event and inviting all
friends all done by an obfuscated javascript. The main advantage of this
malware in compare to other types of phishing attack is that, it is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:007
http://www.mandriva.com/security
Hello All,
Below, we are providing you with technical details regarding
security issues reported by us to Oracle and addressed by the
company in a recent Feb 2013 Java SE CPU [1].
[Issue 29]
This issue allows for the creation of arbitrary Proxy objects
for interfaces defined in restricted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:006
http://www.mandriva.com/security
View online: http://drupal.org/node/1903264
* Advisory ID: DRUPAL-SA-CONTRIB-2013-011
* Project: email2image [1] (third-party module)
* Version: 6.x
* Date: 2013-January-30
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1903324
* Advisory ID: DRUPAL-SA-CONTRIB-2013-014
* Project: Drush Debian Packaging [1] (third-party module)
* Version: 7.x
* Date: 2013-January-30
* Security risk: Critical [2]
* Exploitable from: Local
* Vulnerability: Information Disclosure
501 - 600 of 3960 matches
Mail list logo