Cisco IPSec VPN Implementation Group Name Enumeration: Patch Notification

Users of Cisco IPSec VPN Implementation Group Name Enumeration please be advised of a Patch Notification that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

NGS00014: [NGS00014] Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration

Gavin Jones of NGS Secure has discovered a vulnerability in (Cisco) Cisco VPN Concentrator, Cisco PIX and Cisco Adaptive Security Appliance. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fbz1Bx

Cisco IPSec VPN Implementation Group Name Enumeration: Patch Notification http://bit.ly/fbz1Bx

Winamp: NSV Table of Contents Parsing Integer Overflow Vulnerability http://bit.ly/edeLcx

Winamp: NSV Table of Contents Parsing Integer Overflow Vulnerability

Users of Winamp please be advised of a NSV Table of Contents Parsing Integer Overflow vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

Winamp-SA-12/01/2010: Winamp NSV Table of Contents Parsing Integer Overflow

Affected Software * Winamp 5.581 * Winamp 5.59 Beta Build 3033 NOTE: Other versions may also be affected.

Description of Vulnerability Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the "in_nsv.dll" plugin when parsing the Table of Contents. This can be exploited to cause a heap-based buffer overflow via a specially crafted NSV stream or file. Successful exploitation allows execution of arbitrary code.

Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/edeLcx

Bind: Denial of Service Vulnerabilities http://bit.ly/hruLHb

Bind: Denial of Service Vulnerabilities

Users of Bind please be advised of a denial of service vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

USN-1025-1: [USN-1025-1] Bind vulnerabilities

Details follow: It was discovered that Bind would incorrectly allow a ncache entry and a rrsig for the same type. A remote attacker could exploit this to cause Bind to crash, resulting in a denial of service. (CVE-2010-3613) It was discovered that Bind would incorrectly mark zone data as insecure when the zone is undergoing a key algorithm rollover. (CVE-2010-3614) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hruLHb

Apache Archiva: CSRF Vulnerability http://bit.ly/gcg0s3