Chevereto version nb1.91 suffers from a remote denial of service vulnerability.
faf9f719b7e5f4a8a9cff20c7614c5eb0b50816a85346f253133c47b0e725597Red Hat Security Advisory 2012-0569-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
6218bc8f5d0ee2624be013e11b2454abffb4522d8ca0ffee847130393b0ae5a9Red Hat Security Advisory 2012-0568-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.
77a5db79cca25156e2386fcc7b3aade4609ae4b31d017abde0d1c9b628025140The Breakpoint 2012 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia on October 17th through the 18th, 2012. Breakpoint is organized by the Ruxcon conference team and will offer a specialized and more professional security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint will cater towards security researchers and industry professionals alike, with a focus on cutting edge security research.
a25e1d3ca8e692e5a312cab2b84061b369bb7f4085db5d4e48d3205efe73846cMandriva Linux Security Advisory 2012-072 - The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a login CSRF issue. Various other issues have also been addressed.
5db9be97f39831d6baffca7927339627ba7442fb01a60c527592f9e5db93ccb8Mandriva Linux Security Advisory 2012-071 - This is a bugfix and security advisory that upgrades php to the latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves numerous upstream bugs in php.
028afe71e35b4463baf7313fddbd4720742bc9f50ec0c59daa263f5bc0947ff6Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw.
5f07bbe61bf5a454e33f2bc2bed0f93359504f04f545248be27c70f9cec98327Apple Security Advisory 2012-05-09-2 - Safari 5.1.7 is now available and addresses multiple WebKit related vulnerabilities.
06f17e6022a0d68a1399445ed89c60edec39d3f5c907f4a43cbd9bf508aaa69cApple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
8a1ec648cdab00dde0f7ff37efd462d6ad93a16f2b5d89ca92fb566b939516e3HP Security Bulletin HPSBMU02775 SSRT100853 2 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 2 of this advisory.
5075ca31e51c3a37f4ab3063b0517141c759227b811e6746aecc8c503aa8bb40OpenSSL Security Advisory 20120510 - A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers.
c40071a73eeb5b383bd5eb1bcbd2fd43fd662faa495ccb68734684bb7db8c2bcThis is a simple python script for cracking MySQL MD5 passwords.
2eabc6d50aa0308a12f9f621132d81ab8133f46b0854377425c4d9b0bac9f450Secunia Security Advisory - phocean has reported some vulnerabilities in Kerwin, which can be exploited by malicious people to conduct cross-site scripting attacks.
39b8c959a6096d4d799b4550539e1b09f76a7adee836ac0e9590400dc36b16cdSecunia Security Advisory - Debian has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.
706ae61685e36042461b326257c6403076786742048fa4cfbdfc67494dfd4573Secunia Security Advisory - Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
2bd7f560175548eba747654be16203007c76f99a1088f5032158c36ab5258880Secunia Security Advisory - SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
0df0158d5bf21c981e55510d5b91831ee3f6536eba9adc759376cd0c50e7f8d9Secunia Security Advisory - SUSE has issued an update for java-1_5_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
2d57f336e88167a83b8727f5599ad4a31af5f83f1f495e4cacafc0a104d9e15fSecunia Security Advisory - A vulnerability has been discovered in the User Photo plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
33b654c53266556048a1e7f85917672424b58f977e67d6616660f3bedbe63fbf360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
7951e7cbd5d3ef81b6a7dcaed9ec4c95331f77b7aa03178ca7a582058593986eDrupal Take Control third party module version 6.x suffers from a cross site request forgery vulnerability.
428d5b6520531f667f0acba061d8065b99422d711534fc15464d0b9a3b4484c0Drupal Contact Forms third party module version 7.x suffers from an access bypass vulnerability.
36d9fe6ce102a37af9b9492b283c97f2a58c3c56ba899f58ed895476c8340d9aDrupal Glossary third party module version 6.x suffers from a cross site scripting vulnerability.
a47f36a7e495dfe126c617066ca5b1b54c1d5f7fbbb0d529e96938c7f61f65baAdobe Shockwave Player suffers from multiple memory corruption vulnerabilities when parsing .dir media files. This file has three advisories pertaining to these issues. Versions affected include Shockwave Player version 11.6.3r633, Module IMLLib.framework on MacOS X 10.7.2 (11C74).
68a2f9480c2bfe6e206c7c6cb220e52d87c7a6f1a454f30d7a1596ce26707535Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.
ad5c6d91d11d4dcc9b8463439354e1e8142812d8ed2bc300fc637ac6cc763462HP Security Bulletin HPSBMU02775 SSRT100853 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 1 of this advisory.
764bfaafe85279b1f8042b2729232aa05902eee88bad6e6dfe492ae24beeb5fc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed