Page 33 of 35 FirstFirst ... 2329303132333435 LastLast
Results 321 to 330 of 350

Thread: Old Alerts

  1. #321
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Sumatra PDF Reader v1.9 released

    FYI...

    Sumatra PDF Reader v1.9 released
    - http://blog.kowalczyk.info/software/...apdf/news.html
    Version history 1.9 (2011-11-23)
    Changes in this release:
    support for CHM documents
    support touch gestures, available on Windows 7 or later. Contributed by Robert Prouse
    open linked audio and video files in an external media player
    improved support for PDF transparency groups...

    Download
    - http://blog.kowalczyk.info/software/...df-viewer.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #322
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Cisco Linksys router WRT54G WRT54GX UPnP vuln

    FYI...

    Cisco Linksys router WRT54G WRT54GX UPnP vuln ...
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4499
    Last revised: 11/22/2011
    CVSS v2 Base Score: 7.5 (HIGH)
    "... Cisco Linksys WRT54G* with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1.."

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4500
    Last revised: 11/22/2011
    CVSS v2 Base Score: 7.5 (HIGH)
    "... Cisco Linksys WRT54GX* with firmware 2.00.05, when UPnP is enabled..."

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4501
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4502
    "... Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15..."

    - http://www.kb.cert.org/vuls/id/357851
    Last Updated: 2011-10-07 - "... Workarounds: Disable UPnP* on the device..."

    * http://192.168.1.1/Manage.htm
    ... Administration - UPnP: > Disable...

    - http://www.upnp-hacks.org/devices.html#linksys
    ___

    - http://h-online.com/-1329727
    24 August 2011

    Last edited by AplusWebMaster; 2011-11-28 at 20:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #323
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation HP LaserJet network ptrs vuln ...

    FYI...

    - http://h20000.www2.hp.com/bizsupport...ctID=c03102449
    Last Updated: 2011-12-23 Version: 2 (rev.2)
    23 December 2011 Code signing firmware available
    ___

    HP LaserJet printers - firmware access vuln
    - http://www.securitytracker.com/id/1026357
    CVE Reference: CVE-2011-4161
    Updated: Dec 1 2011
    Impact: Execution of arbitrary code via network, Root access via network
    Vendor Confirmed: Yes
    Description: A vulnerability was reported in some HP LaserJet Printers. A remote user can update the firmware with arbitrary code. A remote user can send a specially crafted print job or specially crafted data to TCP port 9100 on the target printer to trigger an unspecified flaw and cause the printer to upgrade its firmware with arbitrary code. Some printers do not check digital signatures on firmware upgrades...
    The original advisory is available at:
    http://redtape.msnbc.msn.com/_news/2...esearchers-say
    Impact: A remote user can upgrade the printer's firmware with arbitrary code.
    Solution: ... The vendor recommends disabling the 'Printer Firmware Update' feature as described at:
    http://h71028.www7.hp.com/enterprise...-Imaging10.pdf
    The vendor's advisory is available at:
    http://h20565.www2.hp.com/portal/sit...r_na-c03102449
    Last Updated: 2011-12-23

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4161
    Last revised: 12/02/2011
    CVSS v2 Base Score: 10.0 (HIGH)

    - https://secunia.com/advisories/47063/
    Release Date: 2011-12-28
    Criticality level: Moderately critical
    Impact: Security Bypass ...

    - https://isc.sans.edu/diary.html?storyid=12112
    Last Updated: 2011-11-29 16:22:00 UTC

    - http://h-online.com/-1387374
    30 November 2011
    ___

    - http://www.hp.com/hpinfo/newsroom/pr...1/111129b.html
    Nov. 29, 2011 - "... Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false. HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability. While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access. The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade.
    HP is building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted. In the meantime, HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers..."

    Last edited by AplusWebMaster; 2012-01-02 at 16:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #324
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Yahoo Messenger v11.5.0.152-us / 0-Day exploit - 2011.12.02 ...

    FYI...

    Yahoo Messenger v11.5.0.152 / 0-Day exploit - 2011.12.02...
    - http://www.malwarecity.com/blog/new-...date-1229.html
    2 December 2011 - "... A newly discovered exploit in version 11.x of the Messenger client (including the freshly-released 11.5.0.152-us*) allows a remote attacker to arbitrarily change the status message of virtually any Yahoo Messenger user that runs the vulnerable version...
    You are -not- vulnerable if... You have Yahoo Messenger set to 'ignore anyone who is not in your Yahoo! Contacts' (which is off by default)..."

    * Yahoo Messenger v11.5.0.152-us:
    > http://www.majorgeeks.com/Yahoo_Messenger_d4235.html
    Date: 2011-11-30 / Size: 18 MB / License: Freeware

    - https://secure.wikimedia.org/wikiped...istory#Windows
    v11.5.0.152 - November 29, 2011
    Tabbed IMs / Improved Spam Management / New Social Games / Easy Access to Recent Contacts
    Smart Archiving / Snap and Share / Quick Access to All Emoticons...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #325
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb WordPress v3.3 released

    FYI...

    WordPress v3.3 released
    - https://wordpress.org/download/
    December 12, 2011 Stable Download - "The latest stable release of WordPress (Version 3.3) is available ..."

    - https://wordpress.org/news/2011/12/sonny/

    Changelog/3.3
    - https://codex.wordpress.org/Changelog/3.3

    - https://codex.wordpress.org/Version_3.3

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #326
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down -780- attempted exploitations...

    FYI...

    - http://forums.spybot.info/showpost.p...4&postcount=57
    Dec. 16, 2011
    ___

    - http://www.symantec.com/security_res...atconlearn.jsp
    Updated: Dec 21 - "... For the period of December 8, 2011 through December 20, 2011, Symantec intelligence products have detected a total of -780- attempted exploits of CVE-2011-2462*. Exercise extreme caution when opening PDF files from untrusted sources. Any email attachments received from unfamiliar senders or unexpectedly from known senders should be treated suspiciously. Email attachments are a common vector for targeted attacks using vulnerabilities of this kind..."
    ___

    - https://www.adobe.com/support/securi...apsa11-04.html
    Last updated: December 15, 2011 - "... We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on December 16, 2011..."

    * http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2462
    Last revised: 12/21/2011
    CVSS v2 Base Score: 10.0 (HIGH)
    "... as exploited in the wild in December 2011..."

    Last edited by AplusWebMaster; 2011-12-21 at 15:59.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #327
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Thunderbird v9.0 released

    FYI...

    Thunderbird v9.0 released
    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    December 20, 2011

    Download
    - https://www.mozilla.org/en-US/thunderbird/all.html

    Fixed in Thunderbird 9
    - https://www.mozilla.org/security/kno...l#thunderbird9
    MFSA 2011-58 Crash scaling <video> to extreme sizes
    MFSA 2011-57 Crash when plugin removes itself on Mac OS X
    MFSA 2011-56 Key detection without JavaScript via SVG animation
    MFSA 2011-55 nsSVGValue out-of-bounds access
    MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
    MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3658 - 7.5 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3660 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3661 - 7.5 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3663 - 4.3
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3664 - 6.8
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3665 - 7.5 (HIGH)
    Last revised: 12/21/2011
    "... Thunderbird 5.0 through 8.0..."

    - http://www.securitytracker.com/id/1026447
    Dec 21 2011
    ___

    Thunderbird v3.1.7 released
    - https://www.mozilla.org/en-US/thunde...all-older.html

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3666
    Last revised: 12/21/2011
    CVSS v2 Base Score: 6.8 (MEDIUM)
    "... Thunderbird before 3.1.7..."
    ___

    - http://h-online.com/-1400073
    22 December 2011

    Last edited by AplusWebMaster; 2011-12-23 at 01:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #328
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress Connections plugin vuln - updates available

    FYI...

    WordPress Connections plugin vuln - updates available
    - https://secunia.com/advisories/47390/
    Release Date: 2011-12-29
    Criticality level: Moderately critical
    Impact: Unknown
    Where: From remote...
    Solution... see: Connections Changelog:
    http://wordpress.org/extend/plugins/...ons/changelog/
    Latest: 0.7.2.2 - 12/25/11
    0.7.1.6 - 06/15/2011 > Fixes security vulnerability
    Requires: 3.2 or higher
    Compatible up to: 3.3
    Last Updated: 2011-12-26

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #329
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress v3.3.1 released

    FYI...

    WordPress v3.3.1 released
    - https://wordpress.org/download/
    January 3, 2012 - "The latest stable release of WordPress (Version 3.3.1) is available..."

    WordPress 3.3.1 Security and Maintenance Release
    - https://wordpress.org/news/2012/01/wordpress-3-3-1/
    January 3, 2012 - "This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3..."

    - https://core.trac.wordpress.org/quer...order=priority
    ___

    - http://h-online.com/-1403297
    4 January 2012
    ___

    - http://www.securitytracker.com/id/1026542
    CVE Reference: CVE-2012-0287
    Date: Jan 19 2012
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
    Version(s): 3.3
    Solution: The vendor has issued a fix (3.3.1)...

    Last edited by AplusWebMaster; 2012-01-23 at 16:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #330
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation OpenSSL security advisory ...

    FYI...

    OpenSSL vulns/fixes ...
    - https://isc.sans.edu/diary.html?storyid=12322
    Last Updated: 2012-01-05 00:46:00 UTC - "... CVEs include:
    DTLS Plaintext Recovery Attack (CVE-2011-4108)
    Double-free in Policy Checks (CVE-2011-4109)
    Uninitialized SSL 3.0 Padding (CVE-2011-4576)
    Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
    SGC Restart DoS Attack (CVE-2011-4619)
    Invalid GOST parameters DoS Attack (CVE-2012-0027)
    Details here: http://openssl.org/news/secadv_20120104.txt
    Downloads here: http://openssl.org/source/ ..."

    - http://www.openssl.org/news/secadv_20120104.txt
    04 Jan 2012 - "... Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s..."

    - https://secunia.com/advisories/47426/
    Release Date: 2012-01-05
    Criticality level: Moderately critical
    Impact: Exposure of sensitive information, DoS, System access
    Where: From remote
    Solution: Update to version 0.9.8s or 1.0.0f.

    - http://www.securitytracker.com/id/1026485
    CVE Reference: CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0390
    Updated: Jan 6 2012
    Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Version(s): prior to 0.9.8s; 1.x prior to 1.0.0f

    Last edited by AplusWebMaster; 2012-01-06 at 15:06.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •