Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability.
23591d1c5baab1dd97cf541e0e9530809619db9d2680fd8d0aa19ddcb03cd816Red Hat Security Advisory 2016-1626-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
59832f0ef5b0e7d25cc0e42ed1a2d602b10675fafff5582e3d4d82acaa1630dbRed Hat Security Advisory 2016-1629-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
42f63709cdc426d53ba678546864ccd0150aed8af3e1125ccf6b7b6fe02f8fedRed Hat Security Advisory 2016-1628-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
cc1af3585f2ebb1a417bdba63309cbf5ceed1cb49451a3582f4fbef80523f824Red Hat Security Advisory 2016-1630-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
5a98207961643a1b29d4f993a812641d0ee696c8fb2b61b6d942c9ba6e9c483eRed Hat Security Advisory 2016-1627-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
2e962602fc5dad5bbc07f5853debe1e82ec5ec1551dff8becbfbd419f0bbad66Red Hat Security Advisory 2016-1605-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. The logging auth proxy is a reverse proxy that authenticates requests against OpenShift, retrieving user information and setting the configured header with the appropriate details. Security Fix: A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU.
6ad2d8e1bf8aa294ba67681e11183033dd226d7448b66387c391ec5c901bfed4Red Hat Security Advisory 2016-1583-01 - Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. Security Fix: A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU.
0d1ff99ec8bd5a633a95dd3a341a48cab2ede978442c7c8a329dda3701f1a07eRed Hat Security Advisory 2016-1582-01 - Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. Security Fix: A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU.
6b65a7593b94ad58f8c977b277674a50ec585646831d3d522a915559d5c87647Debian Linux Security Advisory 3642-1 - Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or initiate connections to arbitrary hosts.
1c9834771c98c7b8c070c173750e064cb3cb7aa01860e21eb68125b25605888cHuge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities.
4de2f91b2188085d1b161495281b6932b70d1cec9be6d62cde8cfe1b2ce6aa59Huge IT Joomla Catalog extension version 1.0.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
9c25166a6b055251167cac9d73f262cb8fdfe462fc610b07ff5ffe47e4f85893Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
120e40124b2650bf6bce6e60a521c443d54b15ebf39bb3e4eefcfa1bddb21b44There is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed.
c39ed19e599f2e87429baaa1420ef1c22c03fa613b8ce27ef51b01a165eed4b8Red Hat Security Advisory 2016-0438-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
243892d3b6c81033b8b216d1caf1cfdab86d6157849227d81580220b267c521d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed