BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

August, 2013

tplink

TP-Link TD-W8951ND Cross Site Request Forgery / Cross Site Scripting

Disclosed August 30, 2013    Zeroday : 334 days
Vendors: TP-Link
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery, Cross-Site Scripting
Exploit Availability: Publicly Available
Bite apple2

ABCDKERNELPANIC: Unicode vs. Apple Inc.

Posted August 29, 2013    BeyondTrust Research Team

Yesterday, Russian researchers publicly disclosed the presence of a denial of service vulnerability affecting OS X 10.8 and iOS 6. OS X 10.9 Mavericks and iOS 7 are unaffected. So what’s the big deal with this particular denial of service vulnerability? It’s remotely exploitable and is trivial to trigger. Stringing together a series of Unicode characters, Arabic \u062E\u0337\u0334\u0310\u062E,…

Tags:
, , , , , , ,
infraware

Polaris Viewer DOCX VML Shape Tag Remote Code Execution Vulnerability

Disclosed August 29, 2013    Fully Patched
Vendors: Infraware
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
zeroday-default

EPS Viewer Buffer Overflow

Disclosed August 28, 2013    Zeroday : 336 days
Vendors: EPS Viewer
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
apple

iOS and OS X Unicode Core Text Remote Denial of Service

Disclosed August 28, 2013    No Patch Available
Vendors: Apple
Vulnerability Severity: High
Exploit Impact: Denial of Service
Exploit Availability:
avtech

AVTECH DVR Multiple Vulnerabilities

Disclosed August 28, 2013    Zeroday : 336 days
Vendors: AVTECH
Vulnerability Severity: High
Exploit Impact: Remote Code Execution, Security Bypass
Exploit Availability: Publicly Available
aloaha

Aloaha PDF Suite Buffer Overflow Vulnerability

Disclosed August 28, 2013    Zeroday : 336 days
Vendors: Aloaha Software
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
vmworld2013_logo_richblack

Live from VMWorld

Posted August 27, 2013    Morey Haber

This time it is all about virtualization and rightfully so. VMWorld 2013 is one of the largest shows I have seen in a long time, focused solely on a single subject and vendors are spread out across the expo floor covering everything from layer 7 switching fabrics for virtualized networks, to high speed SSD caches…

Tags:
, , , , , ,
FIMScreenRename_2_shadow

A Use Case for File Integrity Monitoring within PowerBroker for Windows

Posted August 22, 2013    Jason Silva

As most of you are aware, PowerBroker for Windows v6 introduced File Integrity Monitoring (FIM) into the software.  For those of you who did not know this, FIM allows an Admin to specify protections over files/folders so these assets can only be modified by certain users or service accounts.  It also protects against renaming the…

Tags:
, , , ,
zeroday-default

Ovidentia Multiple Vulnerabilities

Disclosed August 22, 2013    Zeroday : 342 days
Vendors: Ovidentia CANTICO
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability: Publicly Available