New User, Welcome!     Login

<< Previous Next >>

public

Re: defining 0day

> On 9/25/07, Brian Loe <knobdy@gmail.com> wrote:
>> On 9/25/07, Gadi Evron <ge@linuxbox.org> wrote:
>> > No longer good enough.
>> >
>> > We can get a press scare over a public vuln release, or a wake-up call.
>> >
>> > I think we can do better as an industry.
>>
>> Who, then, rewrites all of the reference material? And doesn't any new
>> definition simply become definition number 2 in Webster?

Re: Vulnerabilities in some SCADA server softwares

On 3/23/2011 2:13 PM, Theo de Raadt wrote:
>> If *any* threat exists,
>> that threat is increased by public exposure of unmitigated attack
>> methodology
> I think you have it wrong.
>
> Public exposure increases the visibility, and therefore customers
> install the patches quicker.
>
> Without public visibility, they will keep running the old code.

Re: Vulnerabilities in some SCADA server softwares

 Jamie

On 23 March 2011 18:36, J. Oquendo <sil@infiltrated.net> wrote:
> On 3/23/2011 2:13 PM, Theo de Raadt wrote:
>>> If *any* threat exists,
>>> that threat is increased by public exposure of unmitigated attack
>>> methodology
>> I think you have it wrong.
>>
>> Public exposure increases the visibility, and therefore customers
>> install the patches quicker.

Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities

Advisory ID: cisco-sa-20110525-rvs4000

Revision 1.0

For Public Release 2011 May 25 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine

Advisory ID: cisco-sa-20110824-ime

Revision 1.0

For Public Release 2011 August 24 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability

Advisory ID: cisco-sa-20110907-nexus

Revision 1.0

For Public Release 2011 September 07 1600 UTC (GMT)
+---------------------------------------------------------------------

Summary
=======

802.1X password exploit on many HTC Android devices

--------------------------------------------------------------------------------
Timeline:
--------------------------------------------------------------------------------
- 2012-02-01: Public disclosure
- 2012-01-31: Submit final public disclosure doc to HTC Global for feedback
- 2012-01-31: HTC publishes information via their web site
- 2012-01-20: Public disclosure ? postponed
- 2012-01-19: Discussion with HTC Global on their time schedule
- 2012-01-05: Conference call with HTC Global

CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL)

        1/21/2010 - IMail vendor contacted
        1/26/2010 - Got a reply from the vendor (product development manager) for more vulnerability clarification.
                    No fix yet.
        2/02/2010 - Received another reply from the vendor: Issues logged for additional research.  No plans for
                    immediate changes.  A public advisory was also suggested by the vendor as reference in their
                    tech/KB article.
        2/04/2010 - Public disclosure: Advisory created.  Vendor informed.

0x04 : Exploit/Proof-of-Concept

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20100303-cucm

Revision 1.0

For Public Release 2010 March 3 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance

Advisory ID: cisco-sa-20100210-ironport

Revision 1.0

For Public Release 2010 February 10 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances

Advisory ID: cisco-sa-20100217-asa

Revision 1.0

For Public Release 2010 February 17 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent

Advisory ID: cisco-sa-20100217-csa

Revision 1.0

For Public Release 2010 February 17 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability

Advisory ID: cisco-sa-20100120-ipm

Revision 1.0

For Public Release 2010 January 20 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator

Document ID: 111014

Advisory ID: cisco-sa-20100526-mediator

http://www.cisco.com/warp/public/707/cisco-sa-20100526-mediator.shtml

Revision 1.0

For Public Release 2010 May 26 1600 UTC (GMT)

Cisco Security Advisory: Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability

Cisco Security Advisory: Cisco Firewall Services Module Skinny Client
Control Protocol Inspection Denial of Service Vulnerability

Advisory ID: cisco-sa-20100217-fwsm

http://www.cisco.com/warp/public/707/cisco-sa-20100217-fwsm.shtml

Revision 1.0

For Public Release 2010 February 17 1600 UTC (GMT)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Digital Media Manager

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Digital
Media Manager

Advisory ID: cisco-sa-20100303-dmm

http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmm.shtml

Revision 1.0

For Public Release 2010 March 03 1600 UTC (GMT)

Cisco Security Advisory: Multiple vulnerabilities in Cisco PGW Softswitch

Document ID: 111870

Advisory ID: cisco-sa-20100512-pgw

http://www.cisco.com/warp/public/707/cisco-sa-20100512-pgw.shtml

Revision 1.0

For Public Release 2010 May 12 1600 UTC (GMT)

Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability

Advisory ID: cisco-sa-20100120-xr-ssh

Revision 1.0

For Public Release 2010 January 20 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Vulnerabilities in Cisco Unified Contact Center Express

Advisory ID: cisco-sa-20100609-uccx

Revision 1.0

For Public Release 2010 June 09 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Advisory 03/2009: Piwik Cookie unserialize() Vulnerability

  In the most recent Piwik version the Zend Framework components were
  upgraded which allows executing arbitrary PHP code directly. To
  achieve this the Zend_Log destructor is utilized.

  public function __destruct()
  {
    foreach($this->_writers as $writer) {
      $writer->shutdown();
    }
  }

Cisco Security Advisory: Cisco IOS Software IPsec Vulnerability

Advisory ID: cisco-sa-20100324-ipsec

Revision 1.0

For Public Release 2010 March 24 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability

Advisory ID: cisco-sa-20100324-sccp

Revision 1.0

For Public Release 2010 March 24 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20100324-sip

Revision 1.0

For Public Release 2010 March 24 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability

Cisco Security Advisory: Cisco Digital Media Player Remote Display
Unauthorized Content Injection Vulnerability

Advisory ID: cisco-sa-20100303-dmp

http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmp.shtml

Revision 1.0

For Public Release 2010 March 03 1600 UTC (GMT)

Cisco Security Advisory: Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability

Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass
Vulnerability

Advisory ID: cisco-sa-20100421-vsc

http://www.cisco.com/warp/public/707/cisco-sa-20100421-vsc.shtml

Revision 1.0

For Public Release 2010 APR 21 1600 UTC (GMT)

Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20091014-cup

Revision 1.0

For Public Release 2009 October 14 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability

Advisory ID: cisco-sa-20090923-ntp

Revision 1.0

For Public Release 2009 September 23

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability

Advisory ID: cisco-sa-20090923-h323

Revision 1.0

For Public Release 2009 September 23

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20090923-sip

Revision 1.0

For Public Release 2009 September 23

+---------------------------------------------------------------------

Summary
=======

Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability

Advisory ID: cisco-sa-20090923-acl

Revision 1.0

For Public Release 2009 September 23

+---------------------------------------------------------------------

Summary
=======
<<Previous Next>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!