On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update, which incorporated fixes for 19 security issues that Security Explorations reported to the company earlier this year. This included a fix for a serious issue found shortly after the out-of-band patch was released by Oracle on Aug 30, 2012. This is yet another update to the saga of SE-2012-01.
6b5435fb50ec423d0d75cecaf2ec4e9f387a00115a379abfa7af4f7c3ac321d8
Bitrix Site Manager versions 11.5 and below suffers from bypass, cross site scripting, and content spoofing vulnerabilities.
b3009b004cfde8791d37b7bf011a32476fa5f90ea5bc092b19347929193a8371
WHMCS version 4.5.2 remote blind SQL injection exploit.
1a9084a82764c062fed1fe8f995dc44e605e0be301fad513d5424aa98b20c8af
cPanel Pro version 11.32.5.11 suffers from multiple cross site request forgery vulnerabilities.
62e54f57ea468cd7f398a764eb340cade258cb335a001a7ea61badbbad00d34e
White Label CMS version 1.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
9271f023803adeb0fc484c3583392b1ef73d2180d7cec02187566dc41964d87b
HZChoice CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
6270ef3805108b0e8f10fbf531a7963341006414298d46f62e52959139cacf5d
Joomla SQLReport component suffers from a remote password disclosure vulnerability.
8a1a559d9741c85617b9c407b8507949d56fcd538919350b591faa32da21b46d
RealPlayer version 15.0.6.14 3GP file handling memory corruption proof of concept exploit.
20d8ca1eebb1dc078b6215b82e2e0b1922516a1f9b5f6af2f446a39a721e0bcd
This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more.
eae76aaf398f8283420ca6cccb69d3b75a9e6c4026d44fa9fd0ff9eed3f493d3
Adobe Reader version 10.1.4 memory corruption proof of concept exploit.
2e57e166d1f4e5bb7f49e88cd5461e22907d7849b0f2e8a11bcfece01a970a42
Sites designed by Estudio447 appear to be susceptible to remote SQL injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.
8c15693d33027680ae24b919ce27d5b14e7c700bdc17cdc0fe7ec80076cf81cf
Sites designed by Pop Creative Ltd suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data. The authors of the software have contacted Packet Storm on 02/04/2013 and have noted that the issue has been resolved.
f47a18fe11f1b72f5688c9b9c27a71d2f06d1861541f7bede6efec8206499579
Secunia Security Advisory - Some vulnerabilities have been reported in IBM Proventia Management SiteProtector, which can be exploited by malicious people to conduct cross-site scripting attacks.
658b13f44d7f6b6c720a2dbc41502fa79e38024b638fc4bd02f03b1f40bcf00d
Secunia Security Advisory - A vulnerability has been reported in Self Service Password, which can be exploited by malicious people to manipulate certain data.
f4948a692101f6cd2448c4cc0ed217916126209eb1670ca82b0706d4cf41b257
Secunia Security Advisory - Debian has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
460b6a96167f51eaddcf5cd8c509c22123bce5dd9edc94a51762e798fbfd669e
Secunia Security Advisory - Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
1192914b29f87ba324289e5eee985234fe54d13009fb9f63ff2ae6233bd44d70
Secunia Security Advisory - A vulnerability has been reported in Piwik, which can be exploited by malicious people to conduct cross-site scripting attacks.
1e3e42b38c354891ee8eeb71e229ed9346acb38584eaa94ef80783ed584166c4
Secunia Security Advisory - SUSE has issued an update for chromium. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
c26bafae8c4f73baee6988c028ceba2ec185db3b2ce5c58e7e4af0b55160a9a4
Secunia Security Advisory - Gentoo has issued an update for bash. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
c253adc269903d55c0f23c188377d05463a32b1216696a7ca3cb66effdfcfd23
Secunia Security Advisory - SUSE has issued an update for libproxy. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
c90e7762a49c41475c0675e280e5b7453dca60589d00171a801a1097d80bf1f6
Secunia Security Advisory - A vulnerability has been reported in Mutiny, which can be exploited by malicious users to compromise a vulnerable system.
e855dd2609b506cd1f8f5cbe8c1bfab67cb9d3b383a371d2159b95466d6745e3
Secunia Security Advisory - Gentoo has issued an update for libav. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
04c3da25008041fb64cc10d2d75ea3e5b8dfbbdbadbfc97ef364b87416de94f0
Secunia Security Advisory - Gentoo has issued an update for chromium. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
cc5a53e3b8af62ff04e287c25779aa20c278eb5672d58bd3689832ed133069a2
Secunia Security Advisory - A vulnerability has been reported in the Freestyle Support component for Joomla!, which can be exploited by malicious people to conduct SQL injections attacks.
edde64ad189688e0a5133735425a537aa538eaa077084d54786ee8a7058998c9
Secunia Security Advisory - MustLive has discovered a vulnerability in the Wordfence plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
c142ee9ede32282626aa0378d4a895120e9531ee938d750af3de30af4d45aa54