Statcounter is susceptible to a script injection user session hijacking flaw.
2f8b0a24361026c281e96ee3041e21b8b9c0a48c33866ddddd38ba3d356683b6
Every user with CREATE JOB privilege can switch the SESSION_USER to SYS by executing a database job via dbms_scheduler on Oracle 10g.
89a141519dcef0c60eb5caae4118b9350bed9c359a49fba7854f155c388e595c
Fine grained audit (FGA) is disabled for all users if the user SYS runs a SELECT statement on a FGA object in Oracle 9i / 10g.
ef0e69af9d00f437ba72ca0fee630f111a4921211bcba924fef4da010fb8148c
The Gamespy cd-key validation system allows for multiple use of the same key.
8139c1152cfd8033b373585e5ec3187e22c4c9b4dcd050934cf1cccab4456a1d
iDEFENSE Security Advisory 05.04.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X allows attackers to execute arbitrary code. vpnd is the system daemon which manages IPSEC or PPTP connections. The vulnerability specifically exists due to insufficient bounds checking on the value given to the Server_id parameter.
0237606ce969824dc940b7a556542ba770756a2abb6a8d17d8aad8742cfb0a93
A local file detection bug exists in Adobe SVG Viewer version 3.0.
b56516177838b137c11f376de8fc95ba5e4906d2d1a019f2e5bd11efb8f5d84b
Leafnode versions 1.9.48 to 1.11.1 suffer from a denial of service vulnerability.
30b6c7c1e8d7eeb30cd82999c84bd5e80690a1a2b8ceede25323b0633cea4b3d
Ubuntu Security Notice USN-118-1 - Postgresql suffers from multiple vulnerabilities.
d115508980e6b35c51f9fb331119affaab6ae7c99bb8434b6050362aa9206618
vpnd on Mac OSX versions 10.3.9 and below suffers from a stack buffer overflow.
cf228ea2cc508d49888b67af2c4fca70d0985d71b8d036276387de3ca4f74d36
Apple OSX suffers from multiple bluetooth vulnerabilities.
1f2d239e36a2a11e6998d72399a7c9b0cdc8dcabb42c9fdd577e9c7bfc8b8182
4 security vulnerabilities surfaced for Mac OS X.
611e1fc379bf33b3470bd4abb0a5b34beb52d4121d4c97e7eda23652c5314c91
iDEFENSE Security Advisory 05.03.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X Server default install allows attackers to execute arbitrary code. NeST is the NetInfo Setup Tool for Mac OS X. The vulnerability specifically exists due to insufficient bounds checking on the argument passed to the '-target' command line parameter. Local attackers can supply an overly long value to overflow the buffer and execute arbitrary code.
0c4cd80a8e3d38cb59c61f0869356ce10010ac85f79bb0f97bfe1f1caf72ece0
Secure Science Corporation Advisory CSA-056 - LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. A vulnerability was found by the author within the signature scheme used with the Elliptic Curve Cryptosystem routines that will allow arbitrary signatures to be created by an attacker.
b8ad4e6b033d01b8ddf58a423ef32c097bcb846cc0417058b55c70ae4bb633ad
Ubuntu Security Notice USN-126-1 - A denial of service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing sanity check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory access which could crash the application. It was not possible to exploit this to execute any attacker specified code.
a3972f42ed956bc21421985a05fa3e50b0ab0cf627ca6abfbcee3c37549995ae
FreeBSD Security Advisory FreeBSD-SA-05:09 - When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.
5e666245ff6f81ff72f602f77622595ea80e3cf57ceb0ef27419e4e10cfa5986
Gentoo Linux Security Advisory GLSA 200505-20 - infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags (CVE-2005-1523), fails to validate the range sequence of the FETCH command (CVE-2005-1522), and contains an integer overflow in the fetch_io routine (CVE-2005-1521). mail contains a buffer overflow in header_get_field_name() (CVE-2005-1520). Versions less than 0.6-r1 are affected.
c2fb67e7ef5e9d7869519665523ab1b56b6a1f13618b8118efd53ef25ee92044
Gentoo Linux Security Advisory GLSA 200505-19 - Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Versions less than 0.4.4 are affected.
ff8bdf466cde935fabc1f41a965e7bcc0c76a699d5691dbb519735aab32494e5
Gentoo Linux Security Advisory GLSA 200505-18 - The fixproc application of Net-SNMP creates temporary files with predictable filenames. Versions less than 5.2.1-r1 are affected.
55ae58d4091c9513eec1db8f4df5e6697cdf1f1e7a159b4294f30dc6b5b91720
Gentoo Linux Security Advisory GLSA 200505-17 - Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users (CVE-2005-1151). The upstream developers discovered that Qpopper can be forced to create group or world writeable files (CVE-2005-1152). Versions less than 4.0.5-r3 are affected.
5f79ff0a88cc0ec2c54f6ceed5e00a22614019b40a6b651f22b9fb0d59a11434
Gentoo Linux Security Advisory GLSA 200505-16 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when setting a color mask to zero. Versions less than 6.2.2.3 are affected.
7cd890831c972168a96e842608bd68f5ae3853773f99cba71d5868a21d6da6e4
Gentoo Linux Security Advisory GLSA 200505-15 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory. Versions less than 6.3-r3 are affected.
a438150f4f7635d000ccf3b00ec02b17b42aa4f822c4d5404b56c1e3ee3fa395
Gentoo Linux Security Advisory GLSA 200505-14 - Brian Bird discovered that Cheetah searches for modules in the world-writable /tmp directory. Versions less than 0.9.17-rc1 are affected.
853bd930b30b1dc75326033673188777ab4477db6183a979bd5d53e35f1ff993
Gentoo Linux Security Advisory GLSA 200505-13 - Primoz Bratanic discovered that the sql_escape_func function of FreeRADIUS may be vulnerable to a buffer overflow (BID 13541). He also discovered that FreeRADIUS fails to sanitize user-input before using it in a SQL query, possibly allowing SQL command injection (BID 13540). Versions less than 1.0.2-r3 are affected.
f0e8ee31b44589588be2f25ad27a3e4ee5e6a3d3ebf3acbeef7867a4d0644570
Gentoo Linux Security Advisory GLSA 200505-12 - PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments (CVE-2005-1409). It has also been reported that the contrib/tsearch2 module of PostgreSQL misdeclares the return value of some functions as internal (CVE-2005-1410). Versions less than 8.0.2-r1 are affected.
f343524cabdc8563fd558ecf9418e6857706907df010ed93fb9711dc15817069
Gentoo Linux Security Advisory GLSA 200505-11 - The Mozilla Suite and Firefox do not properly protect IFRAME JavaScript URLs from being executed in context of another URL in the history list (CVE-2005-1476). The Mozilla Suite and Firefox also fail to verify the IconURL parameter of the InstallTrigger.install() function (CVE-2005-1477). Michael Krax and Georgi Guninski discovered that it is possible to bypass JavaScript-injection security checks by wrapping the javascript: URL within the view-source: or jar: pseudo-protocols (MFSA2005-43). Versions less than 1.0.4 are affected.
6b81a217ce3f87b99e5aadf53821e66be801d2bc37dc498629b18c3918b3ad7c