Feed aggregator

Mozilla Firefox/Thunderbird/Seamonkey CVE-2013-0796 Memory Corruption Vulnerability

VideoJS JS Callback Cross Site Scripting Vulnerability

VideoJS Cross Site Scripting and Denial of Service Vulnerabilities

BusyBox 'udhcpc' Shell Characters in Response Remote Code Execution Vulnerability

NCompress Decompress Buffer Underflow Vulnerability

Resource Hacker Heap Based Buffer Overflow Vulnerability

activeCollab Chat Module Arbitrary PHP Code Execution Vulnerability

Vanilla Forums LatestComment Plugin Discussion Title HTML Injection Vulnerability

Vanilla Forums AboutMe Plugin HTML Injection Vulnerabilities

Oracle Java SE CVE-2013-2424 Remote Java Runtime Environment Vulnerability

Oracle Java SE CVE-2013-2419 Remote Code Execution Vulnerability

Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability

Posted by James Joshi on May 23

CALL FOR PAPERS

IEEE SafeConfig 2013
--------------------
6th Symposium on Security Analytics and Automation (www.safeconfig.org)

(collocated with IEEE Conference on Communications and Network Security)

Washington, D.C., USA
October 14, 2013

Sponsors: IEEE (COMSOC).

Important Dates

Abstract Registration Deadline: June 25
Manuscript Submission: July 1, 2013
Review Notification: August 7, 2013
Camera Ready: August 15, 2012
Conference Dates:...

[SECURITY] [DSA 2672-1] kfreebsd-9 security update

Posted by SEC Consult Vulnerability Lab on May 23

SEC Consult Vulnerability Lab Security Advisory < 20130523-0 >
=======================================================================
title: JavaScript Execution in WebSphere DataPower Services
product: IBM WebSphere DataPower Integration Appliance XI50
vulnerable version: 3.8.2, 4.0, 4.0.1, 4.0.2, 5.0.0
fixed version: not available, config changes
CVE number: CVE-2013-0499
impact:...

Posted by Lukasz Lenart on May 23

The Apache Struts group is pleased to announce that Struts 2.3.14.1 is
available as a "General Availability" release. The GA designation is
our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

Two security issues were...

[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin

[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin

Posted by Apple Product Security on May 23

APPLE-SA-2013-05-22-1 QuickTime 7.7.4

QuickTime 7.7.4 is now available and addresses the following:

QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted TeXML file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
TeXML files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1015...

Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities