SaltOS version 3.1 suffers from a cross site scripting vulnerability.
42a257694ae051a813d78c610598ea47727f9265e274f370aee56b125cf5f32eMandriva Linux Security Advisory 2012-143 - Multiple vulnerabilities has been discovered and corrected in python-django. The django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting attacks via a data: URL. The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service by uploading an image file. The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service via a large TIFF image. The updated packages have been upgraded to the 1.3.3 version which is not vulnerable to these issues.
11e4f98a711e8370b01eb858810db8aebdb38b143e5dfe4b28fe32c98f672471HP Security Bulletin HPSBUX02791 SSRT100856 2 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS). PHP is contained in the HP-UX Apache Web Server Suite. Revision 2 of this advisory.
0249428e9acbac3f82ddc8a67d6642ef0f59a811efba5c7c79d97ee170c36700This simple tool is useful to test a PABX with "allow guest" parameter set to "yes" (in this scenario an anonymous caller could place a call). The aim of the tool is to ring all the sip Terminal Equipment (phones).
6ba2d5b8e6fb19504e9f6dd8fae1bdcbe77e340e3053d3fc58575622138019d5op5 Monitoring version 5.4.2 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
027aefb418d26810247858030e2eef7f6b9be2c5cf3721ff4c1fb7885e01cfddDebian Linux Security Advisory 2533-1 - It was discovered that Performance Co-Pilot (pcp), a framework for performance monitoring, contains several vulnerabilities.
cc522c8446d5b5ed88c3da34ddd1836dc9efe574475f7b6fd69b39c7d2afba6fRed Hat Security Advisory 2012-1203-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security pages APSB12-18 and APSB12-19, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
b881c245e1d0ab72e9d13a7eae6ae99d388bec9725335cd7dfd9c364034bb92cRed Hat Security Advisory 2012-1202-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially-crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash.
b656c088d1756e06ce31e094aafd2baea04a76707a1d6addd5a0a79a17b8d0abRed Hat Security Advisory 2012-1201-01 - teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX.
d3248156611725ad0fff7bd788cea1045887a17ec5ff1a6e89904341be92c76eRed Hat Security Advisory 2012-1200-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.
0f47c2544396c1abcc0a8edfcdc96a7f3327fd276c249471b11a59b2c4adb3a5Vice City Multiplayer Server version 0.3z R2 remote code execution exploit that spawns calc.exe.
347152204914dca4e7d1cdf0cbee9ccc5838df7e797a08563260de4d4272f65f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed