Next Page >>
information
LayerOne 2008 Information Technology Conference
Call for Papers
May 17 & 18, 2008
Los Angeles, California (Pasadena Hilton)
http://layerone.info/
The fifth annual LayerOne information technology conference is now
accepting submissions for topic and speaker selection. As always, we
are interested seeing a broad range of pertinent topics, and encourage
>
> The OpenSSH team has been made aware of an attack against the SSH
> protocol version 2 by researchers at the University of London.
> Unfortunately, due to the report lacking any detailed technical
> description of the attack and CPNI's unwillingness to share necessary
> information, we are unable to properly assess its impact.
It is really sad researchers are prevented to share details with
developers by some lame institute. The OpenSSH developers were asked to
undersign the document below. Apart from asking to be cited as the
discoverer of a vulnerability, I would say that "you will only get
~ http://www.coresecurity.com/corelabs/
~ CitectSCADA ODBC service vulnerability
*Advisory Information*
Title: CitectSCADA ODBC service vulnerability
Advisory ID: CORE-2008-0125
Advisory URL: http://www.coresecurity.com/?action=item&id=2186
Date published: 2008-06-11
http://www.coresecurity.com/corelabs
Remote command execution, HTML and JavaScript injection vulnerabilities in
AOL’s Instant Messaging software
*Advisory Information*
Title: Remote Command execution, HTML and JavaScript injection
vulnerabilities in AOL's Instant Messaging software
Advisory ID: CORE-2007-0817
http://www.coresecurity.com/corelabs
Remote command execution, HTML and JavaScript injection vulnerabilities in
AOL’s Instant Messaging software
*Advisory Information*
Title: Remote Command execution, HTML and JavaScript injection
vulnerabilities in AOL's Instant Messaging software
Advisory ID: CORE-2007-0817
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst
6500 Series ASA Services Module are affected by multiple
vulnerabilities. Affected versions of Cisco ASA Software will vary
depending on the specific vulnerability. Consult the "Software
Versions and Fixes" section of this security advisory for more
information about the affected version.
Cisco PIX Security Appliances may be affected by some of the
vulnerabilities described in this security advisory. Cisco PIX has
reached end of maintenance support. Cisco PIX Security Appliance
customers are encouraged to migrate to Cisco ASA 5500 Series Adaptive
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02002308
Version: 1
HPSBOV02506 SSRT090244 rev.1 - HP Secure Web Server for OpenVMS (based on Apache) CSWS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-03-23
Last Updated: 2010-03-23
* Point to Point Tunneling Protocol (PPTP)
* X.25 for Record Boundary Preservation (RBP)
* X.25 over TCP (XOT)
* X.25 Routing
Information on how to determine whether an affected feature is
enabled on a device are provided in the Details section of this
advisory.
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
Summary
=======
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances that may result
in a reload of the device or disclosure of confidential information.
This security advisory outlines details of the following
vulnerabilities:
* Erroneous SIP Processing Vulnerabilities
* IPSec Client Authentication Processing Vulnerability
Version: 1
HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC
TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM),
Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of
Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2013-03-07
Richards-Zeta Mediator products. This security advisory outlines
details of the following vulnerabilities:
* Default credentials
* Privilege escalation
* Unauthorized information interception
* Unauthorized information access
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of the listed
vulnerabilities are available.
advisory. This advisory addresses Cisco TelePresence endpoint devices
and details the following vulnerabilities:
* Unauthenticated Common Gateway Interface (CGI) Access
* CGI Command Injection
* TFTP Information Disclosure
* Malicious IP Address Injection
* XML-Remote Procedure Call (RPC) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory: Oracle JD Edwards JDENET Multiple Information Disclosure
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02079216
Version: 1
HPSBUX02517 SSRT100058 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-19
Last Updated: 2010-04-19
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02079216
Version: 1
HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-13
Last Updated: 2010-04-13
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02122104
Version: 1
HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-01
Last Updated: 2010-06-01
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02227261
Version: 1
HPSBOV02539 SSRT090267 rev.1 - HP OpenVMS Auditing, Local Information Disclosure, Elevation of Privilege, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-07-12
Last Updated: 2010-07-12
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02286740
Version: 1
HPSBMA02555 SSRT100064 rev.1 - HP Client Automation Enterprise Infrastructure (Radia) Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-07-12
Last Updated: 2010-07-12
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02009377
Version: 1
HPSBPI02507 SSRT100012 rev.2 - HP DreamScreen, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-02-11
Last Updated: 2010-02-11
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
WordPress Privileges Unchecked in admin.php and Multiple Information
Disclosures
1. *Advisory Information*
Document ID: c01530663
Version: 1
HPSBST02360 SSRT080117 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-041 to MS08-051
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-08-18
Last Updated: 2008-08-18
Potential Security Impact: Please check the table below
http://www.coresecurity.com/corelabs/
Wonderware SuiteLink Denial of Service vulnerability
*Advisory Information*
Title: Wonderware SuiteLink Denial of Service vulnerability
Advisory ID: CORE-2008-0129
Advisory URL: http://www.coresecurity.com/?action=item&id=2187
Date published: 2008-05-05
From http://support.microsoft.com/kb/890830
======
Reporting component
The Malicious Software Removal Tool sends information to Microsoft if it detects malicious software or finds an error. The specific information that is sent to Microsoft consists of the following items: * The name of the malicious software that is detected
* The result of malicious software removal
* The operating system version
* The operating system locale
* The processor architecture
* The version number of the tool
From the April 2008 MSRT EULA (which is the latest I have):
" However, Microsoft may collect and publish aggregated data about the use of the software."
For all we know, Microsoft includes a database of signatures of known malware files on the removal tool being handed out to law enforcement, and that's the only information that's been handed over. Or perhaps Microsoft got the consent of specific users to hand information over the 3rd parties? We don't know, because we don't have facts.
At the moment all you have is:
a) one PC World article that claims Microsoft has used information gathered from the MSRT in the tool handed to law enforcement
b) even assuming that (a) is strictly correct, we don't know what information was actually used/included
c) and if the information is aggregate in nature (e.g. names and hashes of known malicious files) then it appears to be within the scope of the EULA than end users agree to anyway.
Document ID: c01372284
Version: 1
HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-003 to MS08-013
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-02-20
Last Updated: 2008-02-20
Potential Security Impact: Please check the table below
Document ID: c01372284
Version: 1
HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-003 to MS08-013
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-02-20
Last Updated: 2008-02-20
Potential Security Impact: Please check the table below
Core Security Technologies – CoreLabs Advisory
http://www.coresecurity.com/corelabs
Lotus Notes buffer overflow in the Lotus WorkSheet file processor
*Advisory Information*
Title: Lotus Notes buffer overflow in the Lotus WorkSheet file processor
Advisory ID: CORE-2007-0821
Advisory URL: http://www.coresecurity.com/index.php5?action=item&id=2008
Date published: 2007-11-27
Date of last update: 2007-11-27
Document ID: c01506861
Version: 5
HPSBUX02351 SSRT080058 rev.5 - HP-UX Running BIND, Remote DNS Cache Poisoning
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-16
Last Updated: 2010-10-12
------------------------------------------------------------------------------
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02475053
Version: 1
HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-09-13
Last Updated: 2010-09-13
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02263226
Version: 1
HPSBUX02546 SSRT100159 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-09-15
Last Updated: 2010-09-15
Next Page>>
|
