The Ambassador

The Ambassador is both warrior and diplomat. He listens to the words of those who deserve influence and guides those in his care as he guides himself. He acts not selfishly but for the betterment of all.

Re: Multiple Vulnerabilities with Aztech Modem Routers

Posted by Federick Joe P Fajardo on Sep 19

The following CVE's have been assigned for this issues:

CVE-2014-6435 - Potential DoS attack
Link to OSVDB ID: 111432 - http://osvdb.org/show/osvdb/111432

CVE-2014-6436 - Broken Session Management
Link to OSVDB ID: 111433 - http://osvdb.org/show/osvdb/111433

CVE-2014-6437 - File and Data Exposure
Link to OSVDB ID: 111434 - http://osvdb.org/show/osvdb/111434
Link to OSVDB ID: 111435 - http://osvdb.org/show/osvdb/111435

09/01/2014 -...


[SECURITY] [DSA 3025-2] apt regression update

Posted by Salvatore Bonaccorso on Sep 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3025-2 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apt
Debian Bug : 762079

The previous update for apt,...


AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations

Posted by Asterisk Security Team on Sep 19

Asterisk Project Security Advisory - AST-2014-010

Product Asterisk
Summary Remote crash when handling out of call message in
certain dialplan configurations
Nature of Advisory Remotely triggered crash of Asterisk
Susceptibility Remote authenticated sessions...


AST-2014-009: Remote crash based on malformed SIP subscription requests

Posted by Asterisk Security Team on Sep 19

Asterisk Project Security Advisory - AST-2014-009

Product Asterisk
Summary Remote crash based on malformed SIP subscription
requests
Nature of Advisory Remotely triggered crash of Asterisk
Susceptibility Remote authenticated sessions...


CVE ID Syntax Change - Deadline Approaching

Posted by Christey, Steven M. on Sep 19

As we approach the end of 2014, CVE identifiers are getting closer and
closer to the magic CVE-2014-9999 mark, which means that MITRE will be
issuing a 5-digit CVE ID within a matter of months, in accordance with
the new syntax that was selected in 2013 (basically using 5, 6, or
even more digits as needed). Some people are still unaware that this
change has happened or have been slow to implement it.

Once a CVE identifier is issued using the...


APPLE-SA-2014-09-17-7 Xcode 6.0.1

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-7 Xcode 6.0.1

Xcode 6.0.1 is now available and addresses the following:

subversion
Available for: OS X Mavericks v10.9.4 or later
Impact: A malicious attacker may be able to cause Subversion
to terminate unexpectedly
Description: A denial of service issue existed in Subversion when
SVNListParentPath was enabled. This issue was addressed by updating
Subversion to version 1.7.17.
CVE-ID
CVE-2014-0032

Xcode 6.0.1 may be...


Oracle Corporation MyOracle - Persistent Vulnerability

Posted by Vulnerability Lab on Sep 19

Document Title:
===============
Oracle Corporation MyOracle - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1261

Oracle Security ID (Team Tracking ID): admin () vulnerability-lab com-001:2014

http://vulnerability-db.com/magazine/articles/2014/09/17/oracle-corporation-fixed-vulnerability-myoracle-online-service-application

Release Date:
=============
2014-09-17...


Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

Posted by VSR Advisories on Sep 19

VSR Security Advisory
http://www.vsecurity.com/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
Release Date: 2014-09-17
Application: Apple iOS Foundation Framework
Apple OS X Foundation Framework
Versions: iOS 7.0, 7.1, OS X 10.9 - 10.9.4
Severity: High
Author:...


Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

Posted by VSR Advisories on Sep 19

hope that it will help promote public safety. This advisory comes with
absolutely NO WARRANTY; not even the implied warranty of merchantability or
fitness for a particular purpose. Neither Virtual Security Research, LLC nor
the author accepts any liability for any direct, indirect, or consequential
loss or damage arising from use of, or reliance on, this information.

See the VSR disclosure policy for more information on our responsible...


APPLE-SA-2014-09-17-6 OS X Server 2.2.3

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

OS X Server 2.2.3 is now available and addresses the following:

CoreCollaboration
Available for: OS X Mountain Lion v10.8.5
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad () securation com) of CERT of...