Feed aggregator

Posted by chudakovma on May 21

CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk,
Personal Firewall)

CVE reference:
CVE-2013-3496

Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)

Severity:
Medium

Local\Remote:
Local

Vulnerability Class:
Privilege Escalation

Vendor URL:
http://www.infotecs.biz/

Affected OS:
Windows

Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...

Posted by Fernando Gont on May 21

Folks,

We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".

This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.

This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.

Stay tuned for more IPv6 security news...

Posted by Stefan Kanthak on May 21

Hi @ll,

the "Microsoft Installer" creates for applications installed via an
.MSI the following uninstall information in the Windows registry
(see <http://msdn.microsoft.com/library/aa372105.aspx>):

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
"UninstallString"="MsiExec.Exe /X{<GUID>}"
"ModifyPath"="MsiExec.Exe /I{<GUID>}"

Note the unqualified path...

Static analysis tool exposition (SATE) V Call for participation

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!

[slackware-security] ruby (SSA:2013-136-02)

[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)

Posted by aure on May 21

NIST is preparing the fifth Static Analysis Tool Exposition (SATE V). Briefly, participating tool makers run their
static analyzer on a set of programs. Researchers led by NIST analyze the tool reports and present the results and
experiences at a workshop. A detailed plan is available at:

http://samate.nist.gov/SATE.html

We plan to provide test cases by June 3rd. Tool makers will have until August 1st (if at all possible; September 1st at...

APPLE-SA-2013-05-16-1 iTunes 11.0.3

Version:next-20130521 (linux-next) Released:2013-05-21

RETIRED: Moodle Multiple Remote Security Vulnerabilities

Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability

Moodle CVE-2012-6098 Security Bypass Vulnerability

Moodle CVE-2012-6101 Multiple URI Redirection Vulnerabilities

Moodle CVE-2012-6104 Information Disclosure Vulnerability

Oracle Java SE CVE-2013-2431 Remote Java Runtime Environment Vulnerability

Oracle Java SE CVE-2013-1564 Remote Java Runtime Environment Vulnerability

Oracle Java SE CVE-2013-2429 Remote Java Runtime Environment Vulnerability

Oracle Java SE Remote Heap Buffer Overflow Vulnerability

Oracle Java SE CVE-2013-2415 Remote Java Runtime Environment Vulnerability