Next Page >>
stored
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01633084
Version: 1
HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-04-20
Last Updated: 2009-04-20
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01362558
Version: 2
HPSBST02312 SSRT071428 rev.2 - HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-06-02
Last Updated: 2008-06-04
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01316132
Version: 1
HPSBST02302 SSRT071474 rev.1 - HP Storage Essentials SRM, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-02-05
Last Updated: 2008-02-05
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01460710
Version: 1
HPSBST02336 SSRT080071 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-026 to MS08-029
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-05-19
Last Updated: 2008-05-19
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01632189
Version: 1
HPSBST02394 SSRT080183 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-070 to MS08-077
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-12-17
Last Updated: 2008-12-17
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01579861
Version: 1
HPSBST02379 SSRT080143 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-056 to MS08-066
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-10-20
Last Updated: 2008-10-20
Application: mChek 3.4 by http://www.mchek.com/
Platform: Symbian OS 9.1, Series 60 v3.0. Other mobile platforms might behave in same way.
Severity: Low
Details:
mChek is an E-commerce application which allows users to store multiple credit/debit cards in the phone and use them when required. mChek (Version 3.4) application stores multiple Credit Card numbers and corresponding bank account information to phone storage without protection. It also provides a feature to Link Bank Accounts to this application. mChek application writes all this information to a file on the phone file system. Upon inspection, it was observed that credit card number and corresponding bank name was written in cleartext to mobile phone storage. It was also observed that after a credit card is deleted from mCheck’s user interface, the credit card number continues to exist in the phone file system. If the phone is lost/stolen or any other phone user is able to read phone’s file system, the stored credit/debit card numbers and Bank name can be compromised.
Vendor Response:
mChek Version 3.4 is an older version of the product. The current version is 3.8. In this version, cardnumber, bankname and phonenumber are not stored in clear text and using encrypted storage. When the credit card information is deleted by the user, it’s deleted from the application DB as well but the behavior is not same in all phone make and models. We are providing enough protection to the sensitive data stored and the security is not dependent on the user ability to read the file system of the phone.
Having said that, even in Version 3.4, only creditcard number and bank name were stored as cleartext. The risk was very low as it is not possible to make a transaction with cardnumber alone. All other sensitive data like exp date for example are encrypted and stored and encryption key never stored in mobile phone and making the information very secure.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01560892
Version: 1
HPSBST02372 SSRT080133 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-052 to MS08-055
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-09-24
Last Updated: 2008-09-24
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01482941
Version: 1
HPSBST02344 SSRT080087 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-06-17
Last Updated: 2008-06-17
this purpose is described in Microsoft's Knowledgebase article titled
MIME Type Detection in Internet Explorer [4] and implemented in the
function 'FindMimeFromData' in 'URLMON.DLL'[5].
In the following section, proof of concept code is provided to
demonstrate the problem using the local storage used by Internet
Explorer to store the user's browsing history to deliver HTML with
scripting code and force IE to render it. This analysis is valid for any
Windows NT based operating system but should be slightly modified to run
under Windows Vista. It takes advantage of the following features:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01433452
Version: 1
HPSBST02329 SSRT080048 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-018 to MS08-025
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-04-15
Last Updated: 2008-04-15
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01503743
Version: 1
HPSBST02350 SSRT080102 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-037 to MS08-040
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-14
Last Updated: 2008-07-14
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01530663
Version: 1
HPSBST02360 SSRT080117 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-041 to MS08-051
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-08-18
Last Updated: 2008-08-18
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01606691
Version: 1
HPSBST02386 SSRT080164 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-067 to MS08-069
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-11-17
Last Updated: 2008-11-17
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01634640
Version: 1
HPSBST02397 SSRT080187 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-078
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-12-22
Last Updated: 2008-12-22
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01399555
Version: 1
HPSBST02320 SSRT080028 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-014 to MS08-017
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-03-17
Last Updated: 2008-03-17
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01372284
Version: 1
HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-003 to MS08-013
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-02-20
Last Updated: 2008-02-20
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01372284
Version: 1
HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-003 to MS08-013
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-02-20
Last Updated: 2008-02-20
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01325239
Version: 1
HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-01-14
Last Updated: 2008-01-14
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01302412
Version: 1
HPSBST02299 SSRT071506 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-063 to MS07-069
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-12-17
Last Updated: 2007-12-17
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01287209
Version: 1
HPSBST02291 SSRT071498 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-061 and MS07-062
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-11-21
Last Updated: 2007-11-21
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01208742
Version: 1
HPSBST02280 SSRT071480 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-055 to MS07-060
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-15
Last Updated: 2007-10-15
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01172326
Version: 1
HPSBST02260 SSRT071471 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-051 to MS07-054
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-09-17
Last Updated: 2007-09-17
SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01143196
Version: 1
HPSBST02255 SSRT071456 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-042 to MS07-050
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-08-20
Last Updated: 2007-08-20
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02056045
Version: 1
HPSBST02536 SSRT100057 rev.1 - HP StorageWorks Storage Mirroring, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-02
Last Updated: 2010-06-02
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01390402
Version: 1
HPSBST02318 SSRT080018 rev.1 - HP Storage Essentials Software, Remote Unauthorized Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-04-08
Last Updated: 2008-04-08
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02056045
Version: 2
HPSBST02536 SSRT100057 rev.2 - HP StorageWorks Storage Mirroring, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-02
Last Updated: 2010-08-17
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02056045
Version: 3
HPSBST02536 SSRT100057 rev.3 - HP StorageWorks Storage Mirroring, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-02
Last Updated: 2010-08-23
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frameworks to
store the state of HTML GUI controls. View states are
typically stored in hidden client-side input fields,
although server-side storage is widely supported.
The affected vendors generally recommend that client-side
view states are cryptographically signed and/or encrypted,
but specific exploits have not been previously documented.
These vulnerabilities show that unsigned client-side view
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frameworks to
store the state of HTML GUI controls. View states are
typically stored in hidden client-side input fields,
although server-side storage is widely supported.
The affected vendors generally recommend that client-side
view states are cryptographically signed and/or encrypted,
but specific exploits have not been previously documented.
These vulnerabilities show that unsigned client-side view
Next Page>>
|
