New User, Welcome!     Login

User Preferences

CORE-2009-0912: Blender .blend Project Arbitrary Command Execution

   . From the "panel" dropdown choose "Script".
   . Check that "enable script links" is active.
   . Click on "new".
   . Select the script you created (e.g. myscript).
   . Choose "OnLoad" from the event dropdown list.
   . In the "User Preferences" panel, select File->Save, and save your
project.


8. *Report Timeline*

Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities

IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------

Successful exploitation of these vulnerabilities could allow an
attacker to access user accounts on an IronPort Encryption Appliance
device, which could result in the modification of user preferences.

Software Versions and Fixes
===========================

When considering software upgrades, also consult

[ MDVSA-2009:222 ] squirrelmail

 
 All form submissions (send message, change preferences, etc.) in
 SquirrelMail were previously subject to cross-site request forgery
 (CSRF), wherein data could be sent to them from an offsite location,
 which could allow an attacker to inject malicious content into
 user preferences or possibly send emails without user consent
 (CVE-2009-2964).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

Two vulnerabilities in SquirrelMail GPG plugin

1 issue - Deletion of files writable by web server user

SquirrelMail GPG plugin allows end users to delete or overwrite files
writable by web server user. In default SquirrelMail 1.4.3-1.4.8 setups
end users can delete stored user preferences and address books without
any complex hacks. Default SquirrelMail 1.4.9+ setups and custom rpm or
deb packages are still vulnerable to relative path attacks, because
location of attachment and data directories is known to attacker.

Upstream was notified about vulnerability on 2007-09-24. Patch was

[SECURITY] [DSA 2291-1] squirrelmail security update

CVE-2010-4555, CVE-2011-2752, CVE-2011-2753

  Multiple small bugs in SquirrelMail allowed an attacker to inject
  malicious script into various pages or alter the contents of user
  preferences.

CVE-2011-2023

  It was possible to inject arbitrary web script or HTML via a
  crafted STYLE element in an HTML part of an e-mail message.

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability

1. OVERVIEW

The Plesk versions from 7.0 to 8.2 are vulnerable to Open URL
Redirection when "Enable webuser@domain.com" access format, a new
feature introduced in Plesk 7.0, is enabled in user preferences.


2. BACKGROUND

Parallels Plesk Panel is a turnkey Web hosting system that includes


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!