Embedded Devices: An Avenue for Cyberterrorism?, (Sat, May 30th) There has been growing concern with the security of embedded devices as they continue to proliferate in several industries. This is caused by a confluence of several issues that makes for a difficult problem to solve. First, these devices more and more rely on commodity operating [...]
Posts Tagged ‘Vulnerability’
[InterN0T] Achievo 1.3.4 – XSS Vulnerability
Bugtraq: Re: [InterN0T] Achievo 1.3.4 – XSS Vulnerability Re: [InterN0T] Achievo 1.3.4 – XSS Vulnerability URL: http://www.securityfocus.com/archive/1/503920
SonicWALL SSL-VPN Appliance Format String Vulnerability
SonicWALL SSL-VPN Appliance Format String Vulnerability <!– Envelope-to: email@address Delivery-date: Fri, 29 May 2009 19:43:06 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1MA72n-0005qs-Te for email@address; Fri, 29 May 2009 19:43:06 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id B755D14408F; Fri, 29 May 2009 11:35:15 -0600 [...]
SonicWALL SSL-VPN Appliance Format String Vulnerability
Bugtraq: SonicWALL SSL-VPN Appliance Format String Vulnerability SonicWALL SSL-VPN Appliance Format String Vulnerability URL: http://www.securityfocus.com/archive/1/503913
VMware fixes security bugs
VMware fixes security bugs VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in [...]
VMWare Patches Released, (Fri, May 29th)
VMWare Patches Released, (Fri, May 29th) Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities: 1. VMWare Descheduled Time Accounting driver: The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable [...]
Blackberry Server Vulnerability, (Fri, May 29th)
Blackberry Server Vulnerability, (Fri, May 29th) For all of you running around with a Blackberry, be careful of opening .pdf files. A vulnerability announced on Tuesday allows for specially crafted .pdf files when opened on your blackberry to potentially cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the [...]
Microsoft DirectShow Remote Code Execution Vulnerability
Microsoft DirectShow Remote Code Execution Vulnerability Summary: Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in Microsoft DirectX (DirectShow) through a specially crafted QuickTime media file. Impact: Remote Code Execution. Affected Software: DirectX 7.0 on Microsoft Windows 2000 Service Pack 4 DirectX 8.1 on Microsoft Windows 2000 Service Pack 4 DirectX 9.0 on Microsoft [...]
Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability
Vuln: Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability URL: http://www.securityfocus.com/bid/35148
SonicWALL SSL-VPN ‘cgi-bin/welcome/VirtualOffice’ Remote Format String Vulnerability
Vuln: SonicWALL SSL-VPN ‘cgi-bin/welcome/VirtualOffice’ Remote Format String Vulnerability SonicWALL SSL-VPN ‘cgi-bin/welcome/VirtualOffice’ Remote Format String Vulnerability URL: http://www.securityfocus.com/bid/35145
Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability
Vuln: Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability URL: http://www.securityfocus.com/bid/25957
Libpng Library ‘png_push_read_zTXt()’ Off-By-One Denial of Service Vulnerability
Vuln: Libpng Library ‘png_push_read_zTXt()’ Off-By-One Denial of Service Vulnerability Libpng Library ‘png_push_read_zTXt()’ Off-By-One Denial of Service Vulnerability URL: http://www.securityfocus.com/bid/31049
Microsoft DirectShow vulnerability, (Thu, May 28th)
Microsoft DirectShow vulnerability, (Thu, May 28th) Microsoft have recently announced aMicrosoft DirectShow vulnerability via an advisory and multiple blog entries. The advisory indicates that Microsoft are investigating public reports of a vulnerability within the DirectShow element of DirectX – CVE-2009- 1537 has been allocated to this vulnerability. Microsoft have published quite a detailed set of [...]
Achievo 1.3.4 – XSS Vulnerability
[InterN0T] Achievo 1.3.4 – XSS Vulnerability <!– Envelope-to: email@address Delivery-date: Thu, 28 May 2009 22:47:35 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9nRn-0007×5-Lo for email@address; Thu, 28 May 2009 22:47:35 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 8866D237224; Thu, 28 May 2009 15:20:46 -0600 [...]
New Windows zero-day
New Windows zero-day Microsoft on Thursday issued a security advisory for a new vulnerability in DirectX, used on Windows to enable graphics and sound, that could enable a remote hacker to execute arbitrary code if users open specially crafted QuickTime files. Microsoft said that it was aware of active attacks using exploit code for the [...]
