Next Page >>
security vulnerabilities
DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple
Security Vulnerabilities
Advisory ID: DC-2012-11-002
Advisory Title: BugTracker.Net Multiple Security Vulnerabilities
Advisory URL:
http://www.defensecode.com/article/bugtracker.net_multiple_security_vulnerabilities-31
Software: BugTracker.Net
due no later than 1ST SEPTEMBER 2012.
Topics of interest include, but are not limited to the following:
Next Generation Attacks and Exploits
Windows 7 / Windows 8 Security Vulnerabilities
Apple / OS X / iOS Security Vulnerabilities
SS7/GSM/PSTN Telephony Networks
SIP / VoIP Security
HSDPA / CDMA Security / WIMAX Security / LTE Security
Physical Security / Locks / Safes
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities
Advisory ID: cisco-sa-20111019-sns
Revision 1.0
For Public Release 2011 October 19 16:00 UTC (GMT)
. 2010-01-12:
Technical details sent to Cherokee and Mongoose teams by Core.
. 2010-01-12:
Cherokee team notifies Core that the issues have been evaluated and
considered security vulnerabilities. Cherokee team also informs us that
they are not currently shipping Windows binaries because they are aware
of all this sort of issues. The Windows port has not received much
attention for the last few years and it is far from being ready for
production. Cherokee team also states that they will link Core advisory
from their bug-tracker as soon as it is published. Currently the Windows
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
Cisco PSIRT greatly appreciates the opportunity to work with
researchers on security vulnerabilities and welcomes the opportunity
to review and assist in product reports. We would like to thank
VoIPshield for working with us towards the goal of keeping Cisco
networks and the Internet, as a whole, secure.
Status of this Notice: FINAL
The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and
Jeff Jarmoc from SecureWorks.
The Cisco PSIRT greatly appreciates the opportunity to work with
researchers on security vulnerabilities, and welcomes the opportunity to
review and assist in product reports.
All other vulnerabilities were found during internal testing and during
the resolution of customer service requests.
The RADIUS shared secret and a valid known Network Access Server
(NAS) IP address must be known to carry out this exploit.
The Cisco PSIRT team greatly appreciates the opportunity to work with
researchers on security vulnerabilities, and we welcome the
opportunity to review and assist in product reports. We thank Laurent
Butti and Gabriel Campana of Orange Labs / France Telecom Group for
reporting this vulnerability to Cisco PSIRT.
Software patches are available for customers with support contracts
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco by the National Australia
Bank's Security Assurance team. Cisco PSIRT appreciates the opportunity
to work with researchers on security vulnerabilities and welcomes the
opportunity to review and assist in product reports.
Status of this Notice: FINAL
============================
This vulnerability was reported to Cisco by Dave Lewis from
Liquidmatrix.org.
Cisco PSIRT greatly appreciates the opportunity to work with
researchers on security vulnerabilities, and we welcome the
opportunity to review and assist in product reports.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
Vendor: MS07-051
10. About Assurent VRS
Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs, and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats including worm & virus outbreaks and high-risk spyware. The VRS and TPP services are real-time feeds providing subscribers with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers.
http://www.assurent.com/
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Your submission will be reviewed by The HITB CFP Review Committee which
includes:
MULTI SECURITY VULNERABILITIES IN MVNFORUM
1. General Information
mvnForum is software used for creating forums on the Internet
(http://www.mvnforum.com). This is an open source software making use of
Java J2EE (ISP/Servlet) technology.
On September 6 2008, SVRT-Bkis found several CSRF and XSS vulnerabilities in
some functions of mvnForum 1.2 GA. These are highly serious vulnerabilities
allowing hackers to perform privilege escalation attack on the Forum.
== Overview ==
CodeScan Labs (www.codescan.com), has recently released a new source
code scanning tool, CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code for security vulnerabilities.
CodeScan utilises an intelligent source code parsing engine, traversing
execution paths and tracking the flow of user supplied input.
During the ongoing testing of CodeScan ASP, Xoops was selected as one of
the test applications. We downloaded Xoops from the Xoops website
Interaction.
References:
"ProCheckUp - Security Vulnerabilities"
http://www.procheckup.com/Vulnerabilities.php
BEA's BEA08-186.00 advisory:
"Security Advisories and Notifications"
Applications of Cryptographic Techniques
Side Channel Analysis of Hardware Devices
Analysis of Malicious Code / Viruses / Malware
Data Recovery, Forensics and Incident Response
Hardware based attacks and reverse engineering
Windows / Linux / OS X / *NIX Security Vulnerabilities
Next Generation Exploit and Exploit Mitigation Techniques
NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each accepted submission will entitle the speaker / speakers to
accommodation for 3 nights / 4 days and travel expense reimbursement up
This vulnerability was reported to Cisco by Nico Leidecker and Tracey
Parry at Portcullis Computer Security Limited. Cisco PSIRT would like
to thank these two individuals for bringing this issue to our
attention and for working with PSIRT toward coordinated disclosure of
the issue. Cisco PSIRT greatly appreciates the opportunity to work
with researchers on security vulnerabilities and welcomes the
opportunity to review and assist in product reports.
Status of this Notice: FINAL
============================
~ CVE-2008-1340
- -------------------------------------------------------------------
1. Summary:
~ Several critical security vulnerabilities have been addressed
~ in the newest releases of VMware's hosted product line.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each non-resident speaker will receive accommodation for 3 nights / 4
days. For each non-resident speaker, HITB will cover travel expenses up
[1] SE-2012-01 Vendors status
http://www.securityexplorations.com/en/SE-2012-01-status.html
[2] About the security content of Java for OS X 2012-004 and Java for
Mac OS X 10.6 Update 9
http://support.apple.com/kb/HT5319
[3] SE-2012-01 Project, Security Vulnerabilities in Java SE
http://www.securityexplorations.com/en/SE-2012-01-press.html
informing the company about a discovered vulnerability. Along with the
notice, the company also received our Proof of Concept code.
More technical details regarding the discovered security vulnerability
in Apple Quicktime will be disclosed at the time of the publication of
the SE-2012-01 project (Security Vulnerabilities in Java SE).
Thank you.
Best Regards
Adam Gowdiak
---------------------------------------------
References:
[1] CVE-2013-1537 OpenJDK: remote code loading enabled by default
https://bugzilla.redhat.com/show_bug.cgi?id=952387
[2] "Security Vulnerabilities in Java SE", technical report
http://www.security-explorations.com/materials/se-2012-01-report.pdf
[3] Java SE 7 Update 21 Release and more
https://blogs.oracle.com/java/entry/java_se_7_update_21
[4] Oracle Secures Java with 41 Updates, Code Signing
== Overview ==
CodeScan Labs (http://www.codescan.com), has recently released a new source
code scanning tool, CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code for security vulnerabilities.
CodeScan utilises an intelligent source code parsing engine, traversing
execution paths and tracking the flow of user supplied input.
During the ongoing testing of CodeScan ASP, VP-ASP was selected as one of
the test applications. We downloaded a demo of VP-ASP from the VP-ASP
Applications of Cryptographic Techniques
Side Channel Analysis of Hardware Devices
Analysis of Malicious Code / Viruses / Malware
Data Recovery, Forensics and Incident Response
Hardware based attacks and reverse engineering
Windows / Linux / OS X / *NIX Security Vulnerabilities
Next Generation Exploit and Exploit Mitigation Techniques
NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Your submission will be reviewed by The HITB CFP Review Committee:
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0011
Synopsis: VMware Studio 2.1 addresses security vulnerabilities
in virtual appliances created with Studio 2.0.
Issue date: 2010-07-13
Updated on: 2010-07-13 (initial release of advisory)
CVE numbers: CVE-2010-2427 CVE-2010-2667
- ------------------------------------------------------------------------
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each non-resident speaker will receive accommodation for 3 nights / 4
days at the Krasnapolsky. For each non-resident speaker, HITB will cover
use of the vulnerability described in this advisory.
The privilege escalation and information leakage vulnerabilities were
reported to Cisco by the National Australia Bank's Security Assurance
team. Cisco PSIRT appreciates the opportunity to work with researchers
on security vulnerabilities and welcomes the opportunity to review and
assist in product reports.
The default credentials vulnerability was found during internal testing.
Status of this Notice: FINAL
Applications of Cryptographic Techniques
Side Channel Analysis of Hardware Devices
Analysis of Malicious Code / Viruses / Malware
Data Recovery, Forensics and Incident Response
Hardware based attacks and reverse engineering
Windows / Linux / OS X / *NIX Security Vulnerabilities
Next Generation Exploit and Exploit Mitigation Techniques
NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Your submission will be reviewed by The HITB CFP Review Committee:
Applications of Cryptographic Techniques
Side Channel Analysis of Hardware Devices
Analysis of Malicious Code / Viruses / Malware
Data Recovery, Forensics and Incident Response
Hardware based attacks and reverse engineering
Windows / Linux / OS X / *NIX Security Vulnerabilities
Next Generation Exploit and Exploit Mitigation Techniques
NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
WHITE PAPER: If your presentation is short listed for inclusion into the
conference program, a technical white paper must also be provided for
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0012
Synopsis: VMware vCenter Update Manager fix for Jetty Web
server addresses important security vulnerabilities
Issue date: 2010-07-19
Updated on: 2010-07-19 (initial release of advisory)
CVE numbers: CVE-2009-1523 CVE-2009-1524
- ------------------------------------------------------------------------
use of the vulnerabilities described in this advisory.
The directory traversal and SQL injection vulnerabilities were
discovered and reported to Cisco by Gabriele Giuseppini from Cigital.
Cisco PSIRT appreciates the opportunity to work with researchers on
security vulnerabilities and welcomes the opportunity to review and
assist in product reports. The DoS vulnerability was found during
internal testing.
Status of this Notice: FINAL
============================
Next Page>>
|
