Red Hat Security Advisory 2012-1301-01 - JBoss Enterprise Data Services Platform extends JBoss Enterprise SOA Platform to provide services for data virtualization, federation, and integration. This roll up patch serves as a cumulative upgrade for JBoss Enterprise Data Services Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the Teiid JDBC socket did not encrypt client log in messages by default. A man-in-the-middle attacker could use this flaw to obtain log in credentials and other JDBC traffic.
976828574cc4e5269fed9ccf1341603216ebcf3d4163434b127cdd26adfb2e1cUbuntu Security Notice 1576-1 - Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.
6677312994a7727ec824bb41d1b1e25edee2fe8e4e1215d98961896838ab394bApache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.
265093c0400de4893cfcfb8c5d295612e2d9b4b4da83727f2ebd03463249a7faAShop version 5.3.4 suffers from a cross site scripting vulnerability.
e114296722d5b9386af3d0ae867f6b315a48827ab5cae7b0e9dbcb2dd47ab6deSites designed by Tariq Rauf suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
7f69bcbac087f7d2eb2c9bbe5e558abc40f8e4d6ba58e72c1eab5ef148508290Sites designed by NW7Design suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
1741c7cc4663936c92ed81e48db5f7d5fbaa616878c46671bb5935b14255bc05Sites designed by Jessica Rhaye Design suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
9ba9599a6296e28cb80944110f4b66a8911d8eefa416456d686fc5b3fcde79c7Sites created by Rocket Web Consulting suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
f1633e127d2e86771f46f830dcd4cd4ad264e6079fe7e2a49f6f26b6e9184dcaManhali version 1.8 suffers from a local file inclusion vulnerability.
fb675c0676009be8eb4ecf2097e1a030dc723dc83cd5b08c32ef444b4fde2c85Sites created by Olojin appear to suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
4293f951d698479ee57d65d50d660180e8865b880df1866ec1782769acc96a86Secunia Security Advisory - A vulnerability has been reported in Apache CXF, which can be exploited by malicious people to bypass certain security restrictions.
ea32b4d37cdd7320b2911ed0e1ff82e28aceff77ce56680a7d226aaf465da091Secunia Security Advisory - A vulnerability has been reported in the PRH Search module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.
2b0a543a54015409166b0ca33668a56588bdbeb6f16fc68d5c7c3ed143eaac3cSites designed by cgCraft LLC suffers from multiple remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
96bd7ce98834913b9501e149372ef2a2ea2421a1b4b96ccfd3a08f0011631f6aCisco Security Advisory - The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities including code execution. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. Revision 2.0 of this advisory corrects an inadvertent omission in the original advisory, which failed to list that the fixes also address a vulnerability in Cisco Secure Desktop, described by CVE-2012-4655.
a52f6d5d083fc974978078f9cbd107d63b02f06d64a888f00c4f24dcfdc3931dThe administrative directory of Microcart version 1.0 suffers from a cross site scripting vulnerability.
b822f2ee3606abdec8e3d8c1169fd994859e77baee7e7c7873b395f74a283d68Drupal FileField Sources third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
0646e1fe21f62ed1d52ec65355c19564768e53a5661aaf10d969102bf843370eThis exploit leverages authentication bypass vulnerabilities in the Thomson wireless VoIP cable modem. It affects the TWG850-4 model.
cea6a6e04ceba1664ef59c383e65c0570aaf9427e085e40ab86134400cb990c6Drupal Simplenews Scheduler third party module version 6.x suffers from an arbitrary PHP code execution vulnerability.
0338d0b9bf77e2858fe599964e5a15cf1472907d48b30ce3c4aab742e9008852ClubHACK Magazine Issue 32 - Topics covered include The Compliance Storm on the Horizon, Digital Signature in Mom's Guide, Cracking WPA/WPA2, and more.
f36a9193f36da3f25ab7557c3b5aa4ba5e931eabb00fb4e594476f86a1827ed5WordPress Wp-TopBar plugin version 4.02 suffers from cross site request forgery and cross site scripting vulnerabilities.
f966999557b843cccaf4b51c843257fd06e60d41409a20425be67bfd7ca3d93bDrupal Imagemenu third party module version 6.x suffers from a cross site scripting vulnerability.
00bdc38ddc2cfd5c4ecd3d6f70bdbe27cc949e489992983268c51cccc1f85512Microcart version 1.0 Checkout suffers from multiple cross site scripting vulnerabilities.
10e01b1c87c017a984b968431a262fdf7f0d5932bc6408833c10e6cd532d4310WordPress MF Gig Calendar plugin version 0.9.2 suffers from a cross site scripting vulnerability.
c0e1143e484b74d6ece34e62ebffd227079faf6c38d75dd73c87dd12b2bf6c21This was submitted anonymously as a Palestine wordlist for cracking purposes. It has proper names of middle eastern figures, cities, and more.
29e4632ecf61c4e7013b0a1252e46f45e85b190d38482d5cd6b7b5b89269f5e1Joomla version 2.5.6 suffers from multiple cross site scripting vulnerabilities.
d76bba197769c768a7c9a47c8d81b2aa6931c6c4947bd69daf703f656280e914
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed