Secunia Security Advisory - SEC Consult has reported a vulnerability in RSA ACE/Agent for Web, which can be exploited by malicious people to conduct cross-site scripting attacks.
12d8adffe0e916ebde01961fd5eca46c4d6b78c1ea686f6ba4d45dbc8356e242Secunia Security Advisory - Debian has issue an update for koffice. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
6f926128147e15f476d1ff00bb2d6a612811d91291eaf0fd9db6818e540c6c7cSecunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to gain knowledge of sensitive information, bypass certain security restrictions and compromise a user's system.
d86e4272f26f8fd0a2eda7175d7a3232bb3cda13da014ba7370fc6b1af821ce2Secunia Security Advisory - Debian has issued an update for libgda2. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
360b383f70942d3899be1061d03a76ecbc42bfc9d2314c70c47412f3d10ebe21SCO Security Advisory - Buffer overflow in xpdf 3.00, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
c12e6d6bc481931dcd7411f64221e71a6d5e58832187420893295ac95607b08diDEFENSE Security Advisory 10.20.05 - Remote exploitation of a buffer overflow vulnerability in the Service Location Protocol (srvloc) dissectors within Ethereal, as included in various vendors' operating system distributions, could allow attackers to crash the vulnerable process or execute arbitrary code.
f84a2cd36e4396316ddd959b480a5923aa5ec3cbd094fbefa3f0372f500ea2ebNightmare TeAmZ Advisory 011 - multiple sql injection, XSS, and HTML injection vulnerabilities exist in Zomplog blogging software. POC included.
a6018601dd4804eec98dbf68da4ae123df219bbbff9b7373071b420fc139d4a0Chipmunk Forum, Topsites, Directory, and Guestbook suffer from multiple XSS and path disclosure vulnerabilities.
23cac3529e4cae30ba7ad7123e1343b17e4ac7da4d4902d5bd9b5eb3dfbe7921Oracle Workflow is part of the database or application server installation. The parameter end date is vulnerable against XSS/CSS attacks.
2015cccd11fc56c421cc335833dd6265eb14354db7e65f1005b9a8dc48d71dc8Oracle Workflow is part of the database or application server installation. The parameter response form is vulnerable against XSS/CSS attacks.
2eb6c4ef458b17429b16b1a95e05c214585b85fc4637ec1a482c95d69ecf2c6fUbuntu Security Notice USN-211-1 - Hadmut Danish discovered an information disclosure vulnerability in the key selection dialog of the Mozilla/Thunderbird enigmail plugin. If a user's keyring contained a key with an empty user id (i. e. a key without a name and email address), this key was selected by default when the user attempted to send an encrypted email. Unless this empty key was manually deselected, the message got encrypted for that empty key, whose owner could then decrypt it.
15251a7898ac8f26d9970d075f01be3625c63059e6609f41c62dcd1dd6737e59Gentoo Linux Security Advisory GLSA 200510-18 - RedHat reported that pnmtopng is vulnerable to a buffer overflow. Versions less than 10.29 are affected.
b6fcea74d0ed679c88e40d8e959391fc05cd6ec9dfc18d7c30fc0d65a7099de0Gentoo Linux Security Advisory GLSA 200510-17 - Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Versions less than 2.2.11 are affected.
e7e66e422db95c30c79aa3f04099d0c57b9306bd7186e3754307131367a27ed6Mandriva Linux Security Update Advisory - Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code.
ab8941b3a540e289eb42a82f483c7ffbd67af77efba8be26cecb24ffb9d35617Mandriva Linux Security Update Advisory - Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed.
df8d7dc5bef1b8661acb2ae9fd7ad34493349baa3daba6e152d7f4fa96136577Mandriva Linux Security Update Advisory - A bug was found in the way the pam_ldap module processed certain failure messages. If the server includes supplemental data in an authentication failure result message, but the data does not include any specific error code, the pam_ldap module would proceed as if the authentication request had succeeded, and authentication would succeed. This affects versions 169 through 179 of pam_ldap.
1c8c93daaa5f913213407f6a73ad9ff723b3821b0c481e4640796f19fd334bd6Mandriva Linux Security Update Advisory - "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.
2d5b26da4c2651904587f7e2e1c4a615c6750ac7d289224abbbeb27829f09aeeMandriva Linux Security Update Advisory - Javier Fern
1e8cee6ff1485779117b7c9f67f24678d6f076377f7903083aa290c52eb891f7Mandriva Linux Security Update Advisory - Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitize data read from an SVG file and is hence vulnerable to execute arbitrary Python code.
f000475a6708305f86349410e4b1108f015d991817e44392ae088316b69a934bSecunia Security Advisory - Gentoo has issued an update for phpmyadmin. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
f7604f37c4fee38c638e4dee70d2cfbd5f3822ecaeb8d1aed90f2eda9360c472Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM HTTP server, which can be exploited by malicious people to conduct HTTP request smuggling attacks.
379b56c8a3e1aa42f93738f96d18ea8e359fd6ce40f80650a9736b3a6442e30aSecunia Security Advisory - Thomas H. Ptacek has reported a vulnerability in Network Appliance Data ONTAP, which can be exploited by malicious people to bypass certain security restrictions.
8dbd4b266ae1477f111ab6cf3bfcdd5b401b02d907fccf2f8cee27a93912ce2eDebian Security Advisory DSA 869-1 - The developers of eric, a full featured Python IDE, have fixed a bug in the processing of project files that could lead to the execution of arbitrary code.
3dd09913c1aa97d29bf853f01d6b3848cf7d26711d747e5df738ebfb29270246Debian Security Advisory DSA 868-1 - Several security-related problems have been discovered in Mozilla and derived programs. Some of the following problems don't exactly apply to Mozilla Thunderbird, even though the code is present. In order to keep the codebase in sync with upstream it has been altered nevertheless.
a27ce35d6aff87fa238c97afe173eb8ec84701827f563a520d7c429815e9ec98Debian Security Advisory DSA 867-1 - Eduard Bloch discovered that a rule file in module-assistant, a tool to ease the creation of module packages, creates a temporary file in an insecure fashion. It is usually executed from other packages as well.
ba6a331b5a7ddc5f2ac3b42d2c5f3e666528ade8e9b7ff6fcb88b236002cfb96
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed