Next Page >>
security vulnerability
appropriate
operating system from the section HomeBase 6.2 SP3. This includes
Security
Vulnerability HB6042
. HomeBase Server 6.3.2. Download the binaries for the
appropriate
operating system from the section HomeBase 6.3 SP2. This includes
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention
Advisories
Updated April 25, 2011
Summary:
Hi Mustlive,
I'm not sure if there's a need to discuss or clarify this any further.
Please refer to my earlier posts, and for the sake of saving some of our
time & efforts, avoid drawing tangents about scripts and noscripts (I've
clarified both earlier) & weasel words (security vulnerability and nntp
exploit - irrelevent in this case).
JS or no-JS, this issue is nothing new, this behavior is well-defined and a
necessity and definitely not a URI (of any kind) exploit or a security
vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
*Security Vulnerability in CLR stored procedure deployment from IBM
Database Add-Ins for Visual Studio*
September 15th 2008
Risk Level:
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080516.1
___________________________________________________________________
Name: Altiris Deployment Solution - SQL Injection
Released: 16 May 2008
Vendor Link:
http://www.altiris.com/
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-081020.1
___________________________________________________________________
Name: Altiris Deployment Server Agent - Privilege Escalation
Released: 20 October 2008
Vendor Link:
http://www.altiris.com/
-- Vulnerability report timeline:
2010-08-21: Taddong tries to report the vulnerability to HTC through the standard channels (web, e-mail...) without success.
2010-08-23: Taddong contacts other security researchers (Thanks Alberto!) previously involved in reporting vulnerabilities to HTC in order to identify a valid contact or notification channel to let HTC know about the issue.
2010-08-25: Taddong spends around a week trying to identify a secure channel to report the issue to HTC, without any success. Please, read "The Seven Deadly Sins of Security Vulnerability Reporting"!! [1]
2010-09-03: Taddong finally decides to notify HTC about the vulnerability through the only available (but insecure) web channel and sends a brief technical report.
2010-09-04: HTC confirms they "...will investigate (the issue) and get back to us as soon as they get a reply."
2010-09-19: Taddong contacts HTC again (after 15 days) emphasizing this is a serious issue that requires immediate action, as Twitter credentials are directly exposed. Taddong tried to get an estimated date when an update would be available in order to proceed to publicly and responsibly disclose the vulnerability.
2010-09-20: HTC replies and they "...apologize for the inconvenience and the delay. The case is being investigated and they will get back to us as soon as they get a reply."
2010-10-03: Taddong contacts HTC again (one month since the initial notification) in order to gather specific details, such as an official confirmation of the vulnerability and an estimated fix release date, trying to coordinate the publication of the associated advisory.
Affected products:
EMC Data Protection Advisor Collector for Solaris SPARC 5.7 earlier than Build 5833
EMC Data Protection Advisor Collector for Solaris SPARC 5.7.1 earlier than Build 5833
Vulnerability Summary:
EMC Data Protection Advisor Collector for Solaris SPARC contains potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system.
Vulnerability Details:
Unspecified files in EMC Data Protection Advisor Collector for Solaris SPARC contain incorrect permissions. This can be potentially exploited in certain conditions by an authenticated user to execute malicious code in the context of privileged user on the affected system.
Problem Resolution:
Sun Java System Access Manager 7.1
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1
[Summary]
A Security Vulnerability in Sun Java System Access Manager and Identity
Manager allow a Remote Unprivileged User to Determine the existence of
"guessed" UserID facilitating brute-force attacks.
[Proof of Concept]
8. *Report Timeline*
. 2009-12-02:
Being unable to find a security contact on Corel website, Core Security
Technologies requests CERT/CC for assistance in contacting Corel to
report a security vulnerability.
. 2009-12-02:
CERT/CC informs Core that it will attempt to contact Corel.
. 2009-12-22:
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
Security vulnerability was founded in sap EPS_DELETE_FILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack.
Digital Security Research Group [DSecRG] Advisory (Internal #DSECRG-00195)
Application: SAP NetWeaver ABAP
Versions Affected: SAP NetWeaver ABAP
Vendor URL: www.sap.com
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- - - --------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
##################################################################
#
# [1]-Cross Site Scripting
#
# Vulnerability Description:
# Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code #injection by malicious web users into the web pages viewed by other users.
#
# Affected items:
# http://127.0.0.1/community/thread.php?start=[XSS]
# http://127.0.0.1/community/thread.php?forum=[XSS]
# http://127.0.0.1/community/thread.php?cat=[XSS]
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
Updated October 28, 2011
Summary:
RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.
Appliance user session is not terminated properly after logout using Firefox 4 and 5 (CVE-2011-2740).
Read the corresponding RSA Key Manager Appliance 2.7.1.6 release notes for the details of resolved issues.
Consulting Services Advisory PGP Key:
http://www.symantec.com/research/Symantec_Consulting_Services_Advisories_PGP.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability reporting and response:
http://www.symantec.com/security/
Updated January 25, 2012
Summary:
RSA, The Security Division of EMC, announces security fixes to address a security vulnerability and provide an enhancement in RSA enVision®.
Affected Products:
3. *Vulnerability Description*
XnView [1] is prone to a security vulnerability when processing MBM
files. This vulnerability could be exploited by a remote attacker to
execute arbitrary code on the target machine, by enticing the user of
XnView to open a specially crafted file.
EMC SW: EMC NetWorker 7.5.x
EMC SW: EMC NetWorker 7.6.x
Vulnerability Summary:
EMC NetWorker contains a potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system.
ulnerability Details:
Unspecified file in EMC NetWorker contains incorrect permissions. This can potentially be exploited in certain conditions by an authenticated user to execute malicious code in the context of privileged user on the affected system. The vulnerability only exists for environments that are utilizing client push.
9. *Report Timeline*
. 2010-11-24:
Core Security Technologies contacts IBM, requesting the proper point of
contact to report a security vulnerability in IBM WebSphere Application
Server.
. 2010-11-29:
Vendor responds providing the point of contact to report the
vulnerability, and its PGP key to encrypt communications.
Consulting Services Advisory PGP Key:
http://www.symantec.com/research/Symantec_Consulting_Services_Advisories_PGP.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
the database.
Vendor Response:
There is a security vulnerability in Beehive Forum that could
allow for user logon and password MD5 hash disclosure.
This vulnerability has been fixed in the latest release of the
product, Beehive Forum 0.8. It is recommend all users immediately
obtain the newest version of Beehive Forum to protect against
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-009 (revised): RSA, The Security Division of EMC, announces new fix for potential security vulnerability in RSA® Access Manager Server.
Advisories
Updated June 2, 2011
Summary:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA® Access Manager Server.
Summary:
RSA Access Manager Server contains a potential vulnerability that could be exploited by malicious people to gain unauthorized access to protected resources.
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080709.1
___________________________________________________________________
Name: Microsoft SQL Server - Corrupt Backup File Heap Overflow
Released: 09 July 2008
Vendor Link:
http://www.microsoft.com/sql/default.mspx
with a single packet if appropiate network filtering is not in place.
Vendor Response:
There is a security vulnerability that could allow for Denial of
Service (DoS) by sending a specifically crafted TCP/IP packet to the
mobile device. However most attempts to exploit this vulnerability
would result in a Denial of Service Condition on the networking
capabilities of the device.
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080516.2
___________________________________________________________________
Name: Altiris Deployment Solution - Domain Account Disclosure
Released: 16 May 2008
Vendor Link:
http://www.altiris.com/
__________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-080910.1
___________________________________________________________________
Name: MS Office OneNote URL Handling Vulnerability
Released: 10 September 2008
Vendor Link:
http://http://office.microsoft.com/onenote
Next Page>>
|
