Next Page >>
September
Advisory ID: cisco-sa-20110928-dlsw
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Advisory ID: cisco-sa-20110928-ipv6mpls
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Advisory ID: cisco-sa-20110928-ipsla
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Advisory ID: cisco-sa-20110928-ipv6
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
Advisory ID: cisco-sa-20110928-sip
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
Advisory ID: cisco-sa-20110928-zbfw
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
Advisory ID: cisco-sa-20110928-smart-install
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
Advisory ID: cisco-sa-20110928-c10k
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
going to be, but I'm sure you already know that it's going to kick ass
or don't give a hoot and aren't going to read any further.
Now that we've eliminated all of the losers here's some details about
the con this year. We'll be having the main conference again at the
San Diego Convention Center on September 26th-28th, starting off with
our standard reception on Friday night, 50-minute talks on Saturday,
and 20-minute talks on Sunday. We will also be having 2 days of
hands-on training on September 24th-25th, 2008 and our Deep Knowledge
Seminars on September 26th, 2008. Talks are currently being accepted
for all slots and will be given preference based on the order that
A potential security vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerability could be exploited remotely to download arbitrary files.
References: CVE-2010-3286
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Systems Insight Manager (SIM) for HP-UX, Linux v6.0 prior to September 2010 Hotfix
HP Systems Insight Manager (SIM) for HP-UX, Linux v6.1 prior to September 2010 Hotfix
HP Systems Insight Manager (SIM) for Windows v6.0 prior to September 2010 Hotfix or prior to v6.0 Update 2
HP Systems Insight Manager (SIM) for Windows v6.1 prior to September 2010 Hotfix or prior to v6.1 Update 2
BACKGROUND
going to be, but I'm sure you already know that it's going to kick ass
or don't give a hoot and aren't going to read any further.
Now that we've eliminated all of the losers here's some details about
the con this year. We'll be having the main conference again at the
San Diego Convention Center on September 26th-28th, starting off with
our standard reception on Friday night, 50-minute talks on Saturday,
and 20-minute talks on Sunday. We will also be having 2 days of
hands-on training on September 24th-25th, 2008 and our Deep Knowledge
Seminars on September 26th, 2008. Talks are currently being accepted
for all slots and will be given preference based on the order that
________________________________________________________________________
Title: Crypto backdoor in Qnap storage devices
Date: 18 September 2009
URL:
http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt
________________________________________________________________________
Vendor: QNAP Systems
This vulnerability was discovered by Security Researcher
Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.
--[ Disclosure timeline:
* First private disclosure to vendor on September 19th 2008.
* First vendor reply on September 19th 2008 : Without asking for any PoC,
The BitDefender Support Team states that "This has been fixed in
latest version".
* September 19th 2008 : We manage to repeat crash with the updated
version of the scanner.
SPECIAL DATES
August 29th, 2008 - Call for papers closes
August 29th, 2008 - Workshops & seminars pre-registration increases
September 5th, 2008 - Speaker & sponsor selection finalized
September 12th, 2008 - Pre-registration closes
September 24th, 2008 - ToorCon training workshops start
September 26th, 2008 - ToorCon seminars & conference reception
September 27th, 2008 - ToorCon conference 50-minute talks
September 28th, 2008 - ToorCon conference 20-minute talks
=============================================
INTERNET SECURITY AUDITORS ALERT 2010-008
- Original release date: August 30th, 2010
- Last revised: September 21st, 2010
- Discovered by: Vicente Aguilera Diaz
- Severity: 4/10 (CVSSv2 Base Scored)
=============================================
I. VULNERABILITY
-------------------------
/65AfariaFx55/65AfariaFx55Admin/65AfariaFx55.htm
Timeline:
August 21st Contacted vendor PSIRT
September 2nd Vendor responded. Patch confirmed
September 2nd Inquired patch release date
September 2nd Vendor responded. No release date yet
available.
September 22nd Status update request sent to vendor
September 23rd Vendor responded. No release date available.
Hello netizens! This is an update about the OWASP AppSec USA 2011 software security conference in Minneapolis this September.
*** CALL FOR PAPERS ***
Have something important to say about software security? The OWASP AppSec USA 2011 Call for Papers is still open. We're looking for hardcore talks in cloud security, mobile security, new attacks & defenses, and straight up software development platforms. Get your submission in before time runs out. And have your developer friends submit a talk!
http://www.appsecusa.org/talks.html
The AppSec USA 2011 talks will be delivered September 22-23, 2011 in Minneapolis, Minnesota. In addition to the talks, we'll have excellent keynotes like Moxie Marlinspike.
Systems Administrator
Virginia Tech
-----Original Message-----
From: Larry Seltzer [mailto:larry@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
> Systems Administrator
> Virginia Tech
>
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Yes, they used the bulletin to soft-pedal the description, but at the
> Systems Administrator
> Virginia Tech
>
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Yes, they used the bulletin to soft-pedal the description, but at the
>>> Systems Administrator
>>> Virginia Tech
>>>
>>> -----Original Message-----
>>> From: Larry Seltzer [mailto:larry@larryseltzer.com] Sent: Wednesday,
>>> September 16, 2009 5:03 PM
>>> To: Susan Bradley; Thor (Hammer of God)
>>> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>>> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>>>
>>> Yes, they used the bulletin to soft-pedal the description, but at the
[*] TOORCON X LINEUP & TRAINING SEMINARS POSTED & PRE-REGISTRATION ENDING
We're very proud to announce our lineup for this year and wanted to remind everyone that ToorCon is happening in less than a month! We also have a couple different training workshops and a day of seminars in addition to the conference for anyone looking for training. As such, we will be closing pre-registration soon (September 12th, 2008) and are trying to let everyone know it's their last chance to get the best deals on one of the best hacker conferences in the US. As always, more information is available at http://www.toorcon.org. If you have any questions, please don't hesitate to email me.
[*] CONFERENCE
Pre-Registration: $100
Door Price: $140
September 26th-28th, 2008
[ * ] ekoparty Security Conference and Trainings - 6th edition [ * ]
http://www.ekoparty.org
Trainings: September 13-15 / Conference: September 16-17, 2010
Ciudad Autonoma de Buenos Aires, Argentina
[*] WHAT?
ekoparty is a one-of-a-kind event in South America; an annual security
conference held in Buenos Aires where security specialists from all over
> including webdav, so a share that could be fully controlled by the
> exploiter. At least that is what I am understanding.
>
>
>
> Updates released on September 13, 2011
>
> Microsoft Security Bulletin MS11-071, "Vulnerability in Windows Components
> Could Allow Remote Code Execution," provides support for vulnerable
> components of Microsoft Windows that are affected by the Insecure Library
> Loading class of vulnerabilities described in this advisory.
Remove DoS, possibly remote code execution.
--[ Vendor response:
* On September 24th 2008, the vendor stated :
"With (the) mentioned version of avast4workstation 1.0.8_2, indeed,
this bug existed. It was a stack-overflow, caused by cycling over
intertwined directories on corrupted ISO files. All versions built
since 22.1.2008 have this fixed. Thanks for your report."
Next Page>>
|
