Drupal version 6.22 with Hotblocks 6.x suffers from cross site scripting and denial of service vulnerabilities. Proof of concept information included.
5da693999cb3569b91a2694457c2ef6d
Drupal version 6.22 with Custom Publishing Options version 6.x-1.4 suffers from a cross site scripting vulnerability. Proof of concept information included.
05bf47d3155c586ff4dbd60012fef6b6
Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP-4G and RSP-8G), Route Switch Processor 440 (RSP440), and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Cisco has released free software updates that address this vulnerability.
26362bf2982313cf5fcbee13db6c32b8
Drupal Elegant Theme third party module version 7.x suffers from a cross site scripting vulnerability.
93e1dd81ddd5ebda197e62d31db8ed27
Drupal Custom Publishing Options third party module version 6.x suffers from a cross site scripting vulnerability.
c38c7bc131df55d6bc9236b34d4dc614
Drupal Hotblocks third party module version 6.x suffers from cross site scripting and denial of service vulnerabilities.
719b8de21e5b148dd54c9d579c03b197
Mandriva Linux Security Advisory 2012-132 - Multiple cross-site request forgery and cross-site scripting flaws has been found and corrected in GLPI. This advisory provides the latest version of GLPI which are not vulnerable to these issues. Additionally the latest versions of the corresponding plugins are also being provided.
d18e42a2cd6e2637f5ed1819e471dbd3
The ZeroNights 2012 Call For Papers has been announced. It will be held in Moscow, Russia November 19th through the 20th, 2012.
644eba1aeb75f69cff5d57a0d457f183
Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.
c1009e26e8fe5261ade18b3611632454
Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.
fad42087476d8473030b48f11f7eca93
Technical Cyber Security Alert 2012-227A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
0f834a55a8307198b6534fd671c470b1
Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.
aa54004a5bc8a82e1f64044c06bdd517
This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
1d4dd3fbed6dce4a1a0d0668447ab955
This Metasploit module exploits a stack-based buffer overflow vulnerability in version 2.1 of CuteZIP. In order for the command to be executed, an attacker must convince the target user to open a specially crafted zip file with CuteZIP. By doing so, an attacker can execute arbitrary code as the target user.
6eb4d1790c7b9fec75c5601a37cd6a05
MobileCartly version 1.0 suffers from a remote shell upload vulnerability.
e07808c8c810b616290c046dc2426bc1
MaxForum version 1.0.0 suffers from a local file inclusion vulnerability.
5f499b6583cbfc9f0eb90c85158ffc12
The es.blackberry.com site suffers from a cross site scripting vulnerability.
805871eb93caeb1bdecceac1ef959b99
Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
3f71521aa382a4d5fa369d8e44d77410
Secunia Security Advisory - SUSE has issued an update for puppet. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose and manipulate certain data and by malicious people to bypass certain security restrictions.
ebf75bc1b4ed7ba26e1a41b4ea39c923
Secunia Security Advisory - A vulnerability has been reported in Cisco NX-OS, which can be exploited by malicious people to cause a DoS (Denial of Service).
f6d1d73ba8d81548055dff8e0f8052ad
Secunia Security Advisory - A weakness has been reported in Python Beaker Library, which can be exploited by malicious people to disclose certain sensitive information.
40e25b4e5afdf21129935764ade199c7
Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Business Events, which can be exploited by malicious people to cause a DoS (Denial of Service).
22a9b4e2c9f06bf1f4f6b3e9b4648ebc
Secunia Security Advisory - A security issue and two vulnerabilities have been reported in ownCloud, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
4305c4a35ae9c787ca9bfaf856ec3549
Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
818fcd72adc77ee55f3f995f9a01b3c6
Secunia Security Advisory - Ubuntu has issued an update for libreoffice. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
61a25e3bacb5b7b9132f56abed3f85f5