[ISN] Secunia Weekly Summary - Issue: 2012-18

From: InfoSec News <alerts_at_private>
Date: Mon, 7 May 2012 03:45:35 -0500 (CDT)
========================================================================

                   The Secunia Weekly Advisory Summary
                         2012-04-27 - 2012-05-04

                        This week: 25 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4................................................Secunia Corporate News
5..................................................This Week in Numbers

========================================================================
1) Word From Secunia:

Shifting targets and patching strategies
For an organisation with over 600 programs installed in their network,
more than 50% of the programs that are vulnerable in one year will not
be vulnerable the next year, and vice versa. "A typical corporate
infrastructure contains layers of programs that organisations consider
business-critical. Many organisations will focus on patching the top
layer - business-critical programs - only. Cybercriminals, however,
will target all programs." - Secunia.

If you haven.t had the chance to read the Secunia Yearly Report for
2011, download it here:
http://secunia.com/company/2011_yearly_report/

========================================================================
2) This Week in Brief:

Andrea Micalizzi has discovered a vulnerability in McAfee Virtual
Technician MVTControl ActiveX Control, which can be exploited by
malicious people to compromise a user's system.

http://secunia.com/advisories/49007/

A weakness, a security issue, and multiple vulnerabilities have been
reported in HP Systems Insight Manager, which can be exploited by
malicious, local users to potentially gain escalated privileges and by
malicious people to disclose sensitive information, conduct cross-site
scripting and cross-site request forgery attacks, bypass certain
security restrictions, manipulate certain data, cause a DoS (Denial of
Service), and compromise a vulnerable system.

http://secunia.com/advisories/49035/

Multiple vulnerabilities have been reported in Pale Moon, which can be
exploited by malicious people to conduct cross-site scripting and
spoofing attacks, disclose certain system and sensitive information,
bypass certain security restrictions, and compromise a user's system.

http://secunia.com/advisories/48995/

Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to compromise a user's system.

http://secunia.com/advisories/48992/

VMware has acknowledged some vulnerabilities in VMware ESX Server,
which can be exploited by malicious, local users in a guest virtual
machine to gain escalated privileges and by malicious people to cause a
DoS (Denial of Service) and potentially compromise the vulnerable
system.

http://secunia.com/advisories/48959/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

For more information on how to receive alerts on these vulnerabilities,
subscribe to the Secunia business solutions:
http://secunia.com/advisories/business_solutions/

1.  [SA48959] VMware ESX Server Multiple Vulnerabilities
2.  [SA48009] Oracle Java SE Multiple Vulnerabilities
3.  [SA48932] Mozilla Firefox / Thunderbird Multiple Vulnerabilities
4.  [SA48962] Microsoft Visual Studio Linker Integer Overflow
               Vulnerability
5.  [SA48992] Google Chrome Multiple Vulnerabilities
6.  [SA49035] HP Systems Insight Manager Multiple Vulnerabilities
7.  [SA48988] PHP Volunteer Management Cross-Site Scripting and SQL
               Injection Vulnerabilities
8.  [SA48977] HP NonStop Server Java Multiple Vulnerabilities
9.  [SA48976] Samba LSA RPC "take ownership" Privilege Security
               Bypass Security Issue
10. [SA48938] Net-SNMP Agent MIB Subtree Handling Denial of Service
               Vulnerability

========================================================================
4) Secunia Corporate News

Tech Smart Life: Secunia PSI review
'Keep Windows programs updated with the Secunia Personal Software
Inspector - PSI'. Read the review here:
http://www.techsmartlife.com/2012/04/18/secunia-personal-software-inspector/


Meet Secunia @ IT security events in May & June 2012
FS-ISAC & BITS Annual Summit (14-17 May, Miami), ISF Nordic Spring
Conference (31 May-01 June, Oslo), Gartner Security & Risk Management
Summit (11-14 June, Washington DC):
http://secunia.com/resources/events/

========================================================================
5) This Week in Numbers

During the past week 25 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
   Windows             :      3 Secunia Advisories
   Unix/Linux          :     12 Secunia Advisories
   Other               :      0 Secunia Advisories
   Cross platform      :     10 Secunia Advisories

Criticality Ratings:
   Extremely Critical  :      0 Secunia Advisories
   Highly Critical     :      6 Secunia Advisories
   Moderately Critical :      7 Secunia Advisories
   Less Critical       :     11 Secunia Advisories
   Not Critical        :      1 Secunia Advisory

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web     : http://secunia.com/
E-mail  : support_at_private
Tel     : +45 70 20 51 44
Fax     : +45 70 20 51 45


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Received on Mon May 07 2012 - 01:45:35 PDT

This archive was generated by hypermail 2.2.0 : Mon May 07 2012 - 01:41:39 PDT