Tenable Network Security Podcast Episode 158 - "Microsoft, VMware, & Adobe Vulnerabilities! Oh, My!"
Announcements
- Consumers support a federal cybersecurity policy, survey says
- Americans Willing to Spend More to Thwart Cyber Attacks: Survey
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
New & Notable Plugins
Nessus
General
- MantisBT 1.2.x < 1.2.13 Multiple Vulnerabilities
- MantisBT < 1.2.12 Multiple Vulnerabilities
- Cisco ASA 5500 Series SSH Timeout DoS
- Gallery Plugin for WordPress load Parameter Remote File Inclusion
- php-Charts url.php Remote PHP Code Execution
- IBM Tivoli Storage Manager Client 6.3 < 6.3.1.0 / 6.4 < 6.4.0.1 Unauthorized Access
- IBM Tivoli Storage Manager Client Denial of Service
- OpenSSL 1.0.1 < 1.0.1e Information Disclosure
- Ecava IntegraXor < 4.00.4283 ActiveX Remote Buffer Overflow
- HP LeftHand Virtual SAN Appliance < 10.0 hydra Service Multiple Remote Code Execution Vulnerabilities (version check)
- Joomla! 2.5.x < 2.5.9 / 3.0.x < 3.0.3 Multiple Information Disclosure Vulnerabilities
- Netstat Connection Information
Microsoft Updates
- MS13-009: Security Update for Internet Explorer (2792100)
- MS13-010: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
- MS13-011: Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
- MS13-012: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
- MS13-013: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
- MS13-014: Vulnerability in NFS Server Could Allow Denial of Service (2790978)
- MS13-015: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
- MS13-016: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
- MS13-017: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
- MS13-018: Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
- MS13-019: Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
- MS13-020: Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
- MS KB2805940: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
VMware
Adobe
- Adobe AIR 3.x <= 3.5.0.1060 Buffer Overflow (APSB13-05)
- Adobe AIR for Mac 3.x <= 3.5.0.1060 Multiple Vulnerabilities (APSB13-05)
- Flash Player <= 10.3.183.51 / 11.5.502.149 Multiple Vulnerabilities (APSB13-05)
- Flash Player <= 10.3.183.51 / 11.5.502.149 Multiple Vulnerabilities (APSB13-05) - Mac OS X
- Shockwave Player <= 12.0.0.112 Multiple Vulnerabilities (APSB13-06)
- Adobe Acrobat <= 11.0.1 / 10.1.5 / 9.5.3 Multiple Vulnerabilities (APSA13-02)
- Adobe Reader <= 11.0.1 / 10.1.5 / 9.5.3 Multiple Vulnerabilities (APSA13-02)
Passive Vulnerability Scanner
- Flash Player <= 10.3.183.51 / 11.5.502.149 Multiple Vulnerabilities (APSB13-05)
- Flash Player <= 10.3.183.50 / 11.5.502.146 Multiple Vulnerabilities (APSB13-04)
Stories
- Podcast