Latest IT security alerts....
Heise: The H Roundup for the week ending 4 February
In the last seven days: a critical hole in PHP was closed, Ubuntu 12.04 Alpha 2 arrived and there was controversy around a Busybox alternative. Also Debian 7.0 will use the 3.2 kernel, VLC 2.0 gets ready to bloom and Wayland 1.0 approaches
2012-02-04 11:59: read more...
SANS: 12.5.12 HP Network Automation Remote Unauthorized Access
CVEs: CVE: CVE-2011-4790
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: 12.5.24 Syneto Unified Threat Management Cross-Site Request Forgery
CVEs: CVE: Not Available
Platform: Hardware
2012-02-03 22:00: read more...
SANS: 12.5.2 RSA enVision Environmental Variable Information Disclosure
CVEs: CVE: CVE-2011-4143
Platform: Third Party Windows Apps
2012-02-03 22:00: read more...
SANS: 2012-0809 Todd Miller Sudo "Sudo_Debug()" Path Resolution Local Privilege Escalation
CVEs: CVE: CVE
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: 12.5.3 PDF-XChange pdfSaver ActiveX Multiple Buffer Overflow Vulnerabilities
CVEs: CVE: Not Available
Platform: Third Party Windows Apps
2012-02-03 22:00: read more...
SANS: 12.5.1 Trend Micro DataArmor and DriveArmor Pre-boot Local Privilege Escalation
CVEs: CVE: Not Available
Platform: Third Party Windows Apps
2012-02-03 22:00: read more...
SANS: 12.5.19 PEEL SHOPPING SQL Injection and Cross-Site Scripting Vulnerabilities
CVEs: CVE: Not Available
Platform: Web Application
2012-02-03 22:00: read more...
SANS: 12.5.11 FFmpeg Multiple Remote Vulnerabilities
CVEs: CVE:CVE-2011-3952,CVE-2011-3951,CVE-2011-3950,CVE-2011-3949,CVE-2011-3947,CVE-2011-3946,CVE-2011-3945,CVE-2011-3944,CVE-2011-3941,CVE-2011-3940,CVE-2011-3937,CVE-2011-3936,CVE-2011-3935,CVE-2011-3934,CVE-2011-3929
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: (1) MEDIUM: Mozilla Firefox Multiple Security Vulnerabilities
Category: Widely Deployed Software
Affected:
- Mozilla Firefox prior to 10.0
- Mozilla Firefox 3.6.x prior to 3.6.26
2012-02-03 22:00: read more...
SANS: 12.5.22 HostBill PHP Code Injection
CVEs: CVE: Not Available
Platform: Web Application
2012-02-03 22:00: read more...
SANS: 12.5.14 Mozilla Firefox/SeaMonkey/Thunderbird Multiple Vulnerabilities
CVEs: CVE:CVE-2012-0445,CVE-2012-0447,CVE-2011-3659,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0449,CVE-2012-0446
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: 12.5.21 FishEye and Crucible Webwork 2 Framework Remote Code Injection
CVEs: CVE: Not Available
Platform: Web Application
2012-02-03 22:00: read more...
SANS: 12.5.25 Fortigate UTM WAF Appliance Cross-Site Scripting and HTML Injection Vulnerabilities
CVEs: CVE: Not Available
Platform: Hardware
2012-02-03 22:00: read more...
SANS: 12.5.4 Debian Openssh Server Forced Command Handling Information Disclosure
CVEs: CVE: CVE-2012-0814
Platform: Linux
2012-02-03 22:00: read more...
SANS: 12.5.7 Limit My Call Remote Unauthorized Access
CVEs: CVE: CVE-2011-4703
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: 12.5.5 Wicd "wicd/configmanager.py" Local Information Disclosure
CVEs: CVE: CVE-2012-0813
Platform: Linux
2012-02-03 22:00: read more...
SANS: 12.5.18 Apache HTTP Server mod_log_config Denial Of Service
CVEs: CVE: CVE-2012-0021
Platform: Web Application
2012-02-03 22:00: read more...
SANS: 12.5.13 RESTEasy JaxB XML Entity References Information Disclosure
CVEs: CVE: CVE-2012-0818
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: (2) MEDIUM: Symantec PCAnywhere Buffer Overflow
Category: Widely Deployed Software
Affected:
- Symantec pcAnywhere 12.0.x and 12.1.x prior to 12.5.3
2012-02-03 22:00: read more...
SANS: 12.5.15 Mibew Messenger Multiple Cross-Site Scripting Vulnerabilities
CVEs: CVE: Not Available
Platform: Web Application - Cross Site Scripting
2012-02-03 22:00: read more...
SANS: 12.5.16 Hitachi JP1/IT Desktop Management Manager Unspecified Cross-Site Scripting
CVEs: CVE: Not Available
Platform: Web Application - Cross Site Scripting
2012-02-03 22:00: read more...
SANS: 12.5.20 OSClass Multiple Remote Vulnerabilities
CVEs: CVE: Not Available
Platform: Web Application
2012-02-03 22:00: read more...
SANS: 12.5.9 Samba Memory Leak Local Denial Of Service
CVEs: CVE: CVE-2012-0817
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: 12.5.6 EMC NetWorker Unspecified Buffer Overflow
CVEs: CVE: CVE-2012-0395
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: 12.5.23 D-Link DIR-601 TFTP Server Directory Traversal
CVEs: CVE: CVE-2011-4821
Platform: Network Device
2012-02-03 22:00: read more...
SANS: 12.5.8 Wireshark Buffer Underflow and Denial of Service Vulnerabilities
CVEs: CVE: CVE-2012-0068,CVE-2012-0067,CVE-2012-0066
Platform: Cross Platform
2012-02-03 22:00: read more...
SANS: 12.5.17 Campaign Enterprise "SID" Parameter SQL Injection
CVEs: CVE: Not Available
Platform: Web Application - SQL Injection
2012-02-03 22:00: read more...
Heise: Google's Bouncer scans the Android Market for Malware
Google has disclosed that it has, for the last year, been using a system called Bouncer to scan the Android Market for malware and says there was a 40% decline in downloads of malicious software in 2011
2012-02-03 11:49: read more...
Heise: MSUpdate trojan attacked companies in the defence sector
The lure was a well-made invitation to a prestigious conference which then injected spyware into employee's computers
2012-02-03 10:34: read more...
Heise: Break-ins at domain registrar VeriSign in 2010
In late 2011, the US corporation notified the authorities of several intrusions into its IT systems in 2010. However, no important information is believed to have been stolen
2012-02-02 21:36: read more...
Heise: Critical PHP vulnerability being fixed
The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known
2012-02-02 17:04: read more...
Heise: Critical PHP vulnerability being fixed - Update
The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known
2012-02-02 17:04: read more...
Heise: Report: Kelihos botnet making a comeback
Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques
2012-02-02 12:34: read more...
Heise: Report: Kelihos botnet making a comeback - Update
Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques
2012-02-02 12:34: read more...
Heise: HTC Android phones expose Wi-Fi passwords to apps
Android applications running on some HTC smartphones can access the passwords of the Wi-Fi networks they are connected to and potentially send that information to third parties. HTC has release updates for the affected devices
2012-02-02 11:51: read more...
Heise: Apple releases Mac OS X 10.7.3
The company has released Mac OS X 10.7.3 and, for users who have yet to upgrade from 10.6.8 to Lion, Security Update 2012-001. The updates address more than 50 security vulnerabilities that could be exploited to, for example, remotely execute arbitrary code
2012-02-02 10:41: read more...
Heise: Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey
Mozilla has detailed the security fixes included in the recent updates to its Firefox web browser, Thunderbird email client and SeaMonkey suite. Version 10.0 of Firefox, for example, closes 8 holes, 5 of which are rated as critical
2012-02-01 11:17: read more...
Heise: Hacker extracts RFID credit card details
At a conference, Kristin Paget demonstrated how easily RFID-enabled credit cards can be used to make a payment without requiring any card owner interaction
2012-02-01 10:25: read more...
Microsoft: MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.3
2012-02-01 08:00: read more...
Microsoft: MS11-098 - Important : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) - Version: 1.1
2012-02-01 08:00: read more...
SANS: 12.4.17 osCommerce Multiple Unspecified Cross Site Scripting Vulnerabilities
CVEs: CVE: CVE-2012-0312,CVE-2012-0311
Platform: Web Application - Cross Site Scripting
2012-02-01 03:01: read more...
CERT: TA12-010A: Microsoft Updates for Multiple Vulnerabilities
Microsoft Updates for Multiple Vulnerabilities
2012-02-01 03:01: read more...
CERT: TA11-286A: Apple Updates for Multiple Vulnerabilities
Apple Updates for Multiple Vulnerabilities
2012-02-01 03:01: read more...
SANS: 12.4.16 IBM WebSphere Application Server Cross-Site Scripting
CVEs: CVE: CVE-2011-5065
Platform: Web Application - Cross Site Scripting
2012-02-01 03:01: read more...
SANS: 12.4.18 SolarWinds Storage Manager Server SQL Injection
CVEs: CVE: Not Available
Platform: Web Application - SQL Injection
2012-02-01 03:01: read more...
CERT: TA11-222A: Adobe Updates for Multiple Vulnerabilities
Adobe Updates for Multiple Vulnerabilities
2012-02-01 03:01: read more...
SANS: 12.4.1 Linux Kernel iocbs Local Denial of Service
CVEs: CVE: CVE-2012-0058
Platform: Linux
2012-02-01 03:01: read more...
CERT: TA11-347A: Microsoft Updates for Multiple Vulnerabilities
Microsoft Updates for Multiple Vulnerabilities
2012-02-01 03:01: read more...
SANS: 12.4.2 Linux Kernel Local Privilege Escalation
CVEs: CVE: CVE-2012-0056
Platform: Linux
2012-02-01 03:01: read more...
This page is also available as an RSS feed.
This site is maintained by Hubertus A. Haniel (hubba@unixcook.com)
Last Updated: 2012-02-05 18:31