Digital Whisper Electronic Magazine issue 31. Written in Hebrew.
12b4f095105ff4449b7bd0f89c86c37ea9bdd360637540bede3c6901a0a2599cRed Hat Security Advisory 2012-0547-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
cf433296092f3f1e23f59cf22f40a5f23112bca55e0461faaf2d616f4aaf07bbRed Hat Security Advisory 2012-0546-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.
370b85d0ff129582e77ad077b5afa1a0ec4a18b11acbece33fd34bbf9776cf74Red Hat Security Advisory 2012-0544-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.
8de65be2fccd90aeb21230e00496bc38147f8f63da19d99fc78529caa13f8c0aRed Hat Security Advisory 2012-0545-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.
486fac7c70f5900ea4b2003350cc49df5a6f5ae8814ef2b537c4e6f0534d688dRed Hat Security Advisory 2012-0542-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.
8b3987f6e40fef85052bc1517ccdd155b8785e42c315e04f9e426c3eaf558929Red Hat Security Advisory 2012-0543-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.
376715e8712ee30354e348ebd39de77f32d1502ee20f1d7c87fee06fdef8376bUbuntu Security Notice 1439-1 - Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refresh mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain. Thomas Biege discovered a session fixation vulnerability in Horizon. An attacker could exploit this to potentially allow access to unauthorized information and capabilities. Various other issues were also addressed.
7b70699a65f9988c4c343caffced00dfe13277d783584ab531944622f4ea9fbaNeXus Infotech CMS suffers from a remote SQL injection vulnerability.
4102261f67b9adfce3df3dee981d8a33cea52eb43a006ebb120b0efd590aa460Jibberbook version 2.3 suffers from an administrative bypass vulnerability.
b5b53e60f590f445c7ae12ebaa132d6dde7e0ddd3bbcac6745422c617c736ba3Efront version 3.6.11 suffers from cross site scripting and shell upload vulnerabilities.
5c179156a4a5a17ecc6bdbcb3aafd189cc11707ca9c531ac8383372e7c32213fRamui Forum Script suffers from a cross site scripting vulnerability. The webmaster of this site has contacted us and has addressed this issue.
bb143f148ba5864fdc8665fdc8e1b51a1816c3792af5e9cdadbd6943fa22317fEnjoyGraph Communication suffers from a remote SQL injection vulnerability.
6b9ac68af3f32ce61afad6dbf35317febde56226f530b7613dfc2b0fb9f157d5Etelligence Technologies suffers from a remote SQL injection vulnerability.
c7af7077b26e61cce25b85e49175127640962d67a4623489e617eaa5bbec4d7dMagnolia Development Group suffers from cross site request forgery and remote SQL injection vulnerabilities.
0dddd55b632c330921a6380014bf5672a8699881752fd31e21554b069d0bbdd0NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell.
abba3db5d6d8d109c7a47018d57d39b218beaabd3f5704fd0bd207157668d4bdSecunia Security Advisory - A security issue has been reported in Apple Mac OS X, which can be exploited by malicious people with physical access to bypass certain security restrictions.
7b21a6825ba0b9d231379812ac4eb8b4c8d2963a6ce879600d4c6b410870ea81Secunia Security Advisory - A vulnerability has been discovered in Symantec Web Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.
6552805b175da258feff2164c2dc08bf2138f9bb86901753d358a5788c75b1abSecunia Security Advisory - A weakness has been reported in OpenStack Dashboard (Horizon), which can be exploited by malicious users to conduct session fixation attacks.
d3044d91166f37ce85dbf9a0770fb1b7e30f0500b02a307bf0f186aa0a42ac80
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed