BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
CNN-Syria-Maiffret

Marc Maiffret Interviewed on CNN: the ‘hacking war’ between the US and Syria

Posted September 4, 2013    Mike Yaffe

Last week CNN broadcast an investigative story about a potential ‘hacking war’ between the US and Syria, in light of possible US military strikes on Syria.  They wanted to know more about the ‘Syrian Electronic Army’, which shut down the NY Times website last week.  So the CNN team called on Marc to help explain…

Categories:
General
Tags:
, , , , , , ,
cisco

Cisco Global Site Selector Cross-Site Request Forgery

Disclosed September 4, 2013    Zeroday : 350 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
flowwebdesign

Flo CMS SQL Injection

Disclosed September 3, 2013    Zeroday : 351 days
Vendors: Flo Web Design Ltd.
Vulnerability Severity: Medium
Exploit Impact: SQL Injection
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
tplink

TP-Link TD-W8951ND Cross Site Request Forgery / Cross Site Scripting

Disclosed August 30, 2013    Zeroday : 355 days
Vendors: TP-Link
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery, Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
Bite apple2

ABCDKERNELPANIC: Unicode vs. Apple Inc.

Posted August 29, 2013    BeyondTrust Research Team

Yesterday, Russian researchers publicly disclosed the presence of a denial of service vulnerability affecting OS X 10.8 and iOS 6. OS X 10.9 Mavericks and iOS 7 are unaffected. So what’s the big deal with this particular denial of service vulnerability? It’s remotely exploitable and is trivial to trigger. Stringing together a series of Unicode characters, Arabic \u062E\u0337\u0334\u0310\u062E,…

Categories:
Security Research
Tags:
, , , , , , ,
infraware

Polaris Viewer DOCX VML Shape Tag Remote Code Execution Vulnerability

Disclosed August 29, 2013    Fully Patched
Vendors: Infraware
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
apple

iOS and OS X Unicode Core Text Remote Denial of Service

Disclosed August 28, 2013    No Patch Available
Vendors: Apple
Vulnerability Severity: High
Exploit Impact: Denial of Service
Exploit Availability:
Categories:
Zeroday Tracker
zeroday-default

EPS Viewer Buffer Overflow

Disclosed August 28, 2013    Zeroday : 357 days
Vendors: EPS Viewer
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
aloaha

Aloaha PDF Suite Buffer Overflow Vulnerability

Disclosed August 28, 2013    Zeroday : 357 days
Vendors: Aloaha Software
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
avtech

AVTECH DVR Multiple Vulnerabilities

Disclosed August 28, 2013    Zeroday : 357 days
Vendors: AVTECH
Vulnerability Severity: High
Exploit Impact: Remote Code Execution, Security Bypass
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker