Debian Linux Security Advisory 2512-1 - Marcus Meissner discovered that the web server included in Mono performed insufficient sanitizing of requests, resulting in cross-site scripting.
dd9f44430c3792f55cfd3b79094cd29f9db03840ccee1c6521b22f3081775a29Debian Linux Security Advisory 2511-1 - Several security vulnerabilities have been found in Puppet, a centralized configuration management.
e25085e2d398a35b784003943d6504c9cd06efb0e6a0fb325d9e06e7bbd9a937Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.
93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in RSA Authentication Manager, where one has an unknown impact and others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
6871bb443e248f143250863d34a3fd0cc710b9b637e301e68424b82f1145adb8Secunia Security Advisory - Multiple vulnerabilities have been reported in libexif, which can be exploited by malicious people to disclose certain sensitive information, cause a DoS (Denial of Service), and compromise an application using the library.
6b2c585576127f1db10d1047e74dd85a38e763764dc85ee0e7a8d3e2767e02a1Secunia Security Advisory - Debian has issued an update for mono. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
14064543ef2fdbdf774a8393a8b544ee163fa52392342819ee9e4dbf0e6ee0b2Secunia Security Advisory - A weakness and some vulnerabilities have been reported in DotNetNuke, which can be exploited by malicious users to disclose potentially sensitive information and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
3f71f385618b83d19dabec7f09744d3e1f53d5b05c8b534f77ce5b57c923b164Secunia Security Advisory - Secunia Research has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
47a76f37dddcb906d549b86ea166e660e939cb8fc5c91cf36d9e84456224bb63Secunia Security Advisory - Debian has issued an update for puppet. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information, by malicious users to disclose and manipulate certain data, and by malicious people to bypass certain security restrictions.
8d657c968e3e7024957213769e736137480c67e90b995aacce521533032e065eUbuntu Security Notice 1506-1 - It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the "Delete" method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. Various other issues were also addressed.
2db822b8deddc568488cbb2592bc0d946bcd94f89af0b800dc6692643cf7a671phpBB appears to suffer from a remote shell upload vulnerability in uploadpic.php.
05ffa5740e6c7d20832cedab4c4171f8e7caab9770f3be6cc37932d09a7ef2fb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed