Hello,
This year there is an advent calendar aimed at security -
http://secadvent.com
Every day for the period Dec 1 -25 a security related article will be
published on the website.
Today's article is a crypto type puzzle.
Best of luck from the Security Advent Cal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:176
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:175
http://www.mandriva.com/security
View online: http://drupal.org/node/1853376
* Advisory ID: DRUPAL-SA-CONTRIB-2012-172
* Project: Zero Point [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-November-28
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1853200
* Advisory ID: DRUPAL-SA-CONTRIB-2012-168
* Project: Services [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-11-28
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure
View online: http://drupal.org/node/1853244
* Advisory ID: DRUPAL-SA-CONTRIB-2012-170
* Project: Multi-Language Link and Redirect (MultiLink) [1] (third-party
module)
* Version: 6.x, 7.x
* Date: 2012-November-28
* Security risk: Moderately critical [2]
* Exploitable from: Remote
View online: http://drupal.org/node/1853268
* Advisory ID: DRUPAL-SA-CONTRIB-2012-171
* Project: Webmail Plus [1] (third-party module)
* Version: 6.x
* Date: 2012-November-28
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: SQL Injection
View online: http://drupal.org/node/1853214
* Advisory ID: DRUPAL-SA-CONTRIB-2012-169
* Project: Email Field [1] (third-party module)
* Version: 6.x
* Date: 2012-11-28
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting, Access bypass
View online: http://drupal.org/node/1853198
* Advisory ID: DRUPAL-SA-CONTRIB-2012-167
* Project: Mixpanel [1] (third-party module)
* Version: 6.x
* Date: 2012-November-28
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
Hello All,
We have decided to release additional information about security
issues discovered as part of our digital satellite TV research.
This additional publication is done in a response to continuous
inquiries received regarding SE-2011-01 project.
Cumulative reports containing detailed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:174
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:173
http://www.mandriva.com/security
Hello All,
We have updated our project details page and added selected Proof of
Concept codes to it that have been developed as part of our Java SE
security research. They are available for download from SE-2012-01
project details page. Those willing to better understand Reflection
API based
n.runs AG
http://www.nruns.com/
security(at)nruns.com
n.runs-SA-2012.004
19-Nov-2012
Vendors:Splunk Inc., http://www.splunk.com
Product:Splunk 4.0 - 4.3.4
Vulnerability: Unauthenticated remote
n.runs AG
http://www.nruns.com/
security(at)nruns.com
n.runs-SA-2012.004
19-Nov-2012
Vendors:Splunk Inc., http://www.splunk.com
Product:Splunk 4.0 - 4.3.4
Vulnerability: Unauthenticated remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:172
http://www.mandriva.com/security
Hello All,
On 14 Nov 2012, Security Explorations delivered a talk at Devoxx Java
Community Conference in Antwerp where we disclosed details pertaining
to our research project verifying security of Java SE platform (project
SE-2012-01).
Presentation slides for this talk along with our more
View online: http://drupal.org/node/1841046
* Advisory ID: DRUPAL-SA-CONTRIB-2012-166
* Project: Table of Contents [1] (third-party module)
* Version: 6.x
* Date: 2012-November-14
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1840992
* Advisory ID: DRUPAL-SA-CONTRIB-2012-165
* Project: Chaos tool suite (ctools) [1] (third-party module)
* Version: 6.x
* Date: 2012-November-14
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: http://drupal.org/node/1840892
* Advisory ID: DRUPAL-SA-CONTRIB-2012-164
* Project: Smiley [1] (third-party module)
* Project: Smileys [2] (third-party module)
* Version: 6.x
* Date: 2012-November-14
* Security risk: Moderately critical [3]
* Exploitable from: Remote
View online: http://drupal.org/node/1840740
* Advisory ID: DRUPAL-SA-CONTRIB-2012-162
* Project: RESTful Web Services [1] (third-party module)
* Version: 7.x
* Date: 2012-November-14
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: http://drupal.org/node/1840886
* Advisory ID: DRUPAL-SA-CONTRIB-2012-163
* Project: User Read-Only [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-November-14
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:171
http://www.mandriva.com/security
===
Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web
Security Appliances (WSA) include versions of Sophos Anti-Virus that
contain multiple vulnerabilities that could allow an unauthenticated,
remote attacker to gain control of the system, escalate privileges, or
cause a
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:Zoner Photo Studio
Vendor URL: www.zoner.com
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2012-10-17
Date published: 2012-11-09
CVSSv2 Score: 4,4 (AV:L
View online: http://drupal.org/node/1834866
* Advisory ID: DRUPAL-SA-CONTRIB-2012-160
* Project: OM Maximenu [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-November-07
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: http://drupal.org/node/1834868
* Advisory ID: DRUPAL-SA-CONTRIB-2012-161
* Project: Webform CiviCRM Integration [1] (third-party module)
* Version: 7.x
* Date: 2012-November-07
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access
Secure ACS.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds for this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2)
Virtual Security Gateway Bypass Issue
Document ID: cisco-sr-20121107-n1k
Revision 1.0
For Public Release 2012 November 7 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:170
http://www.mandriva.com/security
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2012.003 02-Nov-2012
Vendors:Splunk Inc., http://www.splunk.com
Product
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2012.003 02-Nov-2012
Vendors:Splunk Inc., http://www.splunk.com
Product
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:169
http://www.mandriva.com/security
View online: https://drupal.org/node/1828340
* Advisory ID: DRUPAL-SA-CONTRIB-2012-159
* Project: Password policy [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-October-31
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Information
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote
Command Execution Vulnerability
Advisory ID: cisco-sa-20121031-dcnm
Revision 1.0
For Public Release 2012 October 31 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified
MeetingPlace Web Conferencing
Advisory ID: cisco-sa-20121031-mp
Revision 1.0
For Public Release 2012 October 31 16:00 UTC (GMT
View online: http://drupal.org/node/1822166
* Advisory ID: DRUPAL-SA-CONTRIB-2012-158
* Project: MailChimp [1] (third-party module)
* Version: 7.x
* Date: 2012-October-24
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/1822066
* Advisory ID: DRUPAL-SA-CONTRIB-2012-157
* Project: Time Spent [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-October-24
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting, Cross
Hello All,
On Oct 16, 2012, Oracle corporation released Java SE Critical Patch
Update [1], which incorporated fixes for 19 security issues that we
reported to the company earlier this year. This included a fix for
a serious Issue 32 [2] found shortly after the out-of-band patch was
released by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:168
http://www.mandriva.com/security
View online: http://drupal.org/node/1815912
* Advisory ID: DRUPAL-SA-CORE-2012-003
* Project: Drupal core [1]
* Version: 7.x
* Date: 2012-October-17
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure, Arbitrary PHP code execution
View online: http://drupal.org/node/1815770
* Advisory ID: DRUPAL-SA-CONTRIB-2012-156
* Project: Search API [1] (third-party module)
* Version: 7.x
* Date: 2012-October-17
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request Forgery
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:167
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:166
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:165
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Cisco WebEx .wrf Memory Corruption Vulnerability
1. *Advisory Information*
Title: Cisco WebEx .wrf Memory Corruption Vulnerability
Advisory ID: CORE-2012-0613
Advisory URL:
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:164
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:163
http://www.mandriva.com/security
View online: http://drupal.org/node/1808856
* Advisory ID: DRUPAL-SA-CONTRIB-2012-155
* Project: ShareThis [1] (third-party module)
* Version: 7.x
* Date: 2012-October-10
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1808852
* Advisory ID: DRUPAL-SA-CONTRIB-2012-154
* Project: Basic webmail [1] (third-party module)
* Version: 6.x
* Date: 2012-October-10
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1808846
* Advisory ID: DRUPAL-SA-CONTRIB-2012-153
* Project: Mandrill [1] (third-party module)
* Version: 7.x
* Date: 2012-October-10
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure
View online: https://drupal.org/node/1808832
* Advisory ID: DRUPAL-SA-CONTRIB-2012-152
* Project: Feeds [1] (third-party module)
* Version: 7.x
* Date: 2012-October-10
* Security risk: Not critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
DESCRIPTION
.
Cisco has updated affected versions of the WebEx meeting sites and
Cisco WebEx WRF Player to address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex
-BEGIN PGP SIGNATURE
result in a
denial of service (DoS) condition.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds that mitigate these
vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security
Appliances and Cisco Catalyst 6500 Series ASA Services Module
Advisory ID: cisco-sa-20121010-asa
Revision 1.0
For Public Release 2012 October 10 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:162
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:161
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:160
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:150-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:151-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
---
VMware Security Advisory
Advisory ID: VMSA-2012-0014
Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder
security updates
Issue
View online: http://drupal.org/node/1802258
* Advisory ID: DRUPAL-SA-CONTRIB-2012-151
* Project: Commerce extra panes [1] (third-party module)
* Version: 7.x
* Date: 2012-October-3
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request
View online: http://drupal.org/node/1802230
* Advisory ID: DRUPAL-SA-CONTRIB-2012-150
* Project: Twitter Pull [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-October-03
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1802218
* Advisory ID: DRUPAL-SA-CONTRIB-2012-149
* Project: Hostip [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-October-03
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:159
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:158
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:157
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:153-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:155-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:156
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:152-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:154-1
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:155
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:154
http://www.mandriva.com/security
View online: http://drupal.org/node/1796036
* Advisory ID: DRUPAL-SA-CONTRIB-2012-148
* Project: Organic groups [1] (third-party module)
* Version: 7.x
* Date: 2012-September-26
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
address this
vulnerability.
Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
Note: The September 26, 2012, Cisco IOS Software Security Advisory
released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcp
Note: The September 26, 2012
DHCP version 6 (DHCPv6) server feature enabled, causing a
reload.
Cisco has released free software updates that address this
vulnerability. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcpv6
Note: The
traffic from
transiting the affected interfaces.
Cisco has released free software updates that addresses this
vulnerability. There are no workarounds for this vulnerability. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa
updates that address these
vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security
at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco
updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ios-ips
Note: The September 26, 2012, Cisco IOS Software
vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a
ility to carry an early warning to the public regarding security
risks identified in a given software / technology. Due to our "old
fashioned" approach to communication (we don't tweet, blog, etc.),
we carry these warnings by the means of sending posts to Bugtraq
and Full Disclosur
Hello All,
We've recently discovered yet another security vulnerability
affecting all latest versions of Oracle Java SE software. The
impact of this issue is critical - we were able to successfully
exploit it and achieve a complete Java security sandbox bypass
in the environment of Java SE
View online: http://drupal.org/node/1789306
* Advisory ID: DRUPAL-SA-CONTRIB-2012-147
* Project: FileField Sources [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: http://drupal.org/node/1789284
* Advisory ID: DRUPAL-SA-CONTRIB-2012-146
* Project: Simplenews Scheduler [1] (third-party module)
* Version: 6.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Arbitrary PHP
View online: http://drupal.org/node/1789260
* Advisory ID: DRUPAL-SA-CONTRIB-2012-145
* Project: Imagemenu [1] (third-party module)
* Version: 6.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1789258
* Advisory ID: DRUPAL-SA-CONTRIB-2012-144
* Project: Fonecta verify [1] (third-party module)
* Version: 7.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1789252
* Advisory ID: DRUPAL-SA-CONTRIB-2012-143
* Project: PRH Search [1] (third-party module)
* Version: 7.x
* Date: 2012-September-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1789242
* Advisory ID: DRUPAL-SA-CONTRIB-2012-142
* Project: Spambot [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-September-19
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect
Secure Mobility Client
Advisory ID: cisco-sa-20120620-ac
Revision 2.0
Last Updated 2012 September 19 16:01 UTC (GMT)
For Public Release 2012 June 20 16:00 UTC (GMT
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
---
Product:Sound Editor Pro v7.5.1
Vendor URL: www.soundeditorpro.com
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2012-08-15
Date published: 2012-09-16
CVSSv2 Score
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:153
http://www.mandriva.com/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:152
http://www.mandriva.com/security
View online: http://drupal.org/node/1782580
* Advisory ID: DRUPAL-SA-CONTRIB-2012-139
* Project: PDFThumb [1] (third-party module)
* Version: 7.x
* Date: 2012-September-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: OS Injection
View online: http://drupal.org/node/1782832
* Advisory ID: DRUPAL-SA-CONTRIB-2012-141
* Project: Mass Contact [1] (third-party module)
* Version: 6.x
* Date: 2012-September-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1782686
* Advisory ID: DRUPAL-SA-CONTRIB-2012-140
* Project: Inf08 [1] (third-party module)
* Version: 6.x
* Date: 2012-September-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
)
+-
Summary
===
Cisco ASA-CX Context-Aware Security appliance and Cisco Prime Security
Manager (PRSM) contain a denial of service (DoS) vulnerability in
versions prior to 9.0.2-103.
Successful exploitation of this vulnerability on the Cisco ASA-CX
could cause the device to stop processing user
701 - 800 of 4261 matches
Mail list logo