If it’s about security, you heard it here first
VMware fixes security bugs
VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in Windows-based [...]
VMWare Patches Released, (Fri, May 29th)
Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities: 1. VMWare Descheduled Time Accounting driver: The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable [...]
Blackberry Server Vulnerability, (Fri, May 29th)
For all of you running around with a Blackberry, be careful of opening .pdf files. A vulnerability announced on Tuesday allows for specially crafted .pdf files when opened on your blackberry to potentially cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry [...]
New Windows zero-day
Microsoft on Thursday issued a security advisory for a new vulnerability in DirectX, used on Windows to enable graphics and sound, that could enable a remote hacker to execute arbitrary code if users open specially crafted QuickTime files. Microsoft said that it was aware of active attacks using exploit code for the vulnerability. [...]
[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code
<!– Envelope-to: email@address Delivery-date: Wed, 27 May 2009 20:19:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9Oew-0006Yj-QS for email@address; Wed, 27 May 2009 20:19:30 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 9BD6F236FF8; Wed, 27 May [...]
[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code
Posted by Alex Legler on May 27
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux [...]
BlackBerry patches PDF flaws
Research In Motion on Tuesday issued a security software update to address multiple vulnerabilities that exist in the PDF Distiller of the BlackBerry Attachment Service component in BlackBerry Enterprise Server. Because of these vulnerabilities, an attacker could create a malicious PDF file, which when opened on a BlackBerry smartphone, could corrupt memory [...]
[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution
<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:47:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8dKl-0000wJ-NC for email@address; Mon, 25 May 2009 17:47:31 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id C8835144259; Mon, 25 May [...]
[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code
<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:03:17 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8cdx-0000Fq-BQ for email@address; Mon, 25 May 2009 17:03:17 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 73F8314425B; Mon, 25 May [...]
[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code
Posted by Pierre-Yves Rofes on May 24
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux [...]
[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution
Posted by Moritz Muehlenhoff on May 24
———————————————————————— Debian Security Advisory DSA-1806-1 security_at_debian.org www.debian.org/security/ [...]
CVE-2009-1759 (dtorrent, ctorrent)
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1759
Bugtraq: [security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
[security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
URL: http://www.securityfocus.com/archive/1/503429
[security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
<!– Envelope-to: email@address Delivery-date: Mon, 11 May 2009 21:12:43 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M3brf-0003tO-Hk for email@address; Mon, 11 May 2009 21:12:43 +0100 Received: from lists2.securityfocus.com [...]
Bugtraq: [SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution
[SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution
URL: http://www.securityfocus.com/archive/1/503397
Threat Expert