Chevereto version nb1.91 suffers from a remote denial of service vulnerability.
278eb39a9ec64e5e66364bef33e41f87Red Hat Security Advisory 2012-0569-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
e7567837bdd1ff344dc07ce19e08acfaRed Hat Security Advisory 2012-0568-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.
efd6d14bc667a4cbc3fd9abaa8b23cb9The Breakpoint 2012 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia on October 17th through the 18th, 2012. Breakpoint is organized by the Ruxcon conference team and will offer a specialized and more professional security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint will cater towards security researchers and industry professionals alike, with a focus on cutting edge security research.
f4310b90befaea776fd4a2cc13680591Mandriva Linux Security Advisory 2012-072 - The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a login CSRF issue. Various other issues have also been addressed.
7f7ad031bd4842fda2bce59bb38f463eMandriva Linux Security Advisory 2012-071 - This is a bugfix and security advisory that upgrades php to the latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves numerous upstream bugs in php.
f031e64124033b6bfd062d5ee8bdec36Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw.
fbd30f892746721e8d3bfa72c142a844Apple Security Advisory 2012-05-09-2 - Safari 5.1.7 is now available and addresses multiple WebKit related vulnerabilities.
e3c8d877a6f6c73bc4f2f1f2ff79350fApple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
9614673327dc336467f1b3577177a46eHP Security Bulletin HPSBMU02775 SSRT100853 2 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 2 of this advisory.
5c5d5ce0325843a52f9e2deb0a494299This is a simple python script for cracking MySQL MD5 passwords.
ddb4580bc5f288eb23c3fc01a239324dSecunia Security Advisory - phocean has reported some vulnerabilities in Kerwin, which can be exploited by malicious people to conduct cross-site scripting attacks.
70b44d9ef3f9680463817a226828f1d1Secunia Security Advisory - Debian has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.
1754b2d3caaff83c2f9f064c20b73277Secunia Security Advisory - Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
ee85a5fb437e5ddee8343f7c13d6a3aeSecunia Security Advisory - SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
4a2d1dcd4e9f9907e5bab4c56f165d25Secunia Security Advisory - SUSE has issued an update for java-1_5_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
82776c0c068bb4a7c4cb0f15c76d6504Secunia Security Advisory - A vulnerability has been discovered in the User Photo plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
9c9389f3c1097e99952c44614a4a45ba360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
887c26ebfbabecedfcb0705791b1a24cDrupal Take Control third party module version 6.x suffers from a cross site request forgery vulnerability.
57f5111d66d38a6d2b7d14af53e4341cDrupal Contact Forms third party module version 7.x suffers from an access bypass vulnerability.
cbd8adcc321fe8336fceb03ba9576d60Drupal Glossary third party module version 6.x suffers from a cross site scripting vulnerability.
10a1879da919ce045d92161e1a8260d8Adobe Shockwave Player suffers from multiple memory corruption vulnerabilities when parsing .dir media files. This file has three advisories pertaining to these issues. Versions affected include Shockwave Player version 11.6.3r633, Module IMLLib.framework on MacOS X 10.7.2 (11C74).
26c6cfc8175a4721af8f7b9b7ebdb9a9Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.
83c65d0bc5653bb984812df522bd38aeHP Security Bulletin HPSBMU02775 SSRT100853 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 1 of this advisory.
466ceec15674575098ecfa71091207a2Chevreto Upload Script suffers from cross site scripting and user enumeration vulnerabilities.
e9616519c5dc0895a6f1dbf269ac933d
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed