BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
allplayer

ALLPlayer Buffer Overflow Vulnerability

Disclosed September 10, 2013    Zeroday : 356 days
Vendors: ALLPlayer
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
dlink

D-Link DSL-2740B Router Cross-Site Request Forgery

Disclosed September 8, 2013    Fully Patched
Vendors: D-Link
Vulnerability Severity: Low
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
CNN-Syria-Maiffret

Marc Maiffret Interviewed on CNN: the ‘hacking war’ between the US and Syria

Posted September 4, 2013    Mike Yaffe

Last week CNN broadcast an investigative story about a potential ‘hacking war’ between the US and Syria, in light of possible US military strikes on Syria.  They wanted to know more about the ‘Syrian Electronic Army’, which shut down the NY Times website last week.  So the CNN team called on Marc to help explain…

Categories:
General
Tags:
, , , , , , ,
cisco

Cisco Global Site Selector Cross-Site Request Forgery

Disclosed September 4, 2013    Zeroday : 362 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
flowwebdesign

Flo CMS SQL Injection

Disclosed September 3, 2013    Zeroday : 363 days
Vendors: Flo Web Design Ltd.
Vulnerability Severity: Medium
Exploit Impact: SQL Injection
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
tplink

TP-Link TD-W8951ND Cross Site Request Forgery / Cross Site Scripting

Disclosed August 30, 2013    Zeroday : 367 days
Vendors: TP-Link
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery, Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
Bite apple2

ABCDKERNELPANIC: Unicode vs. Apple Inc.

Posted August 29, 2013    BeyondTrust Research Team

Yesterday, Russian researchers publicly disclosed the presence of a denial of service vulnerability affecting OS X 10.8 and iOS 6. OS X 10.9 Mavericks and iOS 7 are unaffected. So what’s the big deal with this particular denial of service vulnerability? It’s remotely exploitable and is trivial to trigger. Stringing together a series of Unicode characters, Arabic \u062E\u0337\u0334\u0310\u062E,…

Categories:
Security Research
Tags:
, , , , , , ,
infraware

Polaris Viewer DOCX VML Shape Tag Remote Code Execution Vulnerability

Disclosed August 29, 2013    Fully Patched
Vendors: Infraware
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
apple

iOS and OS X Unicode Core Text Remote Denial of Service

Disclosed August 28, 2013    No Patch Available
Vendors: Apple
Vulnerability Severity: High
Exploit Impact: Denial of Service
Exploit Availability:
Categories:
Zeroday Tracker
zeroday-default

EPS Viewer Buffer Overflow

Disclosed August 28, 2013    Zeroday : 369 days
Vendors: EPS Viewer
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker