SkaDate Lite version 2.0 suffers from multiple cross site request forgery and persistent cross site scripting vulnerabilities.
a342e8bef5f90b7cfd0703664b106bee5879eec947174e7edebd140cfb15231eMandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
8c8bb030e17e5411417b68b186f12f4c547e4fe82b46c174807e0d6a29db2919Secunia Security Advisory - A security issue has been discovered in easyCMSlite, which can be exploited by malicious people to disclose sensitive information.
9028ed891af6586d5ea9f5a39483f56dea6a5a30316047fb5c54f5d6d6a2ebabeasyCMSlite version 1.0.9 suffers from a remote database information disclosure vulnerability.
d76b243f67795b89da6846818d5643c0c788edbdf1c583ff25b07a351804feaaElite Bulletin Board version 2.1.19 suffers from a remote SQL injection vulnerability.
38ceedd2da888919b9e4f13ce5a14bd3fb372a6bf5708329aa373a96263aba8fRed Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.
a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0bThis is a presentation called Security Threats in the World of Digital Satellite Television. It is from a talk given at the Hack In The Box security conference in Amsterdam in 2012.
61103d4ce9bcf58777deab4ee4ff4c33b39828de0f9c1efaefc51fa159e8fffcRed Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.
99eb758e26ad01db7e3e088f497dd8ec98005e8f4fdef7cb43e51787e609733aRed Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.
a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077eSQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected.
84d02b3ee9f88069270f1d55a7a0419db6f4ee552b8001ed7d46641a2a66e816The Joomla nBill Lite component suffers from cross site scripting and html injection vulnerabilities.
3606d2ac2ff13bcedaf6d21dda5490b013927a9fc7dfcf91b3f1c0e6828a97b7Havalite CMS version 1.0.4 suffers from persistent and reflective cross site scripting vulnerabilities.
322f88d3c41d308f4807b8706507315c8cd49fb01199b1f3dab44952ac956f55Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.
d142797f7dd77a9313414f41fe5d3420b6993e137b11125df0ae138f13b44b14Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.
d142797f7dd77a9313414f41fe5d3420b6993e137b11125df0ae138f13b44b14Secunia Security Advisory - A vulnerability has been reported in Red Hat Network Satellite, which can be exploited by malicious people to bypass certain security restrictions.
0e39db5313135801d11626704ab28dd1f8ca677b51297e23da2fba7bed3b7ec4Havalite CMS suffers from database disclosure, shell upload, and remote SQL injection vulnerabilities.
5333f13c7d3a31da5790853e3d445f2ca1d0412733313afc050cc63a50eeae64Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.
45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4EasyPHP SQLite suffers from a remote SQL injection vulnerability.
a0576b5b89a27fa6194b062b630f90ef32e2b624c7702fb789e32b221a1c7d16Secunia Security Advisory - K1P0D has discovered a vulnerability in LiteSpeed Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
860769154eec9093bb6465e4c5a7b920200adfc6f8c9439376152a7ab3179eb5LiteSpeed versions 4.1.11 and below suffer from a cross site scripting vulnerability in the admin panel.
4673c5fc0a1d5af35f49f2fe5b245398727d8205e95e7aa7d94b7620983fabbcElite Gaming Ladders version 3.7 suffers from a remote SQL injection vulnerability.
322ee99d2575634066dce5e5f30ff7afb9895556a73ef32ff20cad12784e334bSimple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
a65bb4d048c713dd9ecc4b42b98cc124516fd5c1df19deddfc664476aad7caacEven if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.
71d5feb9cc956c726042c458e08a52e135cac25deae5200ce474ea31c5489a36Secunia Security Advisory - Red Hat has issued an update for Red Hat Network Satellite Server. This fixes a weakness, which can be exploited by malicious users to disclose certain sensitive information.
2bb1a067ce60696f49fa7609319bbb4b3a7264a656adfd9805f0acb265c12c5fRed Hat Security Advisory 2012-0101-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. If a user submitted a system registration XML-RPC call to an RHN Satellite server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.
0e357eb02cf1bd13d067a393447a97f98a191c81e71ec325288e3e621237287aMandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.
5c13b7ef97165e75959f465d2ce9e3b748e6c52f37c5fb1421c22c9982237007
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed