Gentoo Linux Security Advisory GLSA 200504-30 - The phpMyAdmin installation process leaves the SQL install script with insecure permissions. Versions less than 2.6.2-r1 are affected.
2f14682c3d2c1ce53dc09035ebfa9852d3f37d2162c30a53ce2789161c0d33bd
Gentoo Linux Security Advisory GLSA 200504-29 - Steven Van Acker has discovered a buffer overflow vulnerability in the add_port() function in Pound. Versions less than 1.8.3 are affected.
508acf6707fea998ce6f61a2d863c2f1364881a6c998ee20d344d408a8cedea3
Gentoo Linux Security Advisory GLSA 200504-28 - Buffer overflow vulnerabilities in the slc_add_reply() and env_opt_add() functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Versions less than 0.6.4 are affected.
8f9785ac0de012dcf5e162da16f150a5a3fc8423a3b5bf8c8f0c7332c37b590a
phpBB suffers from SQL injection vulnerabilities.
ca458f33b9f3016fe72402ab33dfbbd57fcb02856066cf26233223b8394b26ef
myPHP version 3 suffers from some authentication flaws.
7acb86e0cb84d96d1c0a4a8bad9fef5794155e64405dfc6914ef1930d430fdbc
NetTerm 5.1.1 is susceptible to a buffer overflow vulnerability.
cbee78841654b8d50513697d3015f26612a2b53278635785bdd9fe04ba84ff51
iDEFENSE Security Advisory 04.25.06-3 - Remote exploitation of a buffer overflow vulnerability in Citrix Systems Inc.'s Program Neighborhood Agent allows attackers to execute arbitrary code under the privileges of the client user. The problem specifically exists in the client code responsible for handling the caching of information received from the server.
16507fe3cdb13ec83622e458aa634047d18ca5f69e7fabd2596d8731975803c8
iDEFENSE Security Advisory 04.25.06-2 - Remote exploitation of a design error in Citrix Systems Inc.'s Program Neighborhood Agent allows attackers to create arbitrary shortcuts under the privileges of the client user. Citrix Program Neighborhood Agent is a part of the Citrix Presentation Server Client and facilitates access to Citrix published applications. The problem specifically exists in that an attacker who has established a malicious server can create arbitrary shortcuts to the client user's Startup folder.
e2c874a4cddc782ee004130fa3cf0634405553d31dc8949e908cb5c4ed7ef604
iDEFENSE Security Advisory 04.25.06-1 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerabiltiy specifically exists because of a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long 'If' parameter string, a stack-based overflow occurs.
05c5b0f03940866f73bc2159f99ff530a95dc33e323dfd87ee1f15e5782c0aa5
iDEFENSE Security Advisory 04.25.05-2 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerability specifically exists due to a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long Lock-Token string, a stack-based overflow occurs.
de4dd6898b596370190084b4ae7be97a5ec66c778107f7dc4d74f3b5058bea09
iDEFENSE Security Advisory 04.25.05-1 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerability specifically exists due to improper handling of HTTP GET queries containing a percent sign (%).
3d9df7b8685773ea51dc93936ccdec26e654e422760c6865c9a44369fe2e4c14
Sqwebmail is susceptible to a cross site scripting vulnerability.
bbcd1dab317514856e9a775df797f71fdb7a6ea060f85d684815cc2326b35fb7
Snmppd is susceptible to a format string vulnerability.
bc5427491a4a901c393b53732a6504c2225b684ae85279588d94c9d19012c901
Gentoo Linux Security Advisory GLSA 200504-25 - Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
f1cc8ee77515d1a92862c3012f96550e4889e870b38cf8c6c9c2875d4cdac3ff
Gentoo Linux Security Advisory GLSA 200504-24 - Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Versions less than 1.0.0.007 are affected.
610d7dee1ebee7161b6c3a758df8fb08c5ed35d5980042002152cd66a9ecb96d
MailEnable HTTPMail Enterprise <= 1.04 Professional <= 1.54 is vulnerable to a buffer overflow on a header field definition which would allow an attacker to execute arbitrary code.
020b6ab6e3581762060ba2c2990b16bc68cb8380fa57614477c9506a4bada0d4
A local file detection flaw has been found in the Adobe Reader ActiveX control. Adobe Reader versions 7.0 and below are affected.
62e66376041cb0ead9f4c69cac186a4d750f6d7ab4a0b76dad3a4a5b944a91d3
Argosoft mail server pro 1.8.7.6 (maybe others) are vulnerable to a cross-site scripting attack due to the mail server not filtering out some HTML tags in email messages.
730284972fd0b3761d247cb3b7dd3853f2ca689faf375d53b1b01457d4281fe0
FreeBSD Security Advisory FreeBSD-SA-05:05 - Multiple programming errors were found in CVS. In one case, variable length strings are copied into a fixed length buffer without adequate checks being made; other errors include NULL pointer dereferences, possible use of uninitialized variables, and memory leaks.
0955613e37e271809f7afef6711a84a64f2032dbe02f04eb08d63144b31158fa
KDE Security Advisory: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.
541b770d166d535ed31873d7fc040185169e96ce83b2851ceec63ccf5120c5fe
KDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.
15c0b15e1f97fffefbb19b6f2354efaea247f2f23d0219684a0be903991619c5
A vulnerability exists in Macromedia ColdFusion 7.0 which allows a remote attacker to execute arbitrary HTML and script code to a users browser session.
b7e5adbb8cca2e19fa11f114f83ccae2400d714542e19d777713e7dbe4d4ba6f
By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media application.
64c779246d4d9ccbe30d863aa28db22a229e66a2202abdc8598582b09109fb72
WebSphere Application Server version 6.0 suffers from a cross site scripting flaw.
f68cc25f25bdda26b2281f384909d577b5ea7ee94e8abe5de53465cf42838c22
Debian Security Advisory DSA 713-1 - Several bugs have been found in junkbuster, a HTTP proxy and filter.
e72c5e4ea90565cb61629b1743d0c4d4a8c3617c8103bc58829339968c1ee261