Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability.
23591d1c5baab1dd97cf541e0e9530809619db9d2680fd8d0aa19ddcb03cd816
Red Hat Security Advisory 2016-1626-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
59832f0ef5b0e7d25cc0e42ed1a2d602b10675fafff5582e3d4d82acaa1630db
Red Hat Security Advisory 2016-1629-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
42f63709cdc426d53ba678546864ccd0150aed8af3e1125ccf6b7b6fe02f8fed
Red Hat Security Advisory 2016-1628-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
cc1af3585f2ebb1a417bdba63309cbf5ceed1cb49451a3582f4fbef80523f824
Red Hat Security Advisory 2016-1630-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
5a98207961643a1b29d4f993a812641d0ee696c8fb2b61b6d942c9ba6e9c483e
Red Hat Security Advisory 2016-1627-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
2e962602fc5dad5bbc07f5853debe1e82ec5ec1551dff8becbfbd419f0bbad66
Red Hat Security Advisory 2016-1605-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. The logging auth proxy is a reverse proxy that authenticates requests against OpenShift, retrieving user information and setting the configured header with the appropriate details. Security Fix: A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU.
6ad2d8e1bf8aa294ba67681e11183033dd226d7448b66387c391ec5c901bfed4
Red Hat Security Advisory 2016-1583-01 - Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. Security Fix: A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU.
0d1ff99ec8bd5a633a95dd3a341a48cab2ede978442c7c8a329dda3701f1a07e
Red Hat Security Advisory 2016-1582-01 - Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. Security Fix: A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU.
6b65a7593b94ad58f8c977b277674a50ec585646831d3d522a915559d5c87647
Debian Linux Security Advisory 3642-1 - Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or initiate connections to arbitrary hosts.
1c9834771c98c7b8c070c173750e064cb3cb7aa01860e21eb68125b25605888c
Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities.
4de2f91b2188085d1b161495281b6932b70d1cec9be6d62cde8cfe1b2ce6aa59
Huge IT Joomla Catalog extension version 1.0.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
9c25166a6b055251167cac9d73f262cb8fdfe462fc610b07ff5ffe47e4f85893
Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
120e40124b2650bf6bce6e60a521c443d54b15ebf39bb3e4eefcfa1bddb21b44
There is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed.
c39ed19e599f2e87429baaa1420ef1c22c03fa613b8ce27ef51b01a165eed4b8
Red Hat Security Advisory 2016-0438-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
243892d3b6c81033b8b216d1caf1cfdab86d6157849227d81580220b267c521d