Feed aggregator

Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)

BugTraq Latest Security Advisories - August 18, 2014 - 6:38am

Posted by Stefan Kanthak on Aug 18

Hi @ll,

"C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe",
part of Apple's iCloudServices (see <https://www.apple.com/icloud/>), is
configured to be started as (COM) server via SvcHost.Exe.

Unfortunately the developers of this (COM) server (and of course their QA
too) did a lousy job and let their installer create the following erroneous
registry entries with a command line that contains an unquoted...
Categories:

Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs

BugTraq Latest Security Advisories - August 18, 2014 - 6:28am

Posted by Stefan Kanthak on Aug 18

Hi @ll,

the following command lines associated with the URL protocols of
Windows Live Mail 2011 (15.4.3538.513)

WLMail.Url.Mailto=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /mailurl:"%1"
WLMail.Url.news=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:"%1"
WLMail.Url.nntp=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:"%1"
WLMail.Url.snews=C:\Program Files (x86)\Windows...
Categories:

Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)

BugTraq Latest Security Advisories - August 18, 2014 - 6:17am

Posted by Stefan Kanthak on Aug 18

Hi @ll,

"C:\Program Files\Apple Software Update\SoftwareUpdate.exe", part
of Apple's Software Update and installed together with iTunes,
QuickTime and other of Apple's crap for Windows, is periodically
called with the argument "-task".

This invokes the COM server {91A9E6A9-3935-4A37-AFBA-F0904B166364}
alias AppleSoftwareUpdate.ASUInstallhost, implemented in the DLL
C:\Program Files\Apple Software...
Categories:

Bugtraq: [SECURITY] [DSA 3005-1] gpgme1.0 security update

Security Focus Latest Security Advisories - August 18, 2014 - 6:00am
[SECURITY] [DSA 3005-1] gpgme1.0 security update
Categories:

Bugtraq: APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6

Security Focus Latest Security Advisories - August 18, 2014 - 6:00am
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6
Categories:

Bugtraq: [security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code

Security Focus Latest Security Advisories - August 18, 2014 - 6:00am
[security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code
Categories:

Bugtraq: [security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information

Security Focus Latest Security Advisories - August 18, 2014 - 6:00am
[security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information
Categories:

Vuln: Mozilla Firefox/Thunderbird CVE-2014-1538 Memory Corruption Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Mozilla Firefox/Thunderbird CVE-2014-1538 Memory Corruption Vulnerability
Categories:

Vuln: Mozilla Firefox/Thunderbird CVE-2014-1537 Memory Corruption Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Mozilla Firefox/Thunderbird CVE-2014-1537 Memory Corruption Vulnerability
Categories:

Vuln: Mozilla Firefox/Thunderbird CVE-2014-1533 Multiple Memory Corruption Vulnerabilities

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Mozilla Firefox/Thunderbird CVE-2014-1533 Multiple Memory Corruption Vulnerabilities
Categories:

Vuln: ownCloud CVE-2014-4929 Local File Include Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
ownCloud CVE-2014-4929 Local File Include Vulnerability
Categories:

Vuln: RETIRED: LibreSSL PRNG Entropy Weakness

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
RETIRED: LibreSSL PRNG Entropy Weakness
Categories:

Vuln: Python Bottle JSON 'content-type' Parsing Security Bypass Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Python Bottle JSON 'content-type' Parsing Security Bypass Vulnerability
Categories:

Vuln: Pixman CVE-2013-6425 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Pixman CVE-2013-6425 Remote Denial of Service Vulnerability
Categories:

Vuln: Transmission Out of Bounds Memory Corruption Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Transmission Out of Bounds Memory Corruption Vulnerability
Categories:

Vuln: php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability
Categories:

Vuln: Drupal Fasttoggle Module Access Bypass Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Drupal Fasttoggle Module Access Bypass Vulnerability
Categories:

Vuln: Outlook.com for Android SSL Certificate Validation Security Bypass Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Outlook.com for Android SSL Certificate Validation Security Bypass Vulnerability
Categories:

Vuln: Plack::App::File Information Disclosure Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
Plack::App::File Information Disclosure Vulnerability
Categories:

Vuln: libgcrypt Elgamal Encryption Subkeys Information Disclosure Vulnerability

Security Focus Latest Security Advisories - August 17, 2014 - 11:00pm
libgcrypt Elgamal Encryption Subkeys Information Disclosure Vulnerability
Categories: