Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.
Monthly Archives: October 2014
CVE-2014-7200
Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/.
Fedora 19 Security Update: bugzilla-4.2.11-1.fc19
Fedora 21 Security Update: bugzilla-4.4.6-1.fc21
Fedora 21 Security Update: rsyslog-7.4.10-5.fc21
Fedora 21 Security Update: python-django-horizon-2014.1.3-1.fc21
rebase to 2014.1.3
Fedora 20 Security Update: bugzilla-4.2.11-1.fc20
Fedora 19 Security Update: python-oauth2-1.5.211-8.fc19
Resolved Bugs
1007766 – python-oauth2: various flaws [fedora-all]
1007746 – CVE-2013-4346 python-oauth2: _check_signature() ignores the nonce value when validating signed urls
1007758 – CVE-2013-4347 python-oauth2: Uses poor PRNG in nonce<br
Actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson).
Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.
Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.