rssh versions below 2.2.2 suffer from a format string vulnerability that may allow for privilege escalation.
4e71754c1ea5a52d4e553addf2ba481fd95acd61c1c8fb641f366430dbdfc6a1
An information disclosure flaw in AOL Journals allows any remote attacker to increment BlogIDs in order to reveal other user email addresses.
02d5f5dd347c2ac7772bcb3d661d9a6de4bf662b8460563f0fcc4e1d311b4c14
Secunia Security Advisory - An vulnerability has been reported in HP Serviceguard, which potentially can be exploited by malicious people to compromise a vulnerable system.
13336a2214baaa7315b1c34b36225ac10e3adbd8c3588e66ba9057ee676a10f8
Addendum to previous post regarding browser inabilities to render HTML securely. It appears that problems thought not to also include MSIE do affect that product as well.
1d3da6813efc5cf470fc248ce32c43c281b284739d7147da3b335d2b2b2b9074
iDEFENSE Security Advisory 10.22.04 - An exploitable heap overflow in the handling of malformed tiff files has been discovered in the latest version of libtiff when JPEG support has been enabled. An attacker can exploit the above-described vulnerability to execute arbitrary code under the permissions of the target user. Successful exploitation requires that the attacker convince the end-user to open the malicious tiff file using an application linked with a vulnerable version of libtiff.
47aee7e32dd02f1b2f485dc27406d68b8725b9b7b347564a5a4988fe9d0cf4d9
Two very serious security vulnerabilities in Java technology for mobile devices (Java 2 Micro Edition) affects about 250 million mobile phones coming from Nokia, Siemens, Panasonic, Samsung, Motorola and others. Sun has refused to release an alert regarding these issues. Information about these flaws has been published at Hack In the Box Security Conference earlier this month in Kuala Lumpur, Malaysia.
b5205c34f95361edb616b9b5160c4caade01ca0f30aebdbc019a5cfb22606cd6
A specially crafted WAV file can cause the WAV file property handler to consume all available CPU resources on Windows XP.
8e05ffb1b09efaeebd8f0714bf6ea2a5918b97d04c49938779f57d86f6f1093c
Mandrake Linux Security Update Advisory - Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.
38339c35eb37ea1704d38fa5c8d7a983c7db524a7de177b38224327194a45663
Gentoo Linux Security Advisory GLSA 200410-21 - A flaw has been found in mod_ssl where the SSLCipherSuite directive could be bypassed in certain configurations if it is used in a directory or location context to restrict the set of allowed cipher suites.
06b3bc6d3391335b9f299d76aa4089572536a66060eb87668867cda8b1c74110
A HTTP Response Splitting vulnerability has been reported in Serendipity 0.7-beta4.
58300abb3a8f54c654e8bb78e7f9e9f9aed80d29f1a932dd5a829debdf95141b
Debian Security Advisory 573-1 - Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.
fccd60e1ee2c1f5d58c88b7adbad22ccf6bfc7d8205b115e2d78c67cf9a77704
Gentoo Linux Security Advisory GLSA 200410-19 - The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.
835983120856de9672d4df3fb055de82c29e15b525d53729dc1c1c36bbb07587
Altiris Deployment server versions 5.x, 6.x, and possibly others are susceptible to a design flaw that allows an attacker to take complete control over all Altiris clients on a network with relative ease.
00d5a12abb42d0cde16860ee9706a4629ff21bb5c256745a947f93f021230767
Secunia Security Advisory - A vulnerability has been reported in Speedtouch USB Driver, which potentially can be exploited by malicious, local users to gain escalated privileges.
76aee022b1a8f1207b62499507352f2a7c3a5d59d5d9b0fed33a0c8447865092
Secunia Security Advisory - A vulnerability has been reported in Serendipity, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks.
acaf97d26f5c01f38152bba85d86498a319af52914e14d0c75a3836386bf5901
Debian Security Advisory 572-1 - A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings.
36b123e8f91130593a23746179cc31188a931abe1aa176fa668aa789f53529ce
SUSE Security Announcement - An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled.
e8301b42ffb03cdc6751cdb3ee2fdc50c54950362f4ed8890cebbeb5d51eed2b
NSFOCUS Security Advisory SA2004-02 - NSFOCUS Security Team found a security vulnerability in the program stmkfont of an HP-UX system. Exploiting this vulnerability, local attackers could gain group bin privileges.
893e2f01859a0283754f25f425a601354a817bdeb90c88bb389baec21e86d022
Interesting write up of using an eSlate3000 made by Hart Intercivic. Due to their early arrival, Honolulu County has already started using them for walk-in absentee ballots.
a94ccface40aab35840874046f32a77457b342f433d07a5ecbe7eb0fc80c1bc4
Gentoo Linux Security Advisory GLSA 200410-17 - OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents.
1df7a419056dc3a76a8cc525b8bf1ff0456f157199aa85e9c76acf6ebbad899b
Secunia Security Advisory - Roger Sylvain has reported a vulnerability in Nortel Contivity VPN Client, potentially allowing malicious people to open a VPN tunnel to the client.
085e2d54838dc160aad7aa3c8c3e791d8e939db60c78bc63517389c90a090974
Linux 2.6.9 fixes a set of race conditions in the Linux terminal subsystem which are believed to go back to 2.2 kernels if not earlier. The race shows up problematically in two places.
f8cf3fc98aeca152c71b95cb20b1eee7b1b018c5a67a7c7a13854854c7bb8043
Privateer's Bounty: Age of Sail II versions 1.04.151 and below is affected by a buffer overflow occurring when an attacker joins on the server using a nickname at least 144 bytes in length.
156853fe0bb73128ae6aa68202b9b9e09c23cb39d915de7147217d58394c8ba8
Debian Security Advisory 570-1 - Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
4ce3f32f49c7c105105e734adf7ddc6a695daaa8719946a1415780421bcb8cc3
Debian Security Advisory 571-1 - Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
cab10b0b64c9f9a3b975a8b2f2ae1125c69ef475cdc6985d53e7236239040c0a