Monthly Archive: August 2013

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a ‘’ character in a domain name in the Subject Alternative Name field...

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a ‘’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which...

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a ‘’ character in a domain name in the Subject Alternative Name field...

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id...

SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2013-08-16 http://www.securityfocus.com/bid/61653 http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/

Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE:...

Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-08-16 http://www.securityfocus.com/bid/61654 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013

Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-08-16 http://www.securityfocus.com/bid/61609 http://typo3.org/extensions/repository/view/ke_search

SQL injection vulnerability in the Browser – TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2013-08-16 http://www.securityfocus.com/bid/61656 http://typo3.org/extensions/repository/view/browser

Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-08-16 http://www.securityfocus.com/bid/61606 http://typo3.org/extensions/repository/view/locator

SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2013-08-16 http://www.securityfocus.com/bid/61606 http://typo3.org/extensions/repository/view/locator

Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." Date published : 2013-08-16 http://www.securityfocus.com/bid/61606 http://typo3.org/extensions/repository/view/locator

SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2013-08-16 http://www.securityfocus.com/bid/61609 http://typo3.org/extensions/repository/view/ke_search

Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter. Date published : 2013-08-16 http://www.securityfocus.com/bid/61662 http://archives.neohapsis.com/archives/bugtraq/2013-08/0043.html