Next Page >>
Security vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities
Advisory ID: cisco-sa-20111019-sns
Revision 1.0
For Public Release 2011 October 19 16:00 UTC (GMT)
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each non-resident speaker will receive accommodation for 3 nights / 4
days. For each non-resident speaker, HITB will cover travel expenses up
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0011
Synopsis: VMware Studio 2.1 addresses security vulnerabilities
in virtual appliances created with Studio 2.0.
Issue date: 2010-07-13
Updated on: 2010-07-13 (initial release of advisory)
CVE numbers: CVE-2010-2427 CVE-2010-2667
- ------------------------------------------------------------------------
== Overview ==
CodeScan Labs (www.codescan.com), has recently released a new source
code scanning tool, CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code for security vulnerabilities.
CodeScan utilises an intelligent source code parsing engine, traversing
execution paths and tracking the flow of user supplied input.
During the ongoing testing of CodeScan ASP, Xoops was selected as one of
the test applications. We downloaded Xoops from the Xoops website
use of the vulnerability described in this advisory.
The privilege escalation and information leakage vulnerabilities were
reported to Cisco by the National Australia Bank's Security Assurance
team. Cisco PSIRT appreciates the opportunity to work with researchers
on security vulnerabilities and welcomes the opportunity to review and
assist in product reports.
The default credentials vulnerability was found during internal testing.
Status of this Notice: FINAL
The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and
Jeff Jarmoc from SecureWorks.
The Cisco PSIRT greatly appreciates the opportunity to work with
researchers on security vulnerabilities, and welcomes the opportunity to
review and assist in product reports.
All other vulnerabilities were found during internal testing and during
the resolution of customer service requests.
informing the company about a discovered vulnerability. Along with the
notice, the company also received our Proof of Concept code.
More technical details regarding the discovered security vulnerability
in Apple Quicktime will be disclosed at the time of the publication of
the SE-2012-01 project (Security Vulnerabilities in Java SE).
Thank you.
Best Regards
Adam Gowdiak
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each non-resident speaker will receive accommodation for 3 nights / 4
days at the Krasnapolsky. For each non-resident speaker, HITB will cover
MULTI SECURITY VULNERABILITIES IN MVNFORUM
1. General Information
mvnForum is software used for creating forums on the Internet
(http://www.mvnforum.com). This is an open source software making use of
Java J2EE (ISP/Servlet) technology.
On September 6 2008, SVRT-Bkis found several CSRF and XSS vulnerabilities in
some functions of mvnForum 1.2 GA. These are highly serious vulnerabilities
allowing hackers to perform privilege escalation attack on the Forum.
Applications of Cryptographic Techniques
Side Channel Analysis of Hardware Devices
Analysis of Malicious Code / Viruses / Malware
Data Recovery, Forensics and Incident Response
Hardware based attacks and reverse engineering
Windows / Linux / OS X / *NIX Security Vulnerabilities
Next Generation Exploit and Exploit Mitigation Techniques
NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each accepted submission will entitle the speaker / speakers to
accommodation for 3 nights / 4 days and travel expense reimbursement up
. 2010-01-12:
Technical details sent to Cherokee and Mongoose teams by Core.
. 2010-01-12:
Cherokee team notifies Core that the issues have been evaluated and
considered security vulnerabilities. Cherokee team also informs us that
they are not currently shipping Windows binaries because they are aware
of all this sort of issues. The Windows port has not received much
attention for the last few years and it is far from being ready for
production. Cherokee team also states that they will link Core advisory
from their bug-tracker as soon as it is published. Currently the Windows
== Overview ==
CodeScan Labs (http://www.codescan.com), has recently released a new source
code scanning tool, CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code for security vulnerabilities.
CodeScan utilises an intelligent source code parsing engine, traversing
execution paths and tracking the flow of user supplied input.
During the ongoing testing of CodeScan ASP, VP-ASP was selected as one of
the test applications. We downloaded a demo of VP-ASP from the VP-ASP
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco by the National Australia
Bank's Security Assurance team. Cisco PSIRT appreciates the opportunity
to work with researchers on security vulnerabilities and welcomes the
opportunity to review and assist in product reports.
Status of this Notice: FINAL
============================
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Your submission will be reviewed by The HITB CFP Review Committee which
includes:
use of the vulnerabilities described in this advisory.
The directory traversal and SQL injection vulnerabilities were
discovered and reported to Cisco by Gabriele Giuseppini from Cigital.
Cisco PSIRT appreciates the opportunity to work with researchers on
security vulnerabilities and welcomes the opportunity to review and
assist in product reports. The DoS vulnerability was found during
internal testing.
Status of this Notice: FINAL
============================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
Cisco PSIRT greatly appreciates the opportunity to work with
researchers on security vulnerabilities and welcomes the opportunity
to review and assist in product reports. We would like to thank
VoIPshield for working with us towards the goal of keeping Cisco
networks and the Internet, as a whole, secure.
Status of this Notice: FINAL
Interaction.
References:
"ProCheckUp - Security Vulnerabilities"
http://www.procheckup.com/Vulnerabilities.php
BEA's BEA08-186.00 advisory:
"Security Advisories and Notifications"
The RADIUS shared secret and a valid known Network Access Server
(NAS) IP address must be known to carry out this exploit.
The Cisco PSIRT team greatly appreciates the opportunity to work with
researchers on security vulnerabilities, and we welcome the
opportunity to review and assist in product reports. We thank Laurent
Butti and Gabriel Campana of Orange Labs / France Telecom Group for
reporting this vulnerability to Cisco PSIRT.
Software patches are available for customers with support contracts
This vulnerability was reported to Cisco by Dave Lewis from
Liquidmatrix.org.
Cisco PSIRT greatly appreciates the opportunity to work with
researchers on security vulnerabilities, and we welcome the
opportunity to review and assist in product reports.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
~ CVE-2008-1340
- -------------------------------------------------------------------
1. Summary:
~ Several critical security vulnerabilities have been addressed
~ in the newest releases of VMware's hosted product line.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
This vulnerability was reported to Cisco by Nico Leidecker and Tracey
Parry at Portcullis Computer Security Limited. Cisco PSIRT would like
to thank these two individuals for bringing this issue to our
attention and for working with PSIRT toward coordinated disclosure of
the issue. Cisco PSIRT greatly appreciates the opportunity to work
with researchers on security vulnerabilities and welcomes the
opportunity to review and assist in product reports.
Status of this Notice: FINAL
============================
Vendor: MS07-051
10. About Assurent VRS
Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs, and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats including worm & virus outbreaks and high-risk spyware. The VRS and TPP services are real-time feeds providing subscribers with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers.
http://www.assurent.com/
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0012
Synopsis: VMware vCenter Update Manager fix for Jetty Web
server addresses important security vulnerabilities
Issue date: 2010-07-19
Updated on: 2010-07-19 (initial release of advisory)
CVE numbers: CVE-2009-1523 CVE-2009-1524
- ------------------------------------------------------------------------
http://www.trustmatta.com/advisories/MATTA-2010-001.txt
Cisco would like to thank Florent Daigniere of Matta Consulting for
reporting these vulnerabilities to us. Cisco greatly appreciate the
opportunity to work with researchers on security vulnerabilities and
welcome the opportunity to review and assist in product reports.
Additional Information
======================
6. *Vendor Information, Solutions and Workarounds*
Core would like to thanks Manikandan.T [2] for giving us the following
detailed information about the way Zoho team has addressed the security
vulnerabilities highlighted in this document.
6.1. *Solution to the Weak security question mechanism*
[CVE-2010-3272] In addition to the Security Questions, the latest
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco TelePresence System Software table
defines a specific defect, the first fixed release, and the
recommended release to resolve all the security vulnerabilities
identified in this advisory as well as other vulnerabilities that are
not security related. Cisco recommends upgrading to a release equal
to or later than the release in the Recommended Releases column of
the table.
Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities
Advisory ID: SSCHADV2011-018
Author: Stefan Schurtz
Affected Software: Successfully tested on AdaptCMS 2.0.1
Vendor URL: http://www.adaptcms.com/
Vendor Status: fixed
CVE-ID: -
==========================
Vulnerability Description:
Products and Services menu of the Cisco Security Intelligence
Operations (SIO) Portal. Following this transition, new Cisco Security
Advisories and Responses will be published to the new location.
Although the URL has changed, the content of security documents and
the vulnerability policy are not impacted. Cisco will continue to
disclose security vulnerabilities in accordance with the published
Security Vulnerability Policy.
Affected Products
=================
Services menu of the Cisco Security Intelligence Operations (SIO)
Portal. Following this transition, new Cisco Security Advisories and
Responses will be published to the new location. Although the URL has
changed, the content of security documents and the vulnerability
policy are not impacted. Cisco will continue to disclose security
vulnerabilities in accordance with the published Security
Vulnerability Policy.
Affected Products
=================
Services menu of the Cisco Security Intelligence Operations (SIO)
Portal. Following this transition, new Cisco Security Advisories and
Responses will be published to the new location. Although the URL has
changed, the content of security documents and the vulnerability
policy are not impacted. Cisco will continue to disclose security
vulnerabilities in accordance with the published Security
Vulnerability Policy.
Affected Products
=================
Next Page>>
|
