Secunia Security Advisory - A vulnerability has been reported in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks.
4f2863a3f14d2816026caf3ebbb1ce0452b31baf0fe07121385669da9ed3de4eSecunia Security Advisory - A vulnerability has been reported in Wansview IP Cameras, which can be exploited by malicious people to bypass certain security restrictions.
d7cdad5049f36135c0f490e867d90f1ba89e0e94e2dbba0cb1d044b87de6ae38Secunia Security Advisory - A security issue have been reported in Videosmate Organizer, which can be exploited by malicious people to bypass certain security restrictions.
575cca86a867f86e8722b835f52e7035ffc15cebd3fe39f877ae32ed650d3828Secunia Security Advisory - Anil Pazvant has reported a vulnerability in Logica HotScan, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
7f670288bba48b1d0576c350bc9f626da63e455728b5a30dc02c7a3a6f422e9bSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Fusion Middleware, which can be exploited by malicious, local users to manipulate certain data, by malicious users to disclose potentially sensitive information and manipulate certain data, and by malicious people to disclose potentially sensitive information, manipulate certain data, and bypass certain security restrictions.
dcef3c4b257a669314c2e82b869e0fbf6e929d40ed55c0514bb532e495165fa1Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
5e4bda1eda65b6fea570dcaa42aef1a555576191d4a63c83a22ec9b60f0ba720Red Hat Security Advisory 2012-1376-01 - jboss-ec2-eap provides JBoss Operations Network scripts for JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. It was found that the "/var/cache/jboss-ec2-eap/" directory had world readable permissions when using the EC2 AMI for JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise Linux 6. A local attacker could use this flaw to read potentially sensitive information from this directory, such as Amazon Web Services credentials.
ac9cb0f2b23f1cd20426da259f00d964edf77ca92a0ee840d86d754fa6527125Red Hat Security Advisory 2012-1366-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service.
4bdfbba056bd4cff7b0f9bca40a4eb14716b0f07ee6d5f9e40715fc00d6227dcRed Hat Security Advisory 2012-1380-01 - Horizon is the OpenStack Dashboard, a web interface for managing OpenStack services. An open redirect flaw was found in the way Horizon handled authentication. A remote attacker able to trick a victim into opening the Horizon login page using a specially-crafted link could redirect the victim to an arbitrary web page, and conduct phishing attacks, after the victim successfully logs in.
9ca85e08e473f375076cfdac8bb52edb8ec155cd47b21559556e1bb95eeeda6cRed Hat Security Advisory 2012-1378-01 - Keystone is a Python implementation of the OpenStack identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a not authorized error; however, the client was still added to the tenant. Users able to access the Keystone administrative API could use this flaw to add any user to any tenant. When logging into Keystone, the user receives a token to use for authentication with other services managed by Keystone. It was found that Keystone failed to revoke tokens if privileges were revoked, allowing users to retain access to resources they should no longer be able to access while their token remains valid.
8b912ed60ba4387f304180a802ce43c9829c9309b3f510c6f95aba85ae30cd74Red Hat Security Advisory 2012-1379-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. It was found that OpenStack Swift used the Python pickle module in an insecure way to serialize and deserialize data from memcached. As memcached does not have authentication, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to inject specially-crafted data that would lead to arbitrary code execution.
c5b2ef344dad56952873d987a833f8e629ea5a50cc482876c0c63e40c6efc365
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed