The Drupal block class module allows users to add classes to any block through the block's configuration interface The class names in a block were not properly filtered. Someone with the ability to modify or create blocks could inject java script that would be rendered when viewing the block. Blockclass versions prior to 7.x-1.0 are affected.
ec7bd4f2b0130760b1ad706dd01c6bc46328b023aed6daade7ba77de5c659f50UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.
821d0c201eeac6fac0f5db639e8b855cdeb11ae6a13a35cc6a819fb54a37c7ceThe Drupal Data module 6.x-1.x versions prior to 6.x-1.0 suffer from a cross site scripting vulnerability.
70f531879deaaf37ddbaa94bb6cc139601124e7c2ba8a519650348b97938972dHP Security Bulletin HPSBMU02744 SSRT100776 - A potential security vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized disclosure of information. Revision 1 of this advisory.
7549abbd3e80b07c88f193c27b27cefcc9001254fe6fbd1bcebd72f3f03fe097HP Security Bulletin HPSBUX02741 SSRT100728 2 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 2 of this advisory.
55cdfcc13a7fe14d92fa9c28027368bdaa391209c80e57fec15c56acf2bdeff9Fork CMS version 3.2.5 suffers from multiple cross site scripting vulnerabilities.
4b99695b62c24efb77d8225aa71a461fe8e4406fe345a819d426c1d12da808beCall For Papers for XCon 2012. This conference will take place from August 14th through the 16th, 2012 in Beijing, China.
45bdc46d0347c62dd83cbbf9a35e84518e9aa61dc4dc344a96efe7beaa3e0161Iciniti Store version 4.3.3683.31484 suffers from a remote SQL injection vulnerability.
468555f310e3babc2bec1e782bf7364b99eadd7c132f25fc01ef86f9aef13b79Ubuntu Security Notice 1394-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. Various other issues were also addressed.
f05a67b15bd12222301eb6d247fe8806a3dc3d18a5f9a4b55842ab137cbdbfeaDebian Linux Security Advisory 2429-1 - Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects.
d4592c5ad8de29f047ece77a2e42b1d38a82d87058cef98da635405e98387e98LeKommerce Online Shop suffers from a remote SQL injection vulnerability.
b3eb59aca087a0ffbe536718a683e74c53bd6e1789daf234db778d4d9726cb2aWebfolio CMS versions 1.1.4 and below suffer from multiple cross site scripting vulnerabilities.
93f6b868f021feffc6c34fae1946370d4c0b5076b89e10d2dac090857f503a57Ubuntu Security Notice 1392-1 - Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges.
e3a1cb2d59c53f8534bcc574cde849ab64541e6674e02b848509d7c0c55f2c23Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
93380b9c22addc34eb0c628c05822af9da3b79d264b702b626d3f59388748799Red Hat Security Advisory 2012-0370-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash QEMU or, possibly, escalate their privileges on the host.
34beca2ea83efb46a5f87f92ce8b4275cf49f57036de0e7d9c3f569248566573Red Hat Security Advisory 2012-0369-01 - SQLAlchemy is an Object Relational Mapper that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. All users of python-sqlalchemy are advised to upgrade to this updated package, which contains a patch to correct this issue. All running applications using SQLAlchemy must be restarted for this update to take effect.
170335a11ed1ac32efbb25cd8394268712ed2aa3631e110f327da6a0ba26982fSaman Portal suffers from a local file inclusion vulnerability.
f245aeea6b3f77592cd6dfc9450697947d068c975c0e07a0e1db15820a8fbdafThis whitepaper is titled Introduction to Reverse Engineering x86. Written in Spanish.
f1735b4979de2ce0b4794b58f0d141925c28cf0d9dca9af3785c4fbe40dabb99Zorp is a proxy firewall suite with its core architecture built around today's security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.
22a9cc9e08d042d3967fdb9db22d919d77e53a58a2f493552f7a49ea9b170782ImageFetcher.com suffers from a remote SQL injection vulnerability. The researcher contacted the site with no luck in getting a response.
c0096bd4ab042011c73831be8b2484baa5d0724c7a1cbfbdaf821ef3c7bb6640Jobrapido.com suffers from multiple cross site scripting vulnerabilities.
a2d5de00e2e35e0f11abcafea3e0079a991fa50c325f344c91902feae0159b6eSecunia Security Advisory - Gentoo has issued an update for spamdyke. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.
e80f101dea596c284e4066c493c9e9d87e61b6ff805e73c21042ed87b8c4f81dSecunia Security Advisory - Gentoo has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
9f75cdb69c2f29c18db4b1e914176bf0f7eea690562426078d57de08c7864b10Secunia Security Advisory - Gentoo has issued an update for curl. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, hijack a user's session, manipulate certain data, and can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.
2e1d38993af456a422a3c869aa6cfbd2ac3b68f5d28b6b35461e7e2df3ba6afaSecunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system.
3b583191ce1bde990fb87784459f8e4b123c5a7de9c778712999e48b39ef6aa7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed