ADF Faces version 12.1.2.0 suffers from a cross site scripting vulnerability.
Category Archives: Security
Security
WordPress WP Google Maps 6.0.26 Cross Site Scripting
WordPress WP Google Maps plugin version 6.0.26 suffers from a cross site scripting vulnerability.
WordPress MaxButtons 1.26.0 Cross Site Scripting
WordPress MaxButtons plugin version 1.26.0 suffers from a cross site scripting vulnerability.
HP Security Bulletin HPSBUX03139 SSRT101608
HP Security Bulletin HPSBUX03139 SSRT101608 – A potential security vulnerability has been identified with HP System Management Homepage (SMH) for HP-UX. The vulnerability could be exploited remotely to allow cross-site request forgery (CSRF). Revision 1 of this advisory.
CESA-2014:1620 Important CentOS 7java-1.7.0-openjdk Security Update
CentOS Errata and Security Advisory 2014:1620 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1620.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 002dee0a0bdf11e376d99fb4ad2971f31dfe1204b1154419344244fce83238d8 java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm 19420477ed938598934e8bb3edb856e12b52a1078987ea3ae5851257e548ec0e java-1.7.0-openjdk-accessibility-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm ec749fb28d1434a785046cb4ac367523ed1be0472384b2e1b8b90125188dac7a java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm 528cf0637d50f83eb14f14852e350dac8bc13981817d630e8ffc0c27f27f6f28 java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm fd1b2a97c9b87dc283db7503bfbb2ed3f312133f864f1af4a86f1c5928c4b83e java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm 8de25453d7898c7ce00cefb1fc4b4ade295507b1c157848c4d826a66968fbaf2 java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el7_0.noarch.rpm b9d91f7b9e069cf942bf96d8e30e538a9ac03a8537d9182868d778e3a05aed1c java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Source: a2e80b7c19c2ccad896649a93ea1d97a3a722a245c34973acc0941deb1e16a83 java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.src.rpm
CESA-2014:1634 Important CentOS 7java-1.6.0-openjdk Security Update
CentOS Errata and Security Advisory 2014:1634 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1634.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 235d58e6756e5bd6c033aa98373311e4706a7bc2ce5e717e08fd09b5f1bc2e4f java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm f747489a1afff1f19a0abc503ce4bd271dba6d7a501b0a9af068a34296d6ce42 java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm 290565d69afedfa4f198bb61702f3b09b8b1e4c976c07c060266eaf316992d79 java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm 2567dd401a1752ad2ec3740d87abff5a98e20ddf8c3a55eacc32b6ba08c47c12 java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm ca6278bb38d570c2cedeab68beced1a75b0818a59787e9110fd84da407d9f464 java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Source: 4fea1ba7337b0ba553c05103d411b1062082412e012acff2fddbb4c91d360ec9 java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.src.rpm
CESA-2014:1635 Critical CentOS 7 firefox SecurityUpdate
CentOS Errata and Security Advisory 2014:1635 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1635.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: b5bf77e58f0df4d4838bf72de18af77fc1299c64b944717b9be8023af642b2c7 firefox-31.2.0-3.el7.centos.i686.rpm f067bcd3d034b5878519cdc52befe29d493a8bbe19d64cc3ebf774f179a0b6e6 firefox-31.2.0-3.el7.centos.x86_64.rpm 5c28de4b7be9d9762646c2b99d80d2a4d42dd5b2787169cf48e919d93920d629 xulrunner-31.2.0-1.el7.centos.i686.rpm f7333789ff7a8c662e0f8e9a1f54c6ed508ee9fdd2fa98762492b076af18dd50 xulrunner-31.2.0-1.el7.centos.x86_64.rpm db657d67fc48d4a27bf50596a26cd35df82b06ec2d1f10004c94964c00ce3002 xulrunner-devel-31.2.0-1.el7.centos.i686.rpm 9045ff98c6fff3dab5a7fa9a73a3bcd05608a3723f83070e72e78fe6124c2202 xulrunner-devel-31.2.0-1.el7.centos.x86_64.rpm Source: cd172114374d6f81aae6c1dd22d1bb00cbd2a2244b0a7e726a09ed20459de604 firefox-31.2.0-3.el7.centos.src.rpm c24e3e31ba4b610cb3e291e28905b4f11f59bc10f2e55ad0a9dd9324d013b43f xulrunner-31.2.0-1.el7.centos.src.rpm
CEBA-2014:1642 CentOS 5 rsync BugFix Update
CentOS Errata and Bugfix Advisory 2014:1642 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1642.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1cbecc8922d43a0adcccd726e5803e76175f2fcca868baa94977f23a0882d983 rsync-3.0.6-6.el5_11.i386.rpm x86_64: aa673131601130f8ac144a0047914df78daf1296a424fd7ba9b0dbe61a4276df rsync-3.0.6-6.el5_11.x86_64.rpm Source: 12ce50da9141459819c943b7ac95dff36fb8cc9f42b50842ece6bbe0cb574b73 rsync-3.0.6-6.el5_11.src.rpm
CESA-2014:1635 Critical CentOS 5 firefox SecurityUpdate
CentOS Errata and Security Advisory 2014:1635 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1635.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9df05ee668d515f3ece37ee2e4cf518ffef8d1c52de35a0c59743ef9cf574cd7 firefox-31.2.0-3.el5.centos.i386.rpm x86_64: 9df05ee668d515f3ece37ee2e4cf518ffef8d1c52de35a0c59743ef9cf574cd7 firefox-31.2.0-3.el5.centos.i386.rpm fbd203f1998e1dee8e25010a1d4fa29b4b5321d20db4125b985b03a8592346ff firefox-31.2.0-3.el5.centos.x86_64.rpm Source: f5201abc4f86e806a1fcb6f85333b750203339111f506ffb2641beb02c3693f4 firefox-31.2.0-3.el5.centos.src.rpm
SA-CORE-2014-005 – Drupal core – SQL injection
- Advisory ID: DRUPAL-SA-CORE-2014-005
- Project: Drupal core
- Version: 7.x
- Date: 2014-Oct-15
- Security risk: 20/25 ( Highly Critical) AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All
- Vulnerability: SQL Injection
Description
Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.
A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.
This vulnerability can be exploited by anonymous users.
CVE identifier(s) issued
- CVE-2014-3704
Versions affected
- Drupal core 7.x versions prior to 7.32.
Solution
Install the latest version:
- If you use Drupal 7.x, upgrade to Drupal core 7.32.
If you are unable to update to Drupal 7.32 you can apply this patch to Drupal’s database.inc file to fix the vulnerability until such time as you are able to completely upgrade to Drupal 7.32.
Also see the Drupal core project page.
Reported by
- Stefan Horst
Fixed by
- Stefan Horst
- Greg Knaddison of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- David Rothstein of the Drupal Security Team
- Klaus Purer of the Drupal Security Team
Coordinated by
Contact and More Information
We’ve prepared a FAQ on this release. Read more at https://www.drupal.org/node/2357241.
The Drupal security team can be reached at security at drupal.org or via the contact form at
https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Drupal version: