BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
patch-tuesday

December 2013 Patch Tuesday

Posted December 10, 2013    BeyondTrust Research Team

December’s Patch Tuesday finishes up the year with patches for Internet Explorer, Office, SharePoint, Windows, and more. There are a total of 11 bulletins addressing 24 unique vulnerabilities; five bulletins are rated as critical and the other six are rated as important. The zero-day vulnerability released just before last month’s Patch Tuesday is finally receiving…

Categories:
Security Research
Tags:
, , ,
icofx

IcoFX Stack-Based Buffer Overflow

Disclosed December 10, 2013    Zeroday : 286 days
Vendors: IcoFX Software
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
oscmax

osCMax Multiple Vulnerabilities

Disclosed December 9, 2013    Zeroday : 287 days
Vendors: osCMax
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
cmsmadesimple

CMS Made Simple Cross-Site Scripting Vulnerability

Disclosed December 6, 2013    Zeroday : 290 days
Vendors: CMS Made Simple
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
sharetronix

Sharetronix Multiple Vulnerabilities

Disclosed December 5, 2013    Zeroday : 291 days
Vendors: Sharetronix
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
cisco

Cisco ONS 15454 Denial of Service

Disclosed December 3, 2013    Zeroday : 293 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
icinga

Icinga Web Interface Cross-Site Request Forgery

Disclosed December 2, 2013    Zeroday : 294 days
Vendors: Icinga
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
microsoft

Microsoft Windows Kernel Privilege Escalation

Disclosed November 27, 2013    No Patch Available
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker
wondershare

Wondershare Player ws_convererex.dll Hijacking Vulnerability

Disclosed November 27, 2013    Zeroday : 299 days
Vendors: Wondershare
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
dlink

D-Link DAP 1522 Hardcoded Telnet Credentials

Disclosed November 27, 2013    Zeroday : 299 days
Vendors: D-Link
Vulnerability Severity: High
Exploit Impact: Security Bypass
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker