The Breakpoint 2013 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia October 24th through the 25th, 2013. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organized by the Ruxcon team and offers a specialized security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research.
08009c8fd4e78f803da53c08c7dd02afd1898a3a6d3b8189d616f027359c0912The Lotus Notes mail client accepts applet tags inside HTML emails, making it possible to load Java applets from a remote location. Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email.
72507df8ce813a6baed8ae1404ff3467f4a3d09f17024073ea1c0b531c0f08c6HP Security Bulletin HPSBMU02872 SSRT101185 - Potential security vulnerabilities have been identified with HP Service Manager Web Tier running on Windows. Service Manager Web Tier is vulnerable to remote disclosure of information and cross site scripting (XSS). Revision 1 of this advisory.
cd6d67bc13e7d8b16182f157bf80b7b5c828bddb5dc432ce8035df4768b5b42aSyslog Watcher Pro version 2.8.0.812 suffers from a cross site scripting vulnerability in the date parameter.
915406c2f87f0049bb8834fe22f3c1981d4e58f7034f1ecd7f678170203cf3dbWowzaMediaServer allows for direct getting and setting of properties which in turn can enable an attacker the ability to mount further attacks.
02061d65ffca3d12c102fcd83b76a8c46f938d8fefea6e170cb8ce387b7c0c9dWowzaMediaServer suffers from a bypass vulnerability that allows for accessing of files outside of the allowed StorageDir directory.
f4564e946705fc60d5c17b51bebbe0c644dbb60355ce85b64a936c75bbf48ae6CA Technologies support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.
64660f12f6dffd5ead18f692e26e016ebc3bd54a5bb79b9a73ea69407b74de6fHP Security Bulletin HPSBMU02874 SSRT101184 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 1 of this advisory.
6b8f577467e6e64a94ac9f1285bd24a8e75470238726cda299c3e72a719a8194Personal File Share HTTP server suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.
35ab66e9b48e819eccea9de3c3b1264a3321487f6247141d750c465f46ab2f37HP Security Bulletin HPSBMU02873 SSRT101182 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Apache Tomcat environment has been updated to correct these issues. Revision 1 of this advisory.
3a9a3d4a425cbd20923f80d24ed414a8a63ec3c97cce49d888efcf082ada17c7FreeBSD Security Advisory - When processing READDIR requests, the NFS server does not check that it is in fact operating on a directory node. An attacker can use a specially modified NFS client to submit a READDIR request on a file, causing the underlying filesystem to interpret that file as a directory.
bdaaa4f57ae7233f6c31b6eae202bb3c0468403f3d7945ce9f1166ffc3299396Mandriva Linux Security Advisory 2013-159 - ClamAV 0.97.8 addresses several reported potential security bugs.
68cc0cc22a4ed195526f56899d1de26e093221267702011cafeb39641c3d6282Debian Linux Security Advisory 2665-1 - Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution.
65b00d442f413e485656ff7783722662383ea7e9970c5242dd8e466594e29bcdMandriva Linux Security Advisory 2013-158 - The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. The updated packages have been patched to correct this issue.
39cd223b2070c1e9da32d7df478ea030fc5680a222d44d15d868e6a8e52a7efaMandriva Linux Security Advisory 2013-157 - The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center in MIT Kerberos 5 before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. The updated packages have been patched to correct these issues.
199f5a10f9c3952ec28914507f3f5a6dc8411e3c44dfd7e08218fe1c6eb08789
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed