| View previous topic :: View next topic |
| Author |
Message |
AAtrader
Trooper
Joined: Nov 17, 2005
Posts: 30
Location: USA
|
 Posted: Thu Oct 11, 2007 4:58 pm Post subject: |
|
|
Secunia site isn't accessible as i'm posting this. 
|
|
| Back to top |
|
 |
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Thu Oct 11, 2007 5:11 pm Post subject: |
|
|
'Works for me:
> http://secunia.com/
...must've been a "temporary glitch", as they say.
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Wed Nov 21, 2007 11:46 am Post subject: |
|
|
FYI...
BitDefender Online Scanner ActiveX vuln - update available
- http://secunia.com/advisories/27717/
Release Date: 2007-11-21
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0. Other versions may also be affected.
Solution: Update to the latest version (OScan82.ocx).
http://www.bitdefender.com/scan8/ie.html
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Wed Dec 12, 2007 11:51 am Post subject: |
|
|
FYI...
Trend Micro AV plus AS 2008, Internet Security 2008, Internet Security Pro 2008
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
12/10/07 - "...Remote memory corruption... long bogus file names from malformed ZIP files... Vulnerability only affects users with English Versions of TIS16 (Trend Micro Internet Security Pro, Trend Micro Internet Security/Virus Buster 2008) and TAV16 (TrendMicro Antivirus plus AntiSpyware 2008) build #1450 and older... You can download the TIS16.0 English language security patch here..."
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Wed Dec 19, 2007 1:53 pm Post subject: |
|
|
FYI...
Clam AV vuln - update available
- http://secunia.com/advisories/28117/
Release Date: 2007-12-19
Critical: Highly critical
Impact: DoS, System access
Where: From remote
...The vulnerability is reported in versions prior to 0.92...
Solution: Update to version 0.92.
> http://www.clamav.org/
ClamAV Virus Databases: main.cvd ver. released on 09 Dec 2007 15:50 +0000
> http://www.clamwin.com/
The latest version of Clamwin Free Antivirus is 0.91.2
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Fri Dec 21, 2007 5:20 pm Post subject: |
|
|
FYI...
- http://www.heise-security.co.uk/articles/100965
21.12.2007 - "...The list of manufacturers of antivirus software with critical security problems reads like a Who's Who of the industry: the blacklist of Zoller and Alvarez includes Avast, Avira, BitDefender, CA, ClamAV, Eset NOD32, F-Secure, Grisoft AVG, Norman, Panda and Sophos. iDefense uncovered critical buffer overflows in Kaspersky's scanner, McAfee's VirusScan and Trend Micro's security products. Secunia found the same thing in Symantec's E-mail Security, and ISS/IBM XForce caught out Microsoft's security products. All of these appeared just this year, and the list is by no means complete: the n.runs specialists alone say they have discovered more than 80 critical holes and passed them on to the manufacturers. As far as they know, only some thirty of them have been closed so far..."
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Wed Feb 20, 2008 12:36 pm Post subject: |
|
|
FYI...
F-Secure vuln - hotfix available
- http://www.f-secure.com/security/fsc-2008-1.shtml
Last updated: 2008-02-19 ...
Risk Factor: High
The gateway passes archives unscanned
Mitigating Factors:
* Exploitation of these vulnerabilities requires specially crafted archives
* The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix..."
(More detail at the URL above.)
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Wed Feb 27, 2008 11:47 am Post subject: |
|
|
FYI...
Symantec RAR File vulns - updates available
- http://secunia.com/advisories/29140/
Release Date: 2008-02-27
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Scan Engine 5.x...
Original Advisory: SYM08-006:
http://www.symantec.com/avcenter/security/Content/2008.02.27.html ...
"...to ensure all available updates have been applied, users can manually launch and run LiveUpdate..."
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Mon Mar 17, 2008 4:58 pm Post subject: |
|
|
FYI...
F-Secure Security Advisory FSC-2008-2
- http://www.f-secure.com/weblog/archives/00001404.html
March 17, 2008 - "...The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors - including several antivirus vendors...including us. We've fixed a long list of our products to resolve these issues. Home users will get these fixes via the normal update system and they don't have to do anything... Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any public exploit methods for these vulnerabilities. For more information, please consult F-Secure Security Advisory FSC-2008-2* and CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats**."
* http://www.f-secure.com/security/fsc-2008-2.shtml
(Hotfixes/patches available)
** https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
17 March 2008 - "...The vulnerabilities described in this advisory can potentially affect programs that handle the archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. The Test Suite contains a set of fuzzed archive files in different formats, some of which may cause and some that are known to cause problems in common tools processing archived content..."
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Sat Apr 05, 2008 2:34 am Post subject: |
|
|
FYI...
CA Alert Notification Server service
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103
Issued: April 3rd, 2008 - "CA's customer support is alerting customers to security risks in products that use the Alert Notification Server service. Multiple vulnerabilities exist that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.
The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
Risk Rating: High
Affected Products:
CA Anti-Virus for the Enterprise 7.1
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
Solution: CA has provided updates to address the vulnerabilities... (links at URL above)
Workaround: None..."
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
AplusWebMaster
General
Joined: Mar 14, 2004
Posts: 4807
Location: USA
|
| Posted: Mon Apr 14, 2008 2:16 pm Post subject: |
|
|
FYI...
ClamAV vuln
- http://secunia.com/advisories/29000/
Release Date: 2008-04-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Clam AntiVirus (clamav) 0.x
...The vulnerability is confirmed in versions 0.92 and 0.92.1. Prior versions may also be affected.
Solution: An updated version should be available shortly. The PE scanning module has been remotely switched off after 10/03/2008.
Do not scan untrusted PE files...
_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
.
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
