SA-CONTRIB-2010-070 - Multiple vulnerabilities in multiple contributed modules

Versions affected and proposed solutions Easy Translator for Drupal 6.x The module is vulnerable to SQL injections. Solution: Disable the module. There is no safe version of the module to use. Block Queue for Drupal 6.x The Block Queue module allows users to create "queues" of blocks much like...

[SECURITY] Fedora 12 Update: beanstalkd-1.4.6-1.fc12

beanstalkd is a simple, fast work-queue service. Its interface is generic, but was originally designed for reducing the latency of page views in high-volume web applications by running most time-consuming tasks asynchronously...

[SECURITY] Fedora 13 Update: beanstalkd-1.4.6-1.fc13

beanstalkd is a simple, fast work-queue service. Its interface is generic, but was originally designed for reducing the latency of page views in high-volume web applications by running most time-consuming tasks asynchronously...

Beanstalkd < 1.4.6 Remote Beanstalkd Command Injection

The installed version of Beanstalkd allows injection of Beanstalk commands. A malicious producer process or client could exploit this issue to inject arbitrary beanstalkd commands via the 'PUT' command to view status of existing jobs or delete jobs from the Beanstalkd queue without co-operation...

CentOS 5 : kernel (CESA-2010:0398)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

SA-CONTRIB-2010-056 - User Queue - Cross Site Request Forgery

The User Queue module allows you to create multiple queues, add users to them, and order the users within the queue. The module is vulnerable to cross-site request forgeries CSRF via the URL used to delete users from the queue. A user with "administer user queues" permission could be manipulated...

FreeBSD Ports: ejabberd

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

RPM Select/Elite 5.0 Buffer Overflow

!/usr/bin/python RPM Select/Elite v5.0 .xml config parsing unicode buffer overflow PoC Found by: mrme - http://net-ninja.net/ Homepage: http://lpd.brooksnet.com/ Download: http://www.brooksnet.com/download-rpmselect Tested on: Windows XP SP3 Advisory:...

[SECURITY] [DSA 2033-1] New ejabberd packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-2033-1 [email protected] http://www.debian.org/security/ Sébastien Delafond April 15th, 2010 http://www.debian.org/security/faq -...

RPM SelectElite 5.0 - .xml Configuration parsing Unicode Buffer Overflow (PoC)

RPM SelectElite 5.0 - .xml Configuration parsing Unicode Buffer Overflow PoC !/usr/bin/python RPM Select/Elite v5.0 .xml config parsing unicode buffer overflow PoC Found by: mrme - http://net-ninja.net/ Homepage: http://lpd.brooksnet.com/ Download: http://www.brooksnet.com/download-rpmselect Test...

RPM Select/Elite 5.0 - &#039;.xml Configuration parsing&#039; Unicode Buffer Overflow (PoC)

!/usr/bin/python RPM Select/Elite v5.0 .xml config parsing unicode buffer overflow PoC Found by: mrme - http://net-ninja.net/ Homepage: http://lpd.brooksnet.com/ Download: http://www.brooksnet.com/download-rpmselect Tested on: Windows XP SP3 Advisory:...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action...

CVE-2010-1244

Cross-site request forgery CSRF vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action...

CVE-2010-0684

Cross-site scripting XSS vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action...

CVE-2010-1244

Cross-site request forgery CSRF vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action...

Default configuration

ejabberdc2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service daemon crash via a large number of c2s aka client2server messages that trigger a queue overload...

DEBIAN-CVE-2010-0305

ejabberdc2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service daemon crash via a large number of c2s aka client2server messages that trigger a queue overload...

CVE-2010-0305

ejabberdc2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service daemon crash via a large number of c2s aka client2server messages that trigger a queue overload...

CVE-2010-0305

ejabberdc2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service daemon crash via a large number of c2s aka client2server messages that trigger a queue overload...

UBUNTU-CVE-2010-0305

ejabberdc2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service daemon crash via a large number of c2s aka client2server messages that trigger a queue overload...