The BSidesPDX 2012 Call For Papers has been announced. It will take place in Portland, Oregon November 9th through the 10th, 2012.
e4989495e487e3db9d80ef34d34a7cf73ae99afedbf46ff43690011f8cf414f4Akcms version 4.2.4 suffers from an information disclosure vulnerability due to the installation log with credentials being left accessible in the webroot.
110e53e0ff7d9a1d47d594aca454a76bf939d6b2c39d931dd7ca2c7c942d2adfPersianTools suffers from remote shell upload and remote SQL injection vulnerabilities.
72032453c213ca706121b2da8963a2f826e973ae811bfa9f86a0e679ae2453fdVICIDIAL Call Center Suite versions 2.2.1-237 and below suffer from cross site scripting, HTTP parameter pollution, and remote SQL injection vulnerabilities.
f60059a05e8dd6c5a03e2c24b3902a86b2e5c70b58fd251e047a23e7937a5ab4PRE-CERT Security Advisory - A stack overflow vulnerability has been identified in FreeRADIUS that allows to remotely execute arbitrary code via specially crafted client certificates (before authentication). The vulnerability affects setups using TLS-based EAP methods (including EAP-TLS, EAP-TTLS, and PEAP).
b0d9e9f1f6322b919a73e21f48b721bb95437b973a72a0475504746bc07adab7Joomla RokModule component suffers from a remote blind SQL injection vulnerability.
04a5f4b1f82517c26ec1976af075b5d4920016fc3c74b4838cb88469e588fa38Ubuntu Security Notice 1561-1 - Paul Mutton discovered that ubiquity-slideshow-ubuntu incorrectly handled the Twitter feed displayed during system installation. A remote attacker could use this flaw to inject code into the Twitter feed and read arbitrary files off the filesystem during system installation. This flaw has been resolved in the Ubuntu 12.04.1 LTS installation images by disabling the Twitter feed.
cfef3246131815f9abe55a30d1c195367f8361d10f297601011b7980cb702b26Ubuntu Security Notice 1560-1 - It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that Django incorrectly handled validating certain images. A remote attacker could use this flaw to cause the server to consume memory, leading to a denial of service. Various other issues were also addressed.
9f6992ce555ed77fffedae76ac5c6ba847bd77558a7f5ac9a81ab269744ed427Ubuntu Security Notice 1559-1 - Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. Various other issues were also addressed.
424758cfe93d12a6c3cbc07557e8d64b2fd4af1f52d8a7be6d7a538b7429cd20Debian Linux Security Advisory 2545-1 - Multiple vulnerabilities have been discovered in qemu, a fast processor emulator.
8e5c7692bbe174766d9b636a0cc8c8fe9870a09a5a9c7ad9cfbcae5653433f52Debian Linux Security Advisory 2544-1 - Multiple denial of service vulnerabilities have been discovered in xen, an hypervisor.
0de82877b49ae331d124059f550a82911bc9231a9d7264724b5e604cccf2bed1Debian Linux Security Advisory 2543-1 - Multiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen Qemu Device Model virtual machine hardware emulator.
6c76faea6ac6cbfa1c9eda1f30e879928782ec2b1071c8550ad28724c9bf136aDebian Linux Security Advisory 2542-1 - Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware.
00685f3c7620cdca669660f768658bfc96ecb973fbc7077496fc77baee3a9f0fOracle VM VirtualBox version 4.1 suffers from a local denial of service vulnerability.
25f2cbb5e9534b8b6dade71c9587a5ad6a4181529ef1f4caa5a558b8f5d28627Sites with code from MNS.it may suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
17d825e8a92433c330b0f71cd368297c82f0b9360da1332c123966ca1e2c9a55NewWard CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
40d13140b4242e8f427e98676360490d7c7086924c28e6aabc89e5dcc4eb494bMh1WebDesign CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
93f03cc288e0eed4ca2bb245bebac449ec798593ca06e6a23e8b72fc46e4f5eeAciertaweb CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
5bd9e469d721625cfeaee2c5e939e7a84e83f4ee565e8104aec4eb35ceec0b8fChannelCanada CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
ac4caf592bdb063bd4a643efea8cc0e26b32c417d6807a9d3a0d15a3fd736989NovinMarketing suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
15c1aaf02f8436c4bf39a04892684e4871c635c336f4015e772a2c28904c7d6fSecunia Security Advisory - Two vulnerabilities has been reported in the vBShout module for vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks.
2e83905e81dfc90e948929d7bf4be5f049d2d92b1442d4e0c15acd040acdc0acSecunia Security Advisory - Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.
063f135a1bb84140f378c4056b275057beda858bbb2bfc10b26ce3a95ce11392Secunia Security Advisory - SUSE has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
f4435c2641d8ccfe1ad1430ba71a2c3d934342415cf1e17fc1f69b8f2f5ba7b2TamWeb suffers from a remote SQL injection vulnerability.
011fd04e6063ea16d2bd2938205d4f0fa4b6d50ef1d83fbcf1ad329946358d61Secunia Security Advisory - A vulnerability has been reported in fwknop, which can be exploited by malicious users to potentially compromise a vulnerable system.
d5498fca019e9818f60b863eda43a6fc3ffab75aa3594ca93875da016f8157ad
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed