Vuln: Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
URL: http://www.securityfocus.com/bid/35631
If it’s about security, you heard it here first
Vuln: Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
URL: http://www.securityfocus.com/bid/35631
BASE – 3 Persistent Cross Site Scripting Vulnerabilities
Posted by Jabra on May 30
BASE, a well known Snort Frontend has 3 Persistent Cross Site Scripting Vulnerabilities.
For those who don’t know, Cross-Site Scripting allows the attacker to inject Javascript to modify the functionality of the webpages. Since this vulnerability exists in [...]
Embedded Devices: An Avenue for Cyberterrorism?, (Sat, May 30th)
There has been growing concern with the security of embedded devices as they continue to proliferate in several industries. This is caused by a confluence of several issues that makes for a difficult problem to solve.
First, these devices more and more rely on commodity operating [...]
Bugtraq: Re: [InterN0T] Achievo 1.3.4 – XSS Vulnerability
Re: [InterN0T] Achievo 1.3.4 – XSS Vulnerability
URL: http://www.securityfocus.com/archive/1/503920
SonicWALL SSL-VPN Appliance Format String Vulnerability
<!– Envelope-to: email@address Delivery-date: Fri, 29 May 2009 19:43:06 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1MA72n-0005qs-Te for email@address; Fri, 29 May 2009 19:43:06 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id B755D14408F; Fri, 29 May 2009 11:35:15 -0600 (MDT) [...]
Bugtraq: SonicWALL SSL-VPN Appliance Format String Vulnerability
SonicWALL SSL-VPN Appliance Format String Vulnerability
URL: http://www.securityfocus.com/archive/1/503913
VMware fixes security bugs
VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in Windows-based [...]
VMWare Patches Released, (Fri, May 29th)
Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities: 1. VMWare Descheduled Time Accounting driver: The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable [...]
Blackberry Server Vulnerability, (Fri, May 29th)
For all of you running around with a Blackberry, be careful of opening .pdf files. A vulnerability announced on Tuesday allows for specially crafted .pdf files when opened on your blackberry to potentially cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry [...]
Microsoft DirectShow Remote Code Execution Vulnerability
Summary:
Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in Microsoft DirectX (DirectShow) through a specially crafted QuickTime media file.
Impact:
Remote Code Execution.
Affected Software:
DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
DirectX 8.1 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0 on Windows [...]
Vuln: Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability
Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability
URL: http://www.securityfocus.com/bid/35148
Vuln: SonicWALL SSL-VPN ‘cgi-bin/welcome/VirtualOffice’ Remote Format String Vulnerability
SonicWALL SSL-VPN ‘cgi-bin/welcome/VirtualOffice’ Remote Format String Vulnerability
URL: http://www.securityfocus.com/bid/35145
Vuln: Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability
Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability
URL: http://www.securityfocus.com/bid/25957
Vuln: Libpng Library ‘png_push_read_zTXt()’ Off-By-One Denial of Service Vulnerability
Libpng Library ‘png_push_read_zTXt()’ Off-By-One Denial of Service Vulnerability
URL: http://www.securityfocus.com/bid/31049
Microsoft DirectShow vulnerability, (Thu, May 28th)
Microsoft have recently announced aMicrosoft DirectShow vulnerability via an advisory and multiple blog entries. The advisory indicates that Microsoft are investigating public reports of a vulnerability within the DirectShow element of DirectX – CVE-2009- 1537 has been allocated to this vulnerability. Microsoft have published quite a detailed set of actions [...]