Hubba's IT security alert portal

Latest IT security alerts....

Heise: KeyView SDK bestows vulnerabilities on Symantec and IBM

Symantec and IBM update software after more holes in the Autonomy KeyView SDK are found which could lead to systems being remotely compromised

2010-07-29 13:35: read more...

Heise: Adobe and Microsoft to cooperate in security programme

In the future, Microsoft and Adobe will collaborate as part of the Microsoft Active Protections Program to provide information to security vendors on the safety of Adobe's products

2010-07-29 10:55: read more...

Heise: Firefox plug-in NoScript 2.0 released

NoScript creator Giorgio Maone has released version 2.0 of his open source extension for Mozilla's Firefox browser, adding several new changes and improving its overall reliability

2010-07-28 16:45: read more...

Heise: Apple's Safari updates fix auto-complete vulnerability

The latest updates to Apple's Safari WebKit-based browser, versions 5.0.1 and 4.1.1, include several new features, such as enabling Safari Extensions and introducing the Safari Extensions Gallery, and address a number of security vulnerabilities

2010-07-28 15:49: read more...

Heise: Apple's Safari updates fix auto-complete vulnerabilities

The latest updates to Apple's Safari WebKit-based browser, versions 5.0.1 and 4.1.1, include several new features, such as enabling Safari Extensions and introducing the Safari Extensions Gallery, and address a number of security vulnerabilities

2010-07-28 15:41: read more...

Heise: Facebook crawler collects more than 170 million data sets

Hacker Ron Bowes claims to have gathered over 170 million data sets from the Facebook public profile directory

2010-07-28 13:59: read more...

Heise: Anti-virus vendors offer free LNK protection - Update

With LNK malware spreading fast and the first cases of system infections beginning to appear at a corporate level, it is high time that Windows users obtain protection.Two AV vendors have come forward to fill the gap created by the absence of a patch from Microsoft

2010-07-27 17:53: read more...

Heise: Critical vulnerability in QuickTime 7.6.6

According to security services provider Secunia, the latest version of Apple's QuickTime 7 media player for Windows contains a critical vulnerability that could be exploited by an attacker to compromise a user's system

2010-07-27 17:30: read more...

Heise: Anti-virus vendors offer free LNK protection

With LNK malware spreading fast and the first cases of system infections beginning to appear at a corporate level, it is high time that Windows users obtain protection.Two AV vendors have come forward to fill the gap created by the absence of a patch from Microsoft

2010-07-27 17:20: read more...

Heise: Citi Mobile iPhone banking app contained security flaw

Citigroup has confirmed that previous versions of its mobile banking application for iPhone contained a security flaw that saved private user information, such as account numbers, bill payments and security access codes, in a hidden file on users' devices

2010-07-27 13:33: read more...

Heise: Google fixes critical vulnerabilities in Chrome 5

Google has released version 5.0.375.125 of Chrome, a security update that addresses three "high" risk vulnerabilities in its WebKit-based browser

2010-07-27 11:45: read more...

Heise: When hackers hack hackers

A free phishing kit, touted in hacker forums, turns perpetrators into victims

2010-07-27 09:54: read more...

TrendMicro: PE_SALITY.LNK-O

Malware: PE_SALITY.LNK-O

2010-07-27 02:18: read more...

TrendMicro: TROJ_ZBOT.BXW

Malware: TROJ_ZBOT.BXW

2010-07-27 02:11: read more...

Heise: WPA2 security hole discovered

"Hole 196" is based on a vulnerability documented in the IEEE 802.11 standard and, for instance, allows attackers to launch denial-of-service (DoS) attacks in wireless networks

2010-07-26 10:53: read more...

Heise: Mozilla releases Firefox 3.6.8 to close critical vulnerability

Just days after the arrival of Firefox 3.6.7, Mozilla has released version 3.6.8 of its open source web browser to close a single critical vulnerability which was introduced in the previous update

2010-07-26 10:00: read more...

Heise: The H Week - PDF timebombs, OpenStack, Responsible Disclosure

The past week saw - cooperation on two cloud projects, A/V extensions to HTML5 and Symbian Foundation membership for individuals. A new Blu-ray library, DrupalCON Europe registration opened and GENIVI choose MeeGo. An exchange of views on vulnerability disclosure and Microsoft caught on a flaw in the short cuts code. Adobe security hardening Reader, browser auto-completion shown to be a security hole and a new intrusion detection engine from Suricata

2010-07-24 15:00: read more...

Heise: The H Week -

The past week saw - cooperation on two cloud projects, A/V extensions to HTML5 and Symbian Foundation membership for individuals. A new Blu-ray library, DrupalCON Europe registration opened and GENIVI choose MeeGo. An exchange of views on vulnerability disclosure and Microsoft caught on a flaw in the short cuts code. Adobe security hardening Reader, browser auto-completion shown to be a security hole and a new intrusion detection engine from Suricata

2010-07-24 12:05: read more...

SANS: 10.30.8 Novell GroupWise WebAccess Authentication Information Disclosure

CVEs: CVE: Not Available

Platform: Novell

2010-07-23 21:30: read more...

SANS: 10.30.31 SAP J2EE Engine Core Unspecified Cross-Site Scripting issue

CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

2010-07-23 21:30: read more...

SANS: 10.30.33 BrotherScripts Scripts Directory "info.php" SQL Injection

CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

2010-07-23 21:30: read more...

SANS: 10.30.23 ConPresso CMS "mod_search/index.php" Multiple Cross-Site Scripting Vulnerabilities

CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

2010-07-23 21:30: read more...

SANS: 10.30.15 Opera Web Browser Multiple Security Issues

CVEs: CVE: CVE-2010-2659, CVE-2010-2662, CVE-2010-2663,CVE-2010-2664

Platform: Cross Platform

2010-07-23 21:30: read more...

SANS: 10.30.38 ClickTech Texas Rank'em "player.asp" SQL Injection

CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

2010-07-23 21:30: read more...

SANS: 10.30.45 Piwigo SQL Injection and HTML Injection Issues

CVEs: CVE: Not Available

Platform: Web Application

2010-07-23 21:30: read more...

SANS: 10.30.22 F5 FirePass Pre-logon Pages Cross-Site Scripting

CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

2010-07-23 21:30: read more...

SANS: 10.30.49 Multi-Vendor Shopping Malls SQL Injection and Cross-Site Scripting Vulnerabilities

CVEs: CVE: Not Available

Platform: Web Application

2010-07-23 21:30: read more...

SANS: 10.30.41 Saurus CMS Multiple Remote File Include Vulnerabilities

CVEs: CVE: Not Available

Platform: Web Application

2010-07-23 21:30: read more...

SANS: 10.30.18 ISC BIND 9 "RRSIG" Record Type Remote Denial of Service

CVEs: CVE: CVE-2010-0213

Platform: Cross Platform

2010-07-23 21:30: read more...

SANS: 10.30.13 Skype Technologies Skype Client for Mac Chat Feature Remote Denial of Service Issue

CVEs: CVE: Not Available

Platform: Cross Platform

2010-07-23 21:30: read more...

SANS: 10.30.53 F5 FirePass Pre-Login Token Security Bypass

CVEs: CVE: Not Available

Platform: Network Device

2010-07-23 21:30: read more...

SANS: (3) MEDIUM: Apple iTunes 'itpc:' URI Remote Buffer Overflow Vulnerability

Category: Widely Deployed Software

Affected:
Apple iTunes 9.0.2
Apple iTunes 9.0.1 .8
Apple iTunes 9.0.1
Apple iTunes 9.0
Apple iTunes 9.2
Apple iTunes 9.1
Apple iTunes 8.2
Apple iTunes 8.1
Apple iTunes 8.0.2.20
Apple iTunes 8.0

2010-07-23 21:30: read more...

SANS: 10.30.3 Ipswitch IMail Server List Mailer "imailsrv.exe" Buffer Overflow

CVEs: CVE: Not Available

Platform: Third Party Windows Apps

2010-07-23 21:30: read more...

SANS: 10.30.27 phpwcms "phpwcms.php" Cross-Site Scripting Issue

CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

2010-07-23 21:30: read more...

SANS: 10.30.43 Billwerx SQL Injection and HTML Injection Vulnerabilities

CVEs: CVE: Not Available

Platform: Web Application

2010-07-23 21:30: read more...

SANS: 10.30.14 FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities

CVEs: CVE: CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,CVE-2010-2500, CVE-2010-2519, CVE-2010-2520

Platform: Cross Platform

2010-07-23 21:30: read more...

SANS: 10.30.11 IBM SolidDB "solid.exe" Handshake Remote Code Execution Issue

CVEs: CVE: Not Available

Platform: Cross Platform

2010-07-23 21:30: read more...

SANS: 10.30.4 Ipswitch IMail "SMTPDLL.dll" Multiple Remote Code Execution Issues Issue

CVEs: CVE: Not Available

Platform: Third Party Windows Apps

2010-07-23 21:30: read more...

SANS: 10.30.28 cPanel Unspecified Cross-Site Scripting

CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

2010-07-23 21:30: read more...

SANS: 10.30.35 icash Click&Rank "admin.asp" SQL Injection Issue

CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

2010-07-23 21:30: read more...

SANS: (1) HIGH: Microsoft Windows Shell Shortcut Parsing Vulnerability

Category: Widely Deployed Software

Affected:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems

2010-07-23 21:30: read more...

SANS: 10.30.25 Novell GroupWise Agents HTTP Interfaces Multiple Cross-Site Scripting Vulnerabilities

CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

2010-07-23 21:30: read more...

SANS: 10.30.37 DeDeCMS "rss.php" SQL Injection Issue

CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

2010-07-23 21:30: read more...

SANS: 10.30.21 Apple iTunes "itpc:" URI Remote Buffer Overflow

CVEs: CVE: CVE-2010-1777

Platform: Cross Platform

2010-07-23 21:30: read more...

SANS: 10.30.30 NQcontent CMS "admin/index.cfm" Cross-Site Scripting and Information Disclosure Vulnerabilities

CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

2010-07-23 21:30: read more...

SANS: 10.30.48 Novell GroupWise WebAccess HTML Injection Issue

CVEs: CVE: Not Available

Platform: Web Application

2010-07-23 21:30: read more...

SANS: 10.30.42 gpEasy CMS "admin_password.php" Remote File Include Issue

CVEs: CVE: Not Available

Platform: Web Application

2010-07-23 21:30: read more...

SANS: 10.30.39 CMSQLite Cross-Site Scripting and Multiple SQL Injection Issues

CVEs: CVE: Not Available

Platform: Web Application

2010-07-23 21:30: read more...

SANS: 10.30.29 Pligg "search.php" Cross-Site Scripting

CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

2010-07-23 21:30: read more...

SANS: 10.30.51 D-Link DAP-1160 Web Administration Interface "formFilter()" Function Buffer Overflow

CVEs: CVE: Not Available

Platform: Network Device

2010-07-23 21:30: read more...

HOME

This page is also available as an RSS feed.

This site is maintained by Hubertus A. Haniel (hubba@unixcook.com)

Last Updated: 2010-07-29 15:31