Next Page >>
publishing
Utilizing a combination of connectivity options, ranging from SSL VPN
to Direct Access, as well as built in configurations and policies,
Forefront UAG provides centralized and easy management of your
organization's complete anywhere access offering.
Integrating a deep understanding of the applications published, the
state of health of the devices being used to gain access, and the
user's identity – Forefront UAG enforces granular access controls and
policies to deliver comprehensive remote access, ensure security, and
reduce management costs and complexity."
*Advisory Information*
Title: CitectSCADA ODBC service vulnerability
Advisory ID: CORE-2008-0125
Advisory URL: http://www.coresecurity.com/?action=item&id=2186
Date published: 2008-06-11
Date of last update: 2008-06-10
Vendors contacted: Citect
Release mode: Coordinated release
Title: Virtual PC Hypervisor Memory Protection Vulnerability
Advisory Id: CORE-2009-0803
Advisory URL:
http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug
Date published: 2010-03-16
Date of last update: 2010-03-16
Vendors contacted: Microsoft
Release mode: User release
Title: HP Openview NNM 7.53 Invalid DB Error Code vulnerability
Advisory Id: CORE-2009-0814
Advisory URL:
http://www.coresecurity.com/content/openview_nnm_internaldb_dos
Date published: 2009-11-17
Date of last update: 2009-11-17
Vendors contacted: HP
Release mode: Coordinated release
Phorum reacted after the reminder on May 8th. A fix was released on
May 22nd with credit.
Simplemachines reacted after a reminder on My 7th. The fix with
somewhat hidden credit
was published on May 20th; the issue was left unpatched in the
download packages.
Only the manual update instructions contained a correct solution.
After notifying
the vendor about the error, the packages were fixed; however, without
any visible
*Advisory Information*
Title: Multiple vulnerabilities in iCal
Advisory ID: CORE-2008-0126
Advisory URL: http://www.coresecurity.com/?action=item&id=2219
Date published: 2008-05-21
Date of last update: 2008-05-21
Vendors contacted: Apple Inc.
Release mode: Coordinated release
*Advisory Information*
Title: Multiple vulnerabilities in iCal
Advisory ID: CORE-2008-0126
Advisory URL: http://www.coresecurity.com/?action=item&id=2219
Date published: 2008-05-21
Date of last update: 2008-05-21
Vendors contacted: Apple Inc.
Release mode: Coordinated release
Title: Windows SMTP Service DNS query Id vulnerabilities
Advisory Id: CORE-2010-0427
Advisory URL:
[http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs]
Date published: 2010-05-04
Date of last update: 2010-05-04
Vendors contacted: Microsoft
Release mode: User release
1. *Advisory Information*
Title: HP OpenView Buffer Overflows
Advisory ID: CORE-2009-0122
Advisory URL: http://www.coresecurity.com/content/openview-buffer-overflows
Date published: 2009-03-23
Date of last update: 2009-03-23
Vendors contacted: Hewlett-Packard
Release mode: Coordinated release
vulnerabilities
Advisory Id: CORE-2009-0625
Advisory URL:
http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag
Date published: 2010-02-03
Date of last update: 2010-02-03
Vendors contacted: Microsoft
Release mode: User release
2. *Vulnerability Information*
2009.12.21: Changed release date to 2009.12.24.
2009.12.23: Asked for a list of affected products for the corporate
suites which was not part of the previously provides list.
[No response]
2010.01.04: Ask for a status update, because there is no advisory
published and i didn't got a response to my last mail.
2010.01.05: Panda send me the Link to there advisory (Home User
Products)
2010.01.05: Asked if the corporate products are patched.
[No response]
2010.01.07: Informed Panda, that i will release the Advisory on
About:
Easy File Sharing Web Server is an extremely popular web-based file sharing application that has been in use for years.
It is a fast, easy to use commercial, standalone "all-in-one" file-sharing web server.
Customers use a built-in interface to point to files they wish to publish via a menu-driven web application (typically full drives or directories). Files can be shared anonymously, or via EFSWS's built-in user management. EFSWS has built-in SSL encryption to prevent logons from being sent in the clear (as well as all other access). Users log in, and are presented with a menu of files that have been published and that are made available for download.
EFSWS uses the MGH Software "myDB" database plug-in to store db information such as file location, user information (password in the clear), files, forum information, etc. A free db parser is available at:
http://www.mghsoft.com/
Please see vendor site and db engine site for more details.
About:
Easy File Sharing Web Server is an extremely popular web-based file sharing application that has been in use for years.
It is a fast, easy to use commercial, standalone "all-in-one" file-sharing web server.
Customers use a built-in interface to point to files they wish to publish via a menu-driven web application (typically full drives or directories). Files can be shared anonymously, or via EFSWS's built-in user management. EFSWS has built-in SSL encryption to prevent logons from being sent in the clear (as well as all other access). Users log in, and are presented with a menu of files that have been published and that are made available for download.
EFSWS uses the MGH Software "myDB" database plug-in to store db information such as file location, user information (password in the clear), files, forum information, etc. A free db parser is available at:
http://www.mghsoft.com/
Please see vendor site and db engine site for more details.
discounts the issue, implying that it may be difficult to exploit and that
following best practices to secure the server systems would prevent this from
being exploited. They have provided a brief document
to this effect, unfortunately they also tagged it as confidential and I cannot
release it. The vendor said they will release it when this information is
published.
With the addition of the Kaminsky attack, this is just another reason why you
must be sure your DNS is update to date, and be proactive as new protection
mechanisms come out for DNS.
*Advisory Information*
Title: Wonderware SuiteLink Denial of Service vulnerability
Advisory ID: CORE-2008-0129
Advisory URL: http://www.coresecurity.com/?action=item&id=2187
Date published: 2008-05-05
Date of last update: 2008-05-05
Vendors contacted: Wonderware
Release mode: Coordinated release
Dear all,
the deadline for the submission of papers to IMF 2011 has been extended.
Accepted papers will be published in IEEE Computer Society's Conference
Proceedings Series and be available in the IEEE online Digital Library.
Please excuse possible cross-postings.
> WordPress cformsII Plugin "rs" Cross-Site Scripting Vulnerability
> - Secunia.com http://secunia.com/advisories/47984/
>
> You might see this is a normal XSS vulnerability, but this isn't.
>
> Because EXPLOIT CODE IS PUBLISHED AS 0-DAY ON Oct 30, 2010 in this
> list!
>
> Are you puzzled?
>
> Actually, the above vulnerability is the same with CVE-2010-3977,
Trustwave's SpiderLabs Security Advisory TWSL2012-003:
Cross-Site Scripting Vulnerability in Movable Type Publishing Platform
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt
Published: 2012-02-24
Version: 1.0
Vendor: Six Apart (http://movabletype.org/)
Product: Movable Type
Version affected: Versions prior to 5.13, 5.07, and 4.38
Title: Novell iManager Multiple Vulnerabilities
Advisory Id: CORE-2010-0316
Advisory URL:
[http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities]
Date published: 2010-06-23
Date of last update: 2010-06-23
Vendors contacted: Novell
Release mode: User release
Title: WordPress Privileges Unchecked in admin.php and Multiple
Information Disclosures
Advisory ID: CORE-2009-0515
Advisory URL:
http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
Date published: 2009-07-08
Date of last update: 2009-07-08
Vendors contacted: WordPress
Release mode: Coordinated release
1. *Advisory Information*
Title: Real Helix DNA RTSP and SETUP request handler vulnerabilities
Advisory ID: CORE-2009-0227
Advisory URL: http://www.coresecurity.com/content/real-helix-dna
Date published: 2009-07-17
Date of last update: 2009-07-17
Vendors contacted: RealNetworks
Release mode: Forced release
Papers
======
Accepted speakers can optionally hand in a paper which will be
published with an ISBN in the 26C3 Proceedings. Papers will be
accepted in Portable Document Format (PDF) only and should be around
5-10 pages. The PDF file must not be password-protected or contain
other restrictions. Paper size should be DIN A4 (297x210mm) in
portrait orientation. All margins must be set to at least 2 cm (0.78
inches). Pictures should be high-contrasted, greyscaled and up to
1. *Advisory Information*
Title: Internet Explorer Security Zone restrictions bypass
Advisory ID: CORE-2008-0826
Advisory URL: http://www.coresecurity.com/content/ie-security-zone-bypass
Date published: 2009-06-09
Date of last update: 2009-06-09
Vendors contacted: Microsoft
Release mode: Coordinated release
Dear all,
the deadline for the submission of papers has been extended.
Accepted papers will be published in IEEE Computer Society's Conference
Proceedings Series and be available in the IEEE online Digital Library.
Please excuse possible cross-postings.
========================================================================
RAID 2009 invites two types of submissions:
1. Full papers presenting mature research results or summarizing
operational experience protecting or monitoring large real-world
networks. Papers can be 10-20 pages long and, if accepted, they will
be presented and included in the RAID 2009 proceedings published by
Springer Verlag in its Lecture Notes in Computer Science
(http://www.springer.de/comp/lncs/index.html) series. Papers must be
formatted according to the instructions provided by Springer Verlag
(http://www.springer.de/comp/lncs/authors.html), and include an
abstract and a list of keywords.
RAID 2009 invites two types of submissions:
1. Full papers presenting mature research results or summarizing
operational experience protecting or monitoring large real-world
networks. Papers can be 10-20 pages long and, if accepted, they will
be presented and included in the RAID 2009 proceedings published by
Springer Verlag in its Lecture Notes in Computer Science
(http://www.springer.de/comp/lncs/index.html) series. Papers must be
formatted according to the instructions provided by Springer Verlag
(http://www.springer.de/comp/lncs/authors.html), and include an
abstract and a list of keywords.
Title: Openfire multiple vulnerabilities
Advisory ID: CORE-2008-1128
Advisory URL:
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
Date published: 2009-01-08
Date of last update: 2009-01-07
Vendors contacted: Jive Software
Release mode: Coordinated release
Papers
======
Accepted speakers can optionally hand in a paper which will be
published with
an ISBN in the 25C3 Proceedings. Papers will be accepted in Portable
Document
Format (PDF) only and should be around 5 pages. The PDF file must not be
password-protected or contain other restrictions. Paper size should be
DIN A4
*Advisory Information*
Title: NASA BigView Stack Buffer Overflow
Advisory ID: CORE-2008-0425
Advisory URL: http://www.coresecurity.com/?action=item&id=2304
Date published: 2008-06-04
Date of last update: 2008-06-03
Vendors contacted: NASA Ames Research Center
Release mode: Coordinated release
*Advisory Information*
Title: Borland Interbase 2007 Integer Overflow
Advisory ID: CORE-2008-0415
Advisory URL: http://www.coresecurity.com/?action=item&id=2278
Date published: 2008-05-20
Date of last update: 2008-05-20
Vendors contacted: Borland
Release mode: Coordinated release
Next Page>>
|
