Drupal version 6.22 with Hotblocks 6.x suffers from cross site scripting and denial of service vulnerabilities. Proof of concept information included.
17fd7caf06fdac8c5a9e14bc764b6c00c9303d84f1395974dc92767ed9a8a7f2Drupal version 6.22 with Custom Publishing Options version 6.x-1.4 suffers from a cross site scripting vulnerability. Proof of concept information included.
48dd91f8b89ca979ca8e11af83723a4ee087f9e15fcaa581b8d6f6470708cf67Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP-4G and RSP-8G), Route Switch Processor 440 (RSP440), and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Cisco has released free software updates that address this vulnerability.
bc07f2e416a80379a131e30d960f750f093f1907368c5841670468346b98ce8eDrupal Elegant Theme third party module version 7.x suffers from a cross site scripting vulnerability.
5cd009a2b5bb39d8473e502fc09119a2302b0d2363ca9167442d0a9f58ad5ea2Drupal Custom Publishing Options third party module version 6.x suffers from a cross site scripting vulnerability.
5c0dec500b232cd3c340e97fe90d0022a5f7a7cae9406845e963e1c4492c9de0Drupal Hotblocks third party module version 6.x suffers from cross site scripting and denial of service vulnerabilities.
3a4741a9e059e7fcb96a3197a8a6b543be251afe504d362ea481cb4229600a6bMandriva Linux Security Advisory 2012-132 - Multiple cross-site request forgery and cross-site scripting flaws has been found and corrected in GLPI. This advisory provides the latest version of GLPI which are not vulnerable to these issues. Additionally the latest versions of the corresponding plugins are also being provided.
278fcab2d1ab2e4d4ef8819f221aff25448777d5df0d2fe452abe0b3a7049feaThe ZeroNights 2012 Call For Papers has been announced. It will be held in Moscow, Russia November 19th through the 20th, 2012.
edba79f5df7aeaf759abda55a8568cb43e0427755b1fe12827b65931c2dd9375Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.
0d9bc3525aeb950d987b4c43ac3fdffeb95324914c2925e4c0a684a30e340450Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.
c10d85f5137cb075e49ec0b6380b902d41df64cf1042cece8b3a15b524552b6aTechnical Cyber Security Alert 2012-227A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
f958461db70406ee608b92e86c5778602a68ddda74e3f148b3396ee851c6cd7cDebian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.
e72295d670e7e8b3f6c6c48e0ae95f800f20359a421a53e4c43f767c101a0216This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8eThis Metasploit module exploits a stack-based buffer overflow vulnerability in version 2.1 of CuteZIP. In order for the command to be executed, an attacker must convince the target user to open a specially crafted zip file with CuteZIP. By doing so, an attacker can execute arbitrary code as the target user.
0eb1f8858ec5246ac33385d821777542b928e2d0bb98e4789b086a62b732d909MobileCartly version 1.0 suffers from a remote shell upload vulnerability.
6b0d23136395ed8d9e37f24807974ec3247792e0f5924bcd903b104aad5f2658MaxForum version 1.0.0 suffers from a local file inclusion vulnerability.
4d2458db553c660de071d51ccccb2c8f7509d219f2b6d8b54eff09baed72708aThe es.blackberry.com site suffers from a cross site scripting vulnerability.
221bcdde7a9af3450c8375649ac85ea641b58b47d4e8079b517c843819e10ec6Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
64a709b58b6ee61639d0b91751fa1370fb95af75e8e2c731bae64a2534aa2be5Secunia Security Advisory - SUSE has issued an update for puppet. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose and manipulate certain data and by malicious people to bypass certain security restrictions.
67eb18b247b9985f3e30a412732259d389c1696d5a01aaf91c9d01c7794d8f4aSecunia Security Advisory - A vulnerability has been reported in Cisco NX-OS, which can be exploited by malicious people to cause a DoS (Denial of Service).
5c5a1b4f1ce0aa8b64f4536e08eadfb68c330f841e9c01c46cd3c741294e6ff0Secunia Security Advisory - A weakness has been reported in Python Beaker Library, which can be exploited by malicious people to disclose certain sensitive information.
8942656c4b72e5afdc7ca995f066565983408fbb924a1a1b930c18cad48472dcSecunia Security Advisory - A vulnerability has been reported in IBM WebSphere Business Events, which can be exploited by malicious people to cause a DoS (Denial of Service).
0f934c653687b3c3190527b0ba1147ee5399fae84ad92cc3c33f3716f18c8c14Secunia Security Advisory - A security issue and two vulnerabilities have been reported in ownCloud, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
1332e189e300896ea0baa75068815455d40efa840a3b321cdafb6a9560538739Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
4b0428dc306c48a1dce3d0d242c022d32ecb1999aeef39be84f18c9203785e16Secunia Security Advisory - Ubuntu has issued an update for libreoffice. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
9e1a0dd01efd47003de801f3478e4ada7ea28703bbf95422503c9a3529cb8cf0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed