Debian Linux Security Advisory 2423-1 - Several vulnerabilities were discovered in Movable Type, a blogging system.
f0e9814be0331a938f40f63ac3c4857159dcbb1fe3cbbc05caa3abd88bbac186SourceForge suffers from a cross site scripting vulnerability.
c521268603c35e9a59106a24fbac1ed6b0e2fe6943ca5d5ba91a87e9735454b9Refinery CMS suffers from a cross site scripting vulnerability.
80d6f61550681b6f3435e8e4e3dd82b0c7338fdfebf403a319b613c6e1a8ef08Drupal CMS version 7.12 suffers from multiple cross site request forgery vulnerabilities.
ae9467e5b266b5bab05bcb858e59b252750650d5a297eb119fea3d398a9ed415Photobucket suffers from a cross site scripting vulnerability.
0e35e97015de926e364a868feedd4b6f1602bdd5e1c10088e355eafab2bc2c5dKoolUploader suffers from a shell upload vulnerability.
a4180579d6c1325723ed5a88719959901cf064a7fc3fb5581c4f0816a85571ec09so suffers from a cross site scripting vulnerability.
eb7eb9aa515cd9e0bd489631c3776b9dc145e31198d3f96fa2482a00787849152Creation suffers from a remote SQL injection vulnerability.
e1cb8aaa5195677fba7273e6ce2da91cb83516a3485f835484d026347c08bbeeSecunia Security Advisory - Russ McRee has discovered a vulnerability in Redaxscript, which can be exploited by malicious people to conduct cross-site request forgery attacks.
ce3cac6d72487aaf3144b4ad8133a511903542d65951d1df00877bb4e167521eSecunia Security Advisory - Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system.
dc855187183e8855d7daf377672788d6c7f9eec92312cd56f9afe2e4f0ee8f43Secunia Security Advisory - SUSE has issued an update for libvorbis. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
64ddae6a0565bbb00ceebdddc65a49fe07b794320df0e4f0aa177e497b2da9a2Secunia Security Advisory - Two vulnerabilities have been reported in CMS Builder, which can be exploited by malicious users to conduct script insertion attacks.
100a6a792a3895f07dc848c5da2c5af486d3230689bfcc7922731cca1ee0e880Secunia Security Advisory - Benjamin Kunz Mejri has discovered multiple vulnerabilities in LDAP Account Manager Pro, which can be exploited by malicious people to conduct cross-site scripting attacks.
4e86c8763e3488a7db9f0fef1f9ce003e6322af78fcd6d566e950aa396f66be0Secunia Security Advisory - Two vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks.
e32c8678ee4a88dea1d37438a438c9f6cf84eb87d5692a4374486c3217ebd3bcSecunia Security Advisory - Ubuntu has issued an update for ubuntuone-couch. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
bc1fe7b5a2e7962f72bda7be178855370475e66f71a09a79f5715c6483c517e1This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2. When handling a .pls file, DJ Studio will copy the user-supplied data on the stack without any proper bounds checking done beforehand, therefore allowing code execution under the context of the user.
736d166b489b4e31605e79a4de3a5f53718ad11ade2ceb44edb651fb05d2a8ddEndian UTM Firewall versions 2.4.x and 2.5.0 suffer from cross site request forgery and cross site scripting vulnerabilities.
2034bab8895a54593428c97585032c9590023b375bad65670a46fda01b6396c6LDAP Account Manager Pro version 3.6 suffers from multiple cross site scripting vulnerabilities.
fa7127c457603662f00c08ba30a681352825cb8ca6e4d69c355d703707cec2ebhttpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
00debb88f90f79d65dcbcc590c2a1172411f70f9134a9367f29c113594d7b9faFlashFXP version 4.1.8.1701 suffers from a buffer overflow vulnerability.
c7133acc22d3b090b427cba075d2519b57e0b202a125e163162154bac90fd758phxEventManager version 2.0 beta 5 suffers from a remote SQL injection vulnerability.
6ad7d38cfeb4e1e5de32c062417e982cb2b1c0e061735419cc1e6d5826869f6eMandriva Linux Security Advisory 2012-028 - libxslt allows remote attackers to cause a denial of service via unspecified vectors. The updated packages have been patched to correct this issue.
5e5cd4e181fa0d96d3d9737dbbd2cf7f5ebad0e6ac5483cae947e2da1fd8580fUbuntu Security Notice 1373-2 - USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
d63f63cce13067e86594d7b41cc4fcfc48a0a4fe97f8a49fdbb9d9b6da4a1a42Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453Ubuntu Security Notice 1381-1 - It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
9e1f9ce73652962531417f98775bc07be0ec25fabd7b9799da1b949109f33276
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed