Project Open ]po[ version 3.4.x suffers from a cross site scripting vulnerability.
693ec8265e6017c96ec32e0a9eda3f7ac2b19ef5aa8ad1e93b662720d3d769b1Mandriva Linux Security Advisory 2012-012 - Multiple vulnerabilities has been found and corrected in Apache. The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service via a cookie that lacks both a name and a value. scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Various other issues were also addressed.
6f910e90fc2f1a633ad2fd724e320c739e9c5863ff65b37c5dbb3c731e69621fOfficeSIP Server version 3.1 suffers from a remote denial of service vulnerability. Proof of concept exploit included.
324388b9019c93816078bcb09e5a36d235d62a85d24328e5a979c300a7c76589Unwembi suffers from a cross site scripting vulnerability.
52a6842e8c156db843db3fba61fa956337bd3c3f69f1246f15d9a58751d311d6TOYUDesign suffers from a remote SQL injection vulnerability.
7c322c313d94f53a67662ad7edb488b6f6035ef998ae7706c10a2e3dab284446Apache Struts versions 1.3.10, 2.0.14 and 2.2.3 suffer from multiple cross site scripting vulnerabilities.
d9fa78ab565ffc78f9b758171aa45c73f075a712e2b675fb27d4d85d6afd0004Sphinix Mobile Web Server version U3 3.1.2.47 suffers from multiple cross site scripting vulnerabilities.
2a2aac775cc022e45352f3ac2317b97ca5553650a8970ebc02dde89317f3e2a3HDTRACKS suffers from cross site scripting, local file inclusion and remote SQL injection vulnerabilities.
b800801f1da0899e3a95377d1f7d63927c5c2e38a1ee561533c5d317d7f85266HP Security Bulletin HPSBMU02739 SSRT100280 - A potential security vulnerability has been identified with HP Data Protector Media Operations. This vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
0bcc2f843f0b11de73674574cd97205e0464cf0d2fbb051b6e700be1464d57ceCode Audit Labs has discovered an integer overflow vulnerability in array functions like Int32Array, Int16Array, etc in Opera versions 11.60 and below.
5f2cdab0cad16a592541c73485c7b031f99c884d2a8fac52fc03b4527ba21f05Apple Security Advisory 2012-02-01-1 - Apple has addressed 48 security vulnerabilities. These issues existed in packages such as Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreMedia, CoreText, curl and much more.
cf25033e1c0f7c890c4bb4bf4deec5fe01b2162ac354bd512e0fcd1426499d94The 2012 ASE/IEEE International Conference on Privacy, Security, Risk, and Trust and the 2012 ASE/IEEE International Conference on Cyber Security have both announced their call for papers.
8f3b5fef1f57432bb9dea01720771eaf58f7263653e0c4ed8b9718a0570dfc9dRed Hat Security Advisory 2012-0096-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default.
4d7ec0be3c4cdaaf6b1f677637efef43125f8c79e9156cb4c4c7e1a319176841Red Hat Security Advisory 2012-0095-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used. If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code.
e6888517744a038247ddcec36a31a2483e8893d5f08cc6726fef676d829fd42bRed Hat Security Advisory 2012-0093-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
c1ccf133b3eac49d7de702ba74cf8c5920a60f874a1f49c1afb5030647c07f22Red Hat Security Advisory 2012-0094-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
033b8524d452d87287c2295177910aa84708de0727ca556cefeebeec8c3a92f8Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.
8d477b129cade9168945756f320e10f89d8e0cf7bba8bf7336e147cc0e23f36aRed Hat Security Advisory 2012-0092-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
68786120785a0ab41d6fc979c985ac7e49c48e28d4cc7e8e10b000204e3b9d51Debian Linux Security Advisory 2402-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
f7f7b7d14f242917b8c9c29325d2201bc5a13f9d2f1a43f78eed23b9e91a0038Debian Linux Security Advisory 2400-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
7006936160ec6a7163ea6ad37310b26604ff1fcc3095ba5d211b939d095f7887
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed