Cisco has released security updates for thier Cisco Unified Communications product. Details are at the link below.
* You are viewing the archive for April, 2011
VMware has released security updates for its vCenter Server, vCenter Update Manager, ESXi and ESX products. Details are at the link below.
Mozilla has released Firefox versions 4.0.1, 3.6.17 and 3.5.19. These new versions fix several security-related bugs.
So, ExploitHub might just have a heartbeat after all. This just showed up in my inbox. Could be good news for exploit developers.
Want to get paid for your research? ExploitHub is now accepting exploits for sale to the community. It’s simple, just register to become a seller and begin contributing your work to the marketplace in three easy steps:
1. Submit your Metasploit exploit module via the Author Tools submission page.
2. Review the pre-populated information about your exploit that was extracted from the module and fill in any missing information such as price.
3. Submit the exploit …
Google Chrome 11.0.696.57 has been released for Windows, Mac, and Linux. The update includes fixes for 25 vulnerabilities, 16 of which are classified as high or critical.
WordPress version 3.1.2 contains both normal bugfixes and security-related changes. I upgraded this blog already to the 3.1.2 release level and it seems to work fine.
Joomla! 1.6.2 has been released. This version includes 8 security fixes, the highest being rated as “medium” severity.
Adobe has released version 9.4.4 of their Acrobat Reader product to address a set of security vulnerabilities including CVE-2011-0611. There are known attacks against CVE-2011-0611. Adobe Reader 10 isn’t affected according to Adobe, but please note that many customers have had to disable Adobe Reader 10 Protected Mode for application compatibility reasons and *would* be vulnerable as well.
Oracle has released its April 2011 Critical Patch Update. The security patches affect the following products:
Oracle Database 11g Release 2, versions 188.8.131.52, 184.108.40.206
Oracle Database 11g Release 1, version 220.127.116.11
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 18.104.22.168.0, 22.214.171.124.0, 126.96.36.199.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Application Server 10g Release 2, version 10.1.2.3.0
Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
Oracle JRockit, versions R27.6.8 and earlier (JDK/JRE 1.4.2, 5, 6), R28.1.1 and earlier (JDK/JRE 5, 6)
Oracle Outside In Technology, versions 188.8.131.52, 184.108.40.206
Oracle WebLogic Server, versions 8.1.6, 9.2.3, 9.2.4, …
Apple has released version 10.2.2 of their iTunes software for Windows 7, Vista, and Windows XP. 10.2.2 includes several two security-related fixes.
Apple has released Safari 5.0.5 (for Apple Mac and Windows). This new version contains two security-related fixes for WebKit.
Updates for the Comodo fraudulent certificates was released in today’s iOS and OS X security updates, not in Safari 5.0.5. Microsoft’s KB2524375 update ( provides the corresponding chanege for Safari on Windows.
Apple has released security updates for their OS X platform. Details are at the links below.
The new Apple iOS 4.3.2 has been released and contains 5 security updates. iOS 4.2.7 was also released with the vulnerabilities from this set that appied to 4.2.x fixed.
Google Chrome 10.0.648.205 has been released for Windows, Mac, and Linux. The update includes fixes for 3 vulnerabilities, all of which are classified as critical.
There are 17 bulletins in the Microsoft April 2011 Patch Tuesday patch set. At least 2 of the vulnerabilities fixed have active exploits, and at east 3 others have proof-of-concept code available for them. MS11-020 (RPC bug) is potenially wormable, but no known exploit exists as of this writing.
WordPress version 3.1.1 contains both normal bugfixes and security-related changes. I upgraded this blog already to the 3.1.1 release level and it seems to work fine.
IBM has released patches to fix a remotely exploitable authentication bypass vulnerability in their solidDB product.
4.5.180 and below
6.0.1066 and below
6.1.20 and below
6.3 Fix Pack 6 and below
6.5 Fix Pack 2 and below