Squiz CMS version 4.6.3 suffers from cross site scripting and XXE injection vulnerabilities.
a5d045b3aad07ff6c6442d788cf3530feb8b0422a99a5af1dae6dda396024529Red Hat Security Advisory 2012-0745-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
9b589376b7c9062ad24b4f8af937559408735d4b1c8f000fdf908cd9cd6cd8c1Red Hat Security Advisory 2012-0744-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
0195e7d2a58a603b9f9e924879d940296b0663a33117c68a1367cbbdbd34a945Red Hat Security Advisory 2012-0743-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled, and that also have macvtap configured for at least one guest.
2480f3d6a1b6962283dd9e04ff5f1211daab9bed3388bb442c0b82afde24b21dUbuntu Security Notice 1478-1 - Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.10. Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed NSV files. If a user were tricked into opening a crafted NSV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. Various other issues were also addressed.
d7b99bf280057e5db81eb321b972e06e69d090946831525816a876f7130e95bfUbuntu Security Notice 1479-1 - Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed NSV files. If a user were tricked into opening a crafted NSV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
0db8a822cdb1caef657dab0c19621d9b20896eb96da2c80b925d472f88f69362WordPress LB Mixed Slideshow plugin version 1.0 suffers from a remote shell upload vulnerability.
05d1ff86d15d4c018bc701f3b912dbda44ddada39fafab1e62575e473e009971WordPress Famous theme version 2.0.5 suffers from a remote shell upload vulnerability.
5cd23143dda2991fa8b54bad24336fde593bf11003add82671ad05be651816d2VANA CMS suffers from a remote SQL injection vulnerability.
06f4bc981b8d0c7290c0f3d2af444d55400dc6e92ccfa1464b27166a7ed92ba7WordPress Lim4wp plugin version 1.1.1 suffers from a remote shell upload vulnerability.
bdd83eb33020bf673d8c201bed0edee4aea04fd587fad2b42688292c7b805cc7WordPress Wp-ImageZoom plugin version 1.03 suffers from a remote file disclosure vulnerability.
313fae93536b657222df93e542a161ff4e99e670f7fcc788a126bd30970b4474WordPress Deep-Blue theme version 1.9.2 suffers from a remote shell upload vulnerability.
655fa08681c7b44b6899577f403fd689e810e5138a16b53311a249704bc54503Bricolage version 1.x suffers from persistent cross site scripting and remote SQL injection vulnerabilities.
648f270968361f02a75713be4218de41297130fcbab5f3d51e86d905c491399cMyTickets versions 1 through 2.0.8 suffer from a remote SQL injection vulnerability.
99fc0500b3e38cf669b96c02099379cc481addcdb679c1271958420f61af0d62Total Video Player version 1.31 crash proof of concept denial of service exploit that creates malicious files.
50826852f4723c4697c5342a471db0766e94f72ffba3dc55768b3c1d68c3014dSecunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), by malicious, local users to gain escalated privileges, and by malicious people to cause a DoS (Denial of Service).
97378af06f0cf1e385cfc94a5e06778f06902d7416420258de2b36d3d88f468dSecunia Security Advisory - A security issue has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
8bdc0d63e8cdfd234470ebf624f69b23025362655365bc21fda912a34ddf69d9Secunia Security Advisory - A security issue has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
8bdc0d63e8cdfd234470ebf624f69b23025362655365bc21fda912a34ddf69d9Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
a748071e69f0c13394539efb72f9fd8a1aff8e5d7cc83ba910a05469bbf61900Secunia Security Advisory - SUSE has issued an update for python-tornado. This fixes a vulnerability, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.
5720ce07a1bdffb3c8efd1846ad2b368d1fa0e4ac1c093deadd085e9d81ebc5aSecunia Security Advisory - Sammy Forgit has discovered a vulnerability in the LB Mixed Slideshow plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
6b375ada64bf270bc9ae64236ff8117b61ebd9db1f5524aec4abab40269cef0aSecunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Samsung AllShare, which can be exploited by malicious people to cause a DoS (Denial of Service).
4f612eb687214fbdf12bdd94a10be8345105b8568550bf7d40150d303bb84398Secunia Security Advisory - A vulnerability has been reported in NOCC, which can be exploited by malicious people to conduct script insertion attacks.
b82941c484f724c44b7bd162397403ce2f4cd2e3c7ae9f4b9767af6bcda89ecdSecunia Security Advisory - A weakness has been reported in Innominate mGuard, which can be exploited by malicious people to conduct brute force attacks.
57d1346a6989cd1a756303496ad163735ab7beca4f6267024998339485dffd35Secunia Security Advisory - A vulnerability has been reported in the Wordpress Automatic Plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
3111bd50158fe737387d74b0b64be53f09443942b6041e1b115c20b5deae5234
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed