The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL. (CVSS:4.3) (Last Update:2013-04-10)
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. (CVSS:5.0) (Last Update:2013-04-10)
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image. (CVSS:5.0) (Last Update:2013-04-10)
WatchGuard to give live demonstrations of how attackers leverage the trust users have in popular web sites (such as social networks) to lure victims to their malicious drive-by download attacks.
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts. (CVSS:7.5) (Last Update:2012-07-16)
New Release of WatchGuard Fireware XTM 11.6 Provides Advanced Management Features that Security Professionals Need in Order to Get Maximum Value from Next-Generation Firewalls