SySS GmbH found out that the request new user and translation functionalities of the web application perfact::mpa are prone to reflected cross-site scripting attacks.

This archive contains all of the 240 exploits added to Packet Storm in February, 2016.

Red Hat Security Advisory 2016-0321-01 – Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. This patch is an update to Red Hat JBoss Fuse 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. The following security issue is addressed in this release: It was found that Apache CXF permitted wrapping attacks in its support for SAML SSO. A malicious user could construct a SAML response that would bypass the login screen and possibly gain access to restricted information or resources.

HP Security Bulletin HPSBUX03552 SSRT102983 1 – A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

Red Hat Security Advisory 2016-0329-01 – OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service’s distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.

Red Hat Security Advisory 2016-0328-01 – OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service’s distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.