BugTraq Latest Security Advisories
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 39 min 59 sec ago
Re: WordPress 3.5.1, Denial of Service
Posted by Henri Salo on Jun 13
Please use CVE-2013-2173 for this issue.---
Henri Salo
LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine
Posted by LSE Leading Security Experts GmbH \(Security Advisories\) on Jun 13
=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===Avira AntiVir Engine -- Denial of Service / Filtering Evasion
-------------------------------------------------------------
Affected Versions
=================
Avira AntiVir Engine < 8.2.12.58
Affected products using the AntiVir engine are:
Avira Server Security
Avira AntiVir MailGate
Avira AntiVir MailGate Suite
Avira Exchange Security
Avira AntiVir WebGate
Avira...
[ MDVSA-2013:173 ] subversion
Posted by security on Jun 13
_______________________________________________________________________Mandriva Linux Security Advisory MDVSA-2013:173
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : subversion
Date : June 13, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem...
[SECURITY] [DSA 2707-1] dbus security update
Posted by Yves-Alexis Perez on Jun 13
-------------------------------------------------------------------------Debian Security Advisory DSA-2707-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
June 13, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : dbus
Vulnerability : denial of service
Problem type :...
Slideware of recent presentations about IPv6 security
Posted by Fernando Gont on Jun 13
Folks,FYI, the slideware of two recent presentations is available online:
* "Security Assessment of IPv6 Networks and Firewalls", presented at the
German IPv6 Kongress (http://www.ipv6-kongress.de/) in Frankfurt/Main,
June 6-7, 2013.
Slideware available at:
<http://www.si6networks.com/presentations/ipv6kongress/mhfg-ipv6-kongress-ipv6-security-assessment.pdf>
We did this talk together with Marc Heuse. First time we presented...
[ MDVSA-2013:172 ] wireshark
Posted by security on Jun 12
_______________________________________________________________________Mandriva Linux Security Advisory MDVSA-2013:172
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : wireshark
Date : June 12, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem...
SQL Injection in Dolphin
Posted by advisory on Jun 12
Advisory ID: HTB23157Product: Dolphin
Vendor: BoonEx
Vulnerable Version(s): 7.1.2 and probably prior
Tested Version: 7.1.2
Vendor Notification: May 22, 2013
Vendor Patch: May 29, 2013
Public Disclosure: June 12, 2013
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2013-3638
Risk Level: Medium
CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security...
Re: WordPress 3.5.1, Denial of Service
Posted by Solar Designer on Jun 12
Hi guys,I'll over-quote a little, then comment below:
[...]
[...]
Web apps (like WordPress) were indeed not supposed to expose the ability
for untrusted users to specify arbitrary "setting" strings (which
include the configurable cost). I am unfamiliar with WordPress, so I
don't know why they do it here - is this instance of their use of phpass
perhaps meant to achieve similar goals that tripcodes do? If so, yes,
they...
CORE-2013-0430 - Buffer overflow in Ubiquiti airCam RTSP service
Posted by CORE Security Technologies Advisories on Jun 12
Core Security - Corelabs Advisoryhttp://corelabs.coresecurity.com
Buffer overflow in Ubiquiti airCam RTSP service
1. *Advisory Information*
Title: Buffer overflow in Ubiquiti airCam RTSP service
Advisory ID: CORE-2013-0430
Advisory URL:
http://www.coresecurity.com/advisories/buffer-overflow-ubiquiti-aircam-rtsp-service
Date published: 2013-06-11
Date of last update: 2013-06-11
Vendors contacted: Ubiquiti
Release mode: Coordinated release
2....
[security bulletin] HPSBMU02884 rev.1 - HP Service Manager and HP ServiceCenter, Cross Site Scripting (XSS) and Disclosure of Information
Posted by security-alert on Jun 12
Note: the current version of the following document is available here:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03784101
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03784101
Version: 1
HPSBMU02884 rev.1 - HP Service Manager and HP ServiceCenter, Cross Site
Scripting (XSS) and Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Re: WordPress 3.5.1, Denial of Service
Posted by Peter Bex on Jun 11
Hi,This phpass.php isn't hand-rolled like you stated in your blog post; it's
a copy of a public domain crypt()-workalike: http://www.openwall.com/phpass/
There are several other systems which implement their password hashing
using this library.
Having said that, being able to control the setting looks like a mistake on
the part of Wordpress, so I'm not sure the bug is in phpass, strictly
speaking. However, have you considered...
t2'13: Call for Papers 2013 (Helsinki / Finland)
Posted by Tomi Tuominen on Jun 11
# t2'13 - Call For Papers #Helsinki, Finland
October 24 - 25, 2013
We are pleased to announce the annual t2'13 infosec conference, which
will take place in Helsinki, Finland, from October 24 to 25, 2013.
We are looking for original, preferably technical presentations in the
fields of information security. Presentations should last a minimum of
60 minutes and a maximum of two...
[security bulletin] HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
Posted by security-alert on Jun 11
Note: the current version of the following document is available here:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03787836
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03787836
Version: 1
HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using
Single-Sign-On (SSO), Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
CFP: IEEE SafeConfig: 6th Symposium on Security Analytics and Automation
Posted by James Joshi on Jun 11
CALL FOR PAPERSIEEE SafeConfig 2013
--------------------
6th Symposium on Security Analytics and Automation (www.safeconfig.org)
(collocated with IEEE Conference on Communications and Network Security)
Washington, D.C., USA
October 14, 2013
Sponsors: IEEE (COMSOC).
Important Dates
Abstract Registration Deadline: June 25
Manuscript Submission: July 1, 2013
Review Notification: August 7, 2013
Camera Ready: August 15, 2012
Conference Dates:...
[slackware-security] php (SSA:2013-161-01)
Posted by Slackware Security Team on Jun 11
[slackware-security] php (SSA:2013-161-01)New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix a security issue.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/php-5.4.16-i486-1_slack14.0.txz: Upgraded.
This is a bugfix release. It also fixes a security issue -- a heap-based
overflow in the quoted_printable_encode() function, which...
[SECURITY] [DSA 2706-1] chromium-browser security update
Posted by Giuseppe Iuculano on Jun 11
-------------------------------------------------------------------------Debian Security Advisory DSA-2706-1 security () debian org
http://www.debian.org/security/ Giuseppe Iuculano
June 10, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : chromium-browser
Vulnerability : several
Problem type :...
[SECURITY] [DSA 2705-1] pymongo security update
Posted by Giuseppe Iuculano on Jun 11
-------------------------------------------------------------------------Debian Security Advisory DSA-2705-1 security () debian org
http://www.debian.org/security/ Giuseppe Iuculano
June 10, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : pymongo
Vulnerability : denial of service
Problem type :...
CVE-2013-3739 Local File Inclusion in Weathermap <= 0.97C
Posted by Anthony Dubuissez on Jun 11
=============================================WEBERA ALERT ADVISORY 01
- Discovered by: Anthony Dubuissez
- Severity: high
- CVE Request - 03/06/2013
- CVE Assign - 03/06/2013
- CVE Number - CVE-2013-3739
- Vendor notification - 03/06/2013
- Vendor reply - No reply
- Public disclosure - 10/06/2013
=============================================
I. VULNERABILITY -------------------------
Local File Inclusion in Weathermap <= 0.97C
II....
[SECURITY] [DSA 2704-1] mesa security update
Posted by Raphael Geissert on Jun 11
-------------------------------------------------------------------------Debian Security Advisory DSA-2704-1 security () debian org
http://www.debian.org/security/ Raphael Geissert
June 09, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : mesa
Vulnerability : out of bounds access
Problem type :...
[SECURITY] [DSA 2703-1] subversion security update
Posted by Salvatore Bonaccorso on Jun 11
-------------------------------------------------------------------------Debian Security Advisory DSA-2703-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : subversion
Vulnerability : several
Problem type : remote...

