Gentoo Linux Security Advisory GLSA 200501-29 - Mailman is vulnerable to cross-site scripting attacks.
e8700ac7b17001a222f2051663d0de6a449083d1f25943b98f6ae1fd551ac955
Gentoo Linux Security Advisory GLSA 200501-28 - A stack overflow was discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issue.
6d3333856e42b7c6ad1eb56d1005d508fb653af894b3fb5d1b523cf052b14bb7
GroupWise 6.5 suffers from a flaw where an unauthenticated user can get read access to various data.
39413578d2bf2ff35b828532fffd5974f3692be8c07c037819c3e88ee3e24666
DivX player versions 2.6 and below allow for arbitrary file overwriting via a flaw in handling skins.
e0b91ab213ef109d3e7d5ee589275919f9cf35746ad3daa9a71e452a7be88ebe
Comersus ASP shopping cart version 6.0 is susceptible to administrator login bypass, SQL injection, and cross site scripting attacks.
fa4955168f9fcd7c71beff76ff8d521cc4ebd0d3663310ad159a5f3893552497
NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the Microsoft NetDDE service which can allow a remote attacker to execute arbitrary code on a system without authentication. This vulnerability can also be used by any low privileged local user to gain Local System privileges. Systems Affected: Microsoft Windows NT/2000/XP/2003 Server.
7fe7b3cd43a05089bc18d0500d8382f190e1c29289808a9a8cd64afe62566c0d
Debian Security Advisory 654-1 - Several security problems have been discovered in enscript.
5d28208ac57d5625dda59adf9f8c04c2de000131ef1678db9a147c58c7f214a7
Gentoo Linux Security Advisory GLSA 200501-27 - Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.
0828975659f7baf994aa7d61bb99530dfcd6577a681f5c5fc41c6cac7b15ba5b
iDEFENSE Security Advisory 01.20.05 - Remote exploitation of an input validation vulnerability in 3Com Corp.'s OfficeConnect Wireless 11g Access Point allows attackers to glean sensitive router information.
20d6f9dae34c3b4c99c46cf39adab6cad55fcb5b45259ad5e2453aaf25d2108c
This advisory covers nine of the 23 vulnerabilities recently discovered in various versions of Oracle's database server.
05f58b02101062b1f57e0de5e3166ee29294c50e446a28ff4adfd2aaf99ca936
Secunia Security Advisory - A vulnerability has been discovered in the Apache check_forensic script that allows for local privilege escalation.
d4bd5c4ffda2aac9e74cafa67e43fbd8f1658d51600f2cb56c42471205d50f78
Secunia Security Advisory - A vulnerability has been reported in 3Com OfficeConnect Wireless 11g Access Point, which can be exploited by malicious people to gain knowledge of sensitive information.
4f592f511c62e88075d0e9e04e3a75eada218e949fe02b570f10602507ec9b6f
Debian Security Advisory 651-1 - A couple different overflows have been discovered in Squid. One is in the parser for Gopher and another is in the receiver for WCCP messages.
836558daf3b8225ee83be23b5502e47ecb6c82c7286dfd447db0ca184d7f8ab5
Secunia Security Advisory - Some vulnerabilities have been reported in AntiGen for Domino, which can be exploited by malicious people to cause a DoS (Denial of Service) and by malware to bypass certain scanning functionality.
32287f8e52ff5ebe7d2934853f6926bea12e4cabc6b4437b3b9719960dec2988
Debian Security Advisory 650-1 - Sword, a package for making a bible web site, is susceptible to a remote command execution flaw due to a lack of sanitizing input. Not even your god can save you now.
286c2640651ad4437f0111a699bc755f9e50d7537c9e72161cbab7ce90041134
Sun Security Advisory - A vulnerability in the Java Plug-in may allow an untrusted applet to elevate privileges through JavaScript calling into Java code. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet to inappropriately interfere with another applet in the same web page which may include causing it to incorrectly load non-code resources such as files and web pages.
fff12819e999f2aa04fd9023287b35be822c905487fcb22420f818a51a1e653f
GeCAD NET Security Advisory - The HTML Help Control patch issued from Microsoft may be subverted via other known vulnerabilities that are left unpatched in Internet Explorer.
d32c5cf90c2bbe8ef625797db1169224db31dcd4ce0d0477dd0575f3454eb37f
Debian Security Advisory 649-1 - A buffer overflow has been discovered in xtrlock, a minimal X display lock program which can be exploited by a malicious local attacker to crash the lock program and take over the desktop session.
61962f41f5e7339d97af3a6ced5488ce1a0da7b3ca851f38ddf0359b7a4f2d92
KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
6b15ccf0b7bec83aa5472d69ac47e0982d0440956056b53788eaaf87744463e3
Konversation versions below 0.15.1 suffer from various flaws that allow for shell command injection amongst others.
1878ab58f77ea098da55b04d4e3cac28e5c15f51bc0bce5aed916d6b27a0de19
Integrigy Security Advisory - Oracle has released the its first Critical Patch Update (January 2005) and fixes 23 vulnerabilities in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite - Integrigy discovered 5 of these vulnerabilities. The vulnerabilities in the Oracle Database and Oracle E-Business Suite should be considered high risk and organizations should work to apply the necessary patches at the earliest possible opportunity.
2d1a3adf02a15d6881976646e7fb047d6f0e021ee82168b3c88b84ea0793d9ac
Secunia Security Advisory - A security issue has been reported in Squid 2.x, which can be exploited by malicious users to bypass certain security restrictions. The issue is caused due to some LDAP implementations ignoring leading/trailing whitespaces in usernames. This can be exploited to bypass certain ACLs based on usernames or trick some log analysis by supplying a username with a whitespace in the beginning or end during the authentication process.
c0421bab66434fc8af2056b83c40c2ac1991466832dae520213f099b4877fe65
iDEFENSE Security Advisory 01.19.05 - Two remotely exploitable denial of service conditions have been found to exist in MySQL MaxDB and SAP DB Web Agent products. MaxDB 7.5.00.21 fixes these issues.
41d6628bc065fa8e77e30ed2f6500b691ce1330b4cd9302a821d8f957a190e6e
NGSSoftware Insight Security Research Advisory - Two vulnerabilities have been discovered in RealPlayer which may potentially be leveraged to allow remote code execution, or may used in combination with the Real Metadata Package File Deletion vulnerability to reliably delete files from a users system. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.
5c0369393320c3bc4942c495e3418f09710027a42e9c22a5dd5a498b9a15bf83
NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in RealPlayer which can allow an attacker to delete arbitrary files from a users system through a specially crafted webpage with little user interaction. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.
b462f3260253fe793321c8e2dfeaaaa00172ff31bc7e9284b32f1a9c98fb0224