Digital Whisper Electronic Magazine issue 31. Written in Hebrew.
12b4f095105ff4449b7bd0f89c86c37ea9bdd360637540bede3c6901a0a2599c
Red Hat Security Advisory 2012-0547-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
cf433296092f3f1e23f59cf22f40a5f23112bca55e0461faaf2d616f4aaf07bb
Red Hat Security Advisory 2012-0546-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.
370b85d0ff129582e77ad077b5afa1a0ec4a18b11acbece33fd34bbf9776cf74
Red Hat Security Advisory 2012-0544-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.
8de65be2fccd90aeb21230e00496bc38147f8f63da19d99fc78529caa13f8c0a
Red Hat Security Advisory 2012-0545-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.
486fac7c70f5900ea4b2003350cc49df5a6f5ae8814ef2b537c4e6f0534d688d
Red Hat Security Advisory 2012-0542-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.
8b3987f6e40fef85052bc1517ccdd155b8785e42c315e04f9e426c3eaf558929
Red Hat Security Advisory 2012-0543-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.
376715e8712ee30354e348ebd39de77f32d1502ee20f1d7c87fee06fdef8376b
Ubuntu Security Notice 1439-1 - Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refresh mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain. Thomas Biege discovered a session fixation vulnerability in Horizon. An attacker could exploit this to potentially allow access to unauthorized information and capabilities. Various other issues were also addressed.
7b70699a65f9988c4c343caffced00dfe13277d783584ab531944622f4ea9fba
NeXus Infotech CMS suffers from a remote SQL injection vulnerability.
4102261f67b9adfce3df3dee981d8a33cea52eb43a006ebb120b0efd590aa460
Jibberbook version 2.3 suffers from an administrative bypass vulnerability.
b5b53e60f590f445c7ae12ebaa132d6dde7e0ddd3bbcac6745422c617c736ba3
Efront version 3.6.11 suffers from cross site scripting and shell upload vulnerabilities.
5c179156a4a5a17ecc6bdbcb3aafd189cc11707ca9c531ac8383372e7c32213f
Ramui Forum Script suffers from a cross site scripting vulnerability. The webmaster of this site has contacted us and has addressed this issue.
bb143f148ba5864fdc8665fdc8e1b51a1816c3792af5e9cdadbd6943fa22317f
EnjoyGraph Communication suffers from a remote SQL injection vulnerability.
6b9ac68af3f32ce61afad6dbf35317febde56226f530b7613dfc2b0fb9f157d5
Etelligence Technologies suffers from a remote SQL injection vulnerability.
c7af7077b26e61cce25b85e49175127640962d67a4623489e617eaa5bbec4d7d
Magnolia Development Group suffers from cross site request forgery and remote SQL injection vulnerabilities.
0dddd55b632c330921a6380014bf5672a8699881752fd31e21554b069d0bbdd0
NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell.
abba3db5d6d8d109c7a47018d57d39b218beaabd3f5704fd0bd207157668d4bd
Secunia Security Advisory - A security issue has been reported in Apple Mac OS X, which can be exploited by malicious people with physical access to bypass certain security restrictions.
7b21a6825ba0b9d231379812ac4eb8b4c8d2963a6ce879600d4c6b410870ea81
Secunia Security Advisory - A vulnerability has been discovered in Symantec Web Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.
6552805b175da258feff2164c2dc08bf2138f9bb86901753d358a5788c75b1ab
Secunia Security Advisory - A weakness has been reported in OpenStack Dashboard (Horizon), which can be exploited by malicious users to conduct session fixation attacks.
d3044d91166f37ce85dbf9a0770fb1b7e30f0500b02a307bf0f186aa0a42ac80