| ||||||||||
********************************************************************
SecuritySpace Newsletter
Published by E-Soft Inc.
February 1st, 2013
====================================================================
I. New This Month:
1) 67 new vulnerability tests on-line
II. Security News - Your Top 10 Picks of January
III. Subscription / Removal Information
====================================================================
I. New This Month
1) 67 new vulnerability tests on-line
--------------------------------------
Security Audits have 67 new tests added this month, bringing
the total this month to 32582 vulnerability tests on-line.
Date Test Description
---- ---- -----------
Jan 31 803127 Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows)
Jan 31 803097 Microsoft Groove Server Detection
Jan 31 803069 Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Mac OS X)
Jan 31 103623 Novell File Reporter 'NFRAgent.exe' Multiple Security Vulnerabilities
Jan 31 802048 TWiki 'MAKETEXT' variable Remote Command Execution Vulnerability
Jan 31 803135 Wireshark Multiple Vulnerabilities-02 Dec 2012 (Mac OS X)
Jan 31 103622 Joomla! JooProperty Component SQL Injection and Cross Site Scripting Vulnerabilities
Jan 31 803080 Firefly MediaServer HTTP Header Multiple DoS Vulnerabilities
Jan 31 902697 MS Exchange Server Remote Code Execution Vulnerabilities (2784126)
Jan 31 803132 Elite Bulletin Board Multiple SQL Injection Vulnerabilities
Jan 31 803078 WordPress Floating Social Media Links Plugin 'wpp' RFI Vulnerabilities
Jan 31 803086 LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows)
Jan 31 802684 IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows)
Jan 31 103621 SMB Windows Detection
Jan 31 803079 WordPress Rokbox Plugin Multiple Vulnerabilities
Jan 31 803128 Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux)
Jan 31 802687 IBM Rational Developer for System z Information Disclosure Vulnerability (Win)
Jan 31 902936 Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)
Jan 31 103640 eXtplorer Detection
Jan 31 803087 LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Mac OS X)
Jan 31 803071 Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Mac OS X)
Jan 31 803076 Adobe Flash Player Multiple Vulnerabilities - December12 (Linux)
Jan 31 803129 Google Chrome Multiple Vulnerabilities-03 Dec2012 (Mac OS X)
Jan 31 802682 Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
Jan 31 803131 OracleBI Discoverer 'node' Cross Site Scripting Vulnerability
Jan 31 103620 Cisco DPC2420 Cross Site Scripting / File Disclosure
Jan 31 803217 IBM Lotus Notes Version Detection (Mac OS X)
Jan 31 803133 Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Mac OS X)
Jan 31 803125 TVMOBiLi Media Server HTTP Request Multiple BOF Vulnerabilities
Jan 31 803081 Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows)
Jan 31 803074 Adobe Flash Player/Air Multiple Vulnerabilities - December12 (Windows)
Jan 31 901305 Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809)
Jan 31 802683 Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
Jan 31 803082 Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Mac OS X)
Jan 31 803089 Joomla! 'Aclassif' Component Cross Site Scripting Vulnerability
Jan 31 803130 OracleBI Discoverer Version Detection
Jan 31 103633 Detection of Rugged Operating System
Jan 31 803068 Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows)
Jan 31 803073 Simple Invoices Multple Cross Site Scripting Vulnerabilities
Jan 31 901212 Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660)
Jan 31 902696 Microsoft Internet Explorer Multiple Vulnerabilities (2761465)
Jan 31 802047 Measuresoft ScadaPro Multiple Security Vulnerabilities
Jan 31 803134 Wireshark Multiple Vulnerabilities-01 Dec 2012 (Mac OS X)
Jan 31 803067 GreenBrowser iframe Handling Double Free Vulnerability (Win)
Jan 31 803066 GreenBrowser Version Detection (Win)
Jan 31 803090 CubeCart Multiple Vulnerabilities
Jan 31 803070 Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows)
Jan 31 803085 LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Mac OS X)
Jan 31 803124 MyBB KingChat Plugin SQL Injection Vulnerability
Jan 31 803088 RealNetworks RealPlayer Code Execution Vulnerabilities - Dec12 (Win)
Jan 31 803137 ERP (Enterprise Resource Planning) System SQL Injection Vulnerability
Jan 31 802046 MySQL Authentication Error Message User Enumeration Vulnerability
Jan 31 103619 Omni-Secure 'dir' Parameter Multiple File Disclosure Vulnerabilities
Jan 31 103626 WordPress Clockstone Theme Arbitrary File Upload Vulnerability
Jan 31 803083 OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows)
Jan 31 103624 Ektron CMS 'XslCompiledTransform' Class Remote Code Execution Vulnerability
Jan 31 902937 Microsoft Office Word Remote Code Execution Vulnerability (2780642)
Jan 31 803091 OpenBSD Portmap Remote Denial of Service Vulnerability
Jan 31 103628 Apple Mobile Device Detection
Jan 31 902698 WordPress WP Photo Album Plus Plugin 'Search Photos' XSS Vulnerability
Jan 31 803084 LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows)
Jan 31 803072 WordPress WP e-Commerce And WooCommerce Predictive Search Plugin 'rs' XSS Vulnerability
Jan 31 901304 Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857)
Jan 31 803077 WordPress Portable phpMyAdmin Plugin 'wp-pma-mod' Security Bypass Vulnerability
Jan 31 803075 Adobe Flash Player/Air Multiple Vulnerabilities - December12 (Mac OS X)
Jan 31 802685 IBM RBD Web Services Information Disclosure Vulnerability (Win)
Jan 31 803096 Microsoft System Center Operations Manager Detection (Windows)
http://www.securityspace.com/smysecure/last30.html
====================================================================
II. Security News - Your Top 10 Picks of January
Our readers ranked the following 10 articles as the most interesting
in January (based on click-through percentage):
1. Backdoor root login found in Barracuda gear - and Barracuda is OK with this
http://www.theregister.co.uk/2013/01/24/barracuda_backdoor/
Story from TheRegister
2. RSA: How to steal encryption keys off hardware chips and smart cards
http://www.networkworld.com/news/2013/011713-rsa-encryption-keys-265932.html
Story from NetworkWorld
3. Wiretapping law's renewal dismays rights groups
http://www.computerworld.com/s/article/9235581/Wiretapping_law_s_renewal_dismays_rights_groups?taxonomyId=17
Story from ComputerWorld
4. Diplomatic and government agencies targeted in years-long cyberespionage operation
http://www.computerworld.com/s/article/9235810/Diplomatic_and_government_agencies_targeted_in_years_long_cyberespionage_operation?taxonomyId=17
Story from ComputerWorld
5. 'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe 0-day
http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/
Story from TheRegister
6. Security audit finds dev OUTSOURCED his JOB to China
http://www.theregister.co.uk/2013/01/16/developer_oursources_job_china/
Story from TheRegister
7. US nuke lab drops Chinese networking kit
http://www.theregister.co.uk/2013/01/08/us_nuke_lab_dumps_h3c_kit/
Story from TheRegister
8. Amazon hack highlights customer service security weakness
http://www.networkworld.com/news/2012/122612-amazon-hack-highlights-customer-service-265379.html
Story from NetworkWorld
9. Security lessons from 2012
http://www.computerworld.com/s/article/9235200/Security_lessons_from_2012?taxonomyId=17
Story from ComputerWorld
10. 12 Security Resolutions for 2013
http://www.networkworld.com/news/2013/010513-12-security-resolutions-for-265542.html
Story from NetworkWorld
====================================================================
III. Subscription/Removal Information
If you know of anyone who may find this newsletter interesting,
please forward it to them.
To subscribe or unsubscribe from this monthly newsletter, please
visit https://secure1.securityspace.com/secnews/subscribe.html
--------------------------------------------------------------------
Ying Chan Tel: (905) 304-6922
Marketing Manager Fax: (905) 304-7122
E-Soft Inc. http://www.securityspace.com
SecuritySpace.com
Para suscribirse o cancelar la suscripción, por favor
diríjase a.
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet Prueba de Web | Whois
© 1998-2013 E-Soft Inc. Todos los derechos reservados. | ||||||||||