Gentoo Linux Security Advisory GLSA 200504-20 - Gangstuck and Psirac from Rexotec discovered that openMosixview insecurely creates several temporary files with predictable filenames. Versions less than 1.5-r1 are affected.
23bccb90f85bbabb24a271ae05653d64a2d16cae3deeed52271cecd0e763eda1
phpBB Auction module version 1.2m suffers from a SQL injection vulnerability.
c795fedacb95b4e3a28134fb0a24bf694c85c044f4193534fbcc7182bdd94779
PHPROJEKT 4.2 Chatroom is vulnerable to Cross-Site Scripting (XSS) attacks allowing a broadcast attack to users in the chatroom.
924c24da845df4c0ceb5a3948b17ff81ec7c79bb09b72fb4da784f4f20a07a14
Gentoo Linux Security Advisory GLSA 200504-19 - Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP (MMST). Versions less than 1.0_pre6-r4 are affected.
9c210f39c70c4af2a86566d59cbc0461e1c2b3ad20eedb16521f65098d8bf10d
RealNetworks RealPlayer, RealOne Player, and Helix Player all suffer from a remote heap overflow that allows for remote code execution.
f5dfc6020b55f720a8cbcc1e223a699e696def7db5ae15407dbb1fa62bf5b52f
Neslo Desktop Rover suffers from a remote denial of service vulnerability.
a60e6aaf17789932c5057f3a7942283c9a1bb3e4836d0c355a8b98aa268c362a
AZBB versions 1.0.07d and below suffer from arbitrary file deletion and enumeration flaws.
6306c8d12777015f47460895fa5507cfd12177435797106e750bf523bbff3697
GreyMagic Security Advisory GM#015-IE - Windows Explorer fails to filter dangerous data in links used in the webview on Windows.
b0e0113b63d7852efda22daf6fc544646e9787e6e936b0d0a0ea9c9fbbfd7063
Debian Security Advisory DSA 712-1 - Tim Dijkstra discovered a problem during the upgrade of geneweb, a genealogy software with web interface. The maintainer scripts automatically converted files without checking their permissions and content, which could lead to the modification of arbitrary files.
9a0eca1814872b0a7fcc4dbe92282fa4c5686c5a69ec0ae85a69f55eca060887
Gentoo Linux Security Advisory GLSA 200504-18 - New Mozilla Firefox and Mozilla Suite releases fix new security vulnerabilities, including memory disclosure and various ways of executing JavaScript code with elevated privileges. Versions less than 1.0.3 are affected.
3304fb9c0dd2ac34c28c8a52fa2aebb4d38b78bb11517ce76c83bb77926d2156
Debian Security Advisory DSA 711-1 - Nicolas Gregoire discovered a cross-site scripting vulnerability in info2www, a converter for info files to HTML. A malicious person could place a harmless looking link on the web that could cause arbitrary commands to be executed in the browser of the victim user.
f5d92d368f4c048858a1635d0ff87da1ce79c1c6e050799059ff22ca3f13f2ed
Gentoo Linux Security Advisory GLSA 200504-17 - Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS (Planetary Data System) image decoder, format string vulnerabilities in the TIFF and PDS decoders, and insufficient protection from shell meta-characters in malformed filenames. Versions less than 3.10a-r11 are affected.
44b8e9e806a61f9df9c12e6362eb8888a7ec7852456c03c0e32f01faa2c9fca8
iDEFENSE Security Advisory 04.18.05 - Local exploitation of an insecure permission vulnerability in McAfee Internet Security Suite 2005 allows attackers to escalate non-Administrator privileges or disable protection.
9699f3cb21fa9695d95aac39f442e54d847ade88e201729977ec3782e7a018b7
A SQL injection vulnerability exists in the CREATE_SCN_CHANGE_SET procedure for Oracle database server version 10g.
a5212af4697367cfaddf9c5d2eecf257e160ca8ab7b17e47a8d5fbd82766578d
A SQL injection vulnerability exists in the ALTER_MANUALLOG_CHANGE_SOURCEDBMS_METADATA procedure for Oracle database server version 10g.
6fe16250b05705d0c21788a7123ad48bf9b396fddbabb93bae3b81090b8ca7eb
Multiple SQL injection vulnerabilities exist in the DBMS_METADATA package for Oracle database server versions 9i and 10g.
9c197b54da59422b26a68e8b4cc788a15635ca92f877520ad3c5ec7c525b0aa3
Gentoo Linux Security Advisory GLSA 200504-16 - Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow (CVE-2005-0753), memory leaks and a NULL pointer dereferencing error. Versions less than 1.11.18-r1 are affected.
71478e23debfee6f1ab5821db6951480baef1646b37e0cc240ba3d846f7ea1d5
Oracle Database Server version 10g has a flaw that allows any low privileged database user to execute functions with DBA privileges.
bd2ea7fcfad3776a3eb567cbc888e2578d0c447e690779f98950f1bccc8ab1db
Oracle Database Server versions 9i and 10g suffer from denial of service vulnerabilities in their interMedia system.
6fa9a30526c515903a896294e0fe106983bd5cf8a9bcc4ecab61acd3f4f6e5fc
A buffer overflow exists in PMSoftware's Simple Web Server version 1.0.
5fa358e8ae57771eec4d6be7eef2ff8867641bda69d38b8fb79abcb41a1feabc
Debian Security Advisory DSA 710-1 - Alan Cox discovered a problem in gtkhtml, an HTML rendering widget used by the Evolution mail reader. Certain malformed messages could cause a crash due to a null pointer dereference.
048ee5a8b482fb36773879c65429801f0f178b9e9b73fbb13ff5000f630521aa
SUSE Security Announcement - Buffer overflow and memory access problems in cvs have been resolved.
4b23470fb0f1f14f3c0b7f6233c3e4361366bfe8d7adeb4be398791764f24e71
Many XML/RPC servers based on Python / Ruby seem to be vulnerable to a simple Denial of Service where transmitting a large amount of data (circa 4 MB) results in them utilizing 100% of the CPU and apparently never recovering.
01fddb7df596dbb647f71a14bc8ddf89eda494b127062d87e148e1adfd6216ba
AppleWebKit XMLHttpRequest arbitrary file disclosure - Apple Safari 1.2+, Apple RSS 2.0 pre-release, OmniGroup OmniWeb 5.1+, as well as other software based on a common engine, are vulnerable to malicious webservers attacking them and retrieving information (arbitrary files on disk).
0ea575297839fdac0e3654c2488db5abe193e71540f91deb28ffc4cd0bd4c886
Gentoo Linux Security Advisory GLSA 200504-14 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a double expansion error in monkeyd, resulting in a format string vulnerability. Ciaran McCreesh of Gentoo Linux discovered a Denial of Service vulnerability, a syntax error caused monkeyd to zero out unallocated memory should a zero byte file be requested. Versions less than 0.9.1 are affected.
7f4936472c31f89580293bf38a7962c48bf48a076c611dbcb39c244449785e17