Cisco Security Advisory - The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities including code execution. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
08cfe7a215d929cba091f6ca3cd541e7690b6f415bf90d797eed5ce00256ce26IBM System Storage DS Storage Manager Profiler version 4.8.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
daded698ab318a61deb05c7a6825d61635889c2fcdb4f55030bad5d05a6487baMandriva Linux Security Advisory 2012-097 - Multiple vulnerabilities has been discovered and corrected in python. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
ea9f72137a552f0a45271fbb9a2d3f3aee9113cb46971ef47821e194f3b4801eDrupal Privatemsg third party module version 7.x suffers from a cross site scripting vulnerability.
a3d50c92c855863a0f3dac25ec433caa5b4ab7f49cc1b8c7d6ca5415e67e47e8Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
a875f61d4323d9bd3fdd15f37616b7c52da1e10355b2f976bd21d77e7714133cThis Metasploit module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7. When opening an extended .m3u file containing an "#EXTINF:" tag description, iTunes will copy the content after "#EXTINF:" without appropriate checking from a heap buffer to a stack buffer and write beyond the stack buffers boundary. This allows arbitrary code execution. The Windows XP target has to have QuickTime 7.7.2 installed for this module to work. It uses a ROP chain from a non safeSEH enabled DLL to bypass DEP and safeSEH. The stack cookie check is bypassed by triggering a SEH exception.
9ae85a7f65f089284af05d455b2e76edf1411cf55e1aa37c56ec9d74328747acTraq version 2.3.5 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
fa922793fa7ee9d8e3207d2288fde3fcce46b9557f9fcb050d32825cb7191fc2The Joomla Szallasok component suffers from a remote SQL injection vulnerability.
24fc9442031fcfab60464bd635b5560c23807b3e63b669809cefcfc61b8967afCommentics version 2.0 suffers from file deletion, cross site request forgery, and cross site scripting vulnerabilities.
4dc2b38b31ba5eb139c544dcddb570dc74413951fcae304958218311bea3b19dAnantasoft Gazelle CMS version 1.0 suffers from a persistent cross site scripting vulnerability.
237230e8444c4dc90ee11c4aefd55441f80d751abd272c8cce21ae3c8a932068Web@All version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
d25d5ad1ddb1de7212645fc16e7b47dc50410239fbb34e4de53c1aac5b358024LiveStreet version 0.5.1 suffers from a cross site scripting vulnerability.
1f4d724b50ea47c1a4a909ee483e46359ff627623c3d172d510abe6e3669bab4Gentoo Linux Security Advisory 201206-6 - A vulnerability in OpenJPEG could result in execution of arbitrary code. Versions less than 1.5.0 are affected.
ec0afe93195b46467e76e0fc33b29f8ea25fd0ca00994c8684b45b33d3d4990bGentoo Linux Security Advisory 201206-5 - Multiple vulnerabilities in Asterisk might allow remote attackers to execute arbitrary code. Versions less than 1.8.12.1 are affected.
0549e3a73c1a5f9d04d3fd1dcc33fb9bb2ec602c6d3eb30b5168b211e879ae45Debian Linux Security Advisory 2497-1 - It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service.
767d155bcdfd3b4f54914b90d6d6c4d6892ecd75f4ed52e90b949e54eecb66d3Red Hat Security Advisory 2012-1024-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
8cc9c3945525422b04633921dec6bd1564cbb738676ec11d5e3d8b5b39714c3eRed Hat Security Advisory 2012-1027-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
1578bf172d8363fc992779d77d8a4145fd48215f84c717867f2aff0ef979d171Red Hat Security Advisory 2012-1025-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
438ecd3704f472ac339ff1c305b869175056410b1f32535578f2aaf8cef02993Red Hat Security Advisory 2012-1026-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
4168e8b5dde8d8685ff22bfc83da9f6eacabfa3c71ef704249f1b017705b45a7Red Hat Security Advisory 2012-1023-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
af4b1c4d6857f6b733bd13ef19814d9228ac4ff24bec6d9d9171c97b4150362eRed Hat Security Advisory 2012-1022-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
af9bdf7c93929aa109a8674418359aeec8a8c9c8ff4dcb42a6ff52118a155d22ClubHACK Magazine Issue 29 - Topics covered include game server dos attacks, scapy, preventing cross site scripting, and more.
902f281d48f8415f78d996798bd36aab1d7c6fb603cd4da731434c4e206e043b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed