Next Page >>
Security Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention
Advisories
Updated April 25, 2011
Summary:
appropriate
operating system from the section HomeBase 6.2 SP3. This includes
Security
Vulnerability HB6042
. HomeBase Server 6.3.2. Download the binaries for the
appropriate
operating system from the section HomeBase 6.3 SP2. This includes
Hi Mustlive,
I'm not sure if there's a need to discuss or clarify this any further.
Please refer to my earlier posts, and for the sake of saving some of our
time & efforts, avoid drawing tangents about scripts and noscripts (I've
clarified both earlier) & weasel words (security vulnerability and nntp
exploit - irrelevent in this case).
JS or no-JS, this issue is nothing new, this behavior is well-defined and a
necessity and definitely not a URI (of any kind) exploit or a security
vulnerability.
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
3. *Vulnerability Description*
XnView [1] is prone to a security vulnerability when processing MBM
files. This vulnerability could be exploited by a remote attacker to
execute arbitrary code on the target machine, by enticing the user of
XnView to open a specially crafted file.
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0006
Synopsis: VMware Hosted products and patches for ESX and ESXi
resolve a critical security vulnerability
Issue date: 2009-04-10
Updated on: 2009-04-10 (initial release of advisory)
CVE numbers: CVE-2009-1244
- ------------------------------------------------------------------------
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080516.1
___________________________________________________________________
Name: Altiris Deployment Solution - SQL Injection
Released: 16 May 2008
Vendor Link:
http://www.altiris.com/
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080910.1
___________________________________________________________________
Name: MS Office OneNote URL Handling Vulnerability
Released: 10 September 2008
Vendor Link:
http://http://office.microsoft.com/onenote
8. *Report Timeline*
. 2009-12-02:
Being unable to find a security contact on Corel website, Core Security
Technologies requests CERT/CC for assistance in contacting Corel to
report a security vulnerability.
. 2009-12-02:
CERT/CC informs Core that it will attempt to contact Corel.
. 2009-12-22:
Updated October 28, 2011
Summary:
RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.
Appliance user session is not terminated properly after logout using Firefox 4 and 5 (CVE-2011-2740).
Read the corresponding RSA Key Manager Appliance 2.7.1.6 release notes for the details of resolved issues.
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
Security vulnerability was founded in sap EPS_DELETE_FILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack.
Digital Security Research Group [DSecRG] Advisory (Internal #DSECRG-00195)
Application: SAP NetWeaver ABAP
Versions Affected: SAP NetWeaver ABAP
Vendor URL: www.sap.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
RSA, The Security Division of EMC, informs about potential security
vulnerability in RSA enVision® versions prior 3.7 SP1
Security Advisory
Updated July 30, 2010
with a single packet if appropiate network filtering is not in place.
Vendor Response:
There is a security vulnerability that could allow for Denial of
Service (DoS) by sending a specifically crafted TCP/IP packet to the
mobile device. However most attempts to exploit this vulnerability
would result in a Denial of Service Condition on the networking
capabilities of the device.
the database.
Vendor Response:
There is a security vulnerability in Beehive Forum that could
allow for user logon and password MD5 hash disclosure.
This vulnerability has been fixed in the latest release of the
product, Beehive Forum 0.8. It is recommend all users immediately
obtain the newest version of Beehive Forum to protect against
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080709.1
___________________________________________________________________
Name: Microsoft SQL Server - Corrupt Backup File Heap Overflow
Released: 09 July 2008
Vendor Link:
http://www.microsoft.com/sql/default.mspx
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-100216.1
___________________________________________________________________
Name: Windows URL Handling Vulnerability
Released: 16 February 2010
Vendor Link:
http://www.microsoft.com/
apparent due to the use of a UNICODE string for the password so every second
byte is 0x00 XOR 0xE9 which equals 0xE9.
Vendor Response:
There is a security vulnerability that could allow for Information Disclosure.
An attacker would need to do one of two things, either tether a cable to the
USB sync cable or bind a network sniffer to the USB-RNDIS interface - requiring
administrative permissions on the workstation hosting the AS connection.
Recommendation:
Updated January 25, 2012
Summary:
RSA, The Security Division of EMC, announces security fixes to address a security vulnerability and provide an enhancement in RSA enVision®.
Affected Products:
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- - - --------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
*Security Vulnerability in CLR stored procedure deployment from IBM
Database Add-Ins for Visual Studio*
September 15th 2008
Risk Level:
9. *Report Timeline*
. 2010-11-24:
Core Security Technologies contacts IBM, requesting the proper point of
contact to report a security vulnerability in IBM WebSphere Application
Server.
. 2010-11-29:
Vendor responds providing the point of contact to report the
vulnerability, and its PGP key to encrypt communications.
Consulting Services Advisory PGP Key:
http://www.symantec.com/research/Symantec_Consulting_Services_Advisories_PGP.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
-- Vulnerability report timeline:
2010-08-21: Taddong tries to report the vulnerability to HTC through the standard channels (web, e-mail...) without success.
2010-08-23: Taddong contacts other security researchers (Thanks Alberto!) previously involved in reporting vulnerabilities to HTC in order to identify a valid contact or notification channel to let HTC know about the issue.
2010-08-25: Taddong spends around a week trying to identify a secure channel to report the issue to HTC, without any success. Please, read "The Seven Deadly Sins of Security Vulnerability Reporting"!! [1]
2010-09-03: Taddong finally decides to notify HTC about the vulnerability through the only available (but insecure) web channel and sends a brief technical report.
2010-09-04: HTC confirms they "...will investigate (the issue) and get back to us as soon as they get a reply."
2010-09-19: Taddong contacts HTC again (after 15 days) emphasizing this is a serious issue that requires immediate action, as Twitter credentials are directly exposed. Taddong tried to get an estimated date when an update would be available in order to proceed to publicly and responsibly disclose the vulnerability.
2010-09-20: HTC replies and they "...apologize for the inconvenience and the delay. The case is being investigated and they will get back to us as soon as they get a reply."
2010-10-03: Taddong contacts HTC again (one month since the initial notification) in order to gather specific details, such as an official confirmation of the vulnerability and an estimated fix release date, trying to coordinate the publication of the associated advisory.
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
Vulnerability Summary:
EMC Documentum Content Server contains a privilege elevation vulnerability that may allow an unauthorized user to obtain highest administrative privileges on the system.
Vulnerability Details:
EMC Documentum Content Server contains a security vulnerability that may allow a system administrator to elevate their or other users’ privileges to highest super user privileges without appropriate authorization. Refer to EMC Documentum Content Server documentation for information on Documentum Content Server user and group privileges.
Resolution:
The following EMC Documentum Content Serve products contain resolutions to this issue:
EMC SW: EMC NetWorker 7.5.x
EMC SW: EMC NetWorker 7.6.x
Vulnerability Summary:
EMC NetWorker contains a potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system.
ulnerability Details:
Unspecified file in EMC NetWorker contains incorrect permissions. This can potentially be exploited in certain conditions by an authenticated user to execute malicious code in the context of privileged user on the affected system. The vulnerability only exists for environments that are utilizing client push.
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
Consulting Services Advisory PGP Key:
http://www.symantec.com/research/Symantec_Consulting_Services_Advisories_PGP.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability reporting and response:
http://www.symantec.com/security/
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080516.2
___________________________________________________________________
Name: Altiris Deployment Solution - Domain Account Disclosure
Released: 16 May 2008
Vendor Link:
http://www.altiris.com/
Next Page>>
|
