Secunia Security Advisory - SEC Consult has reported a vulnerability in RSA ACE/Agent for Web, which can be exploited by malicious people to conduct cross-site scripting attacks.
12d8adffe0e916ebde01961fd5eca46c4d6b78c1ea686f6ba4d45dbc8356e242
Secunia Security Advisory - Debian has issue an update for koffice. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
6f926128147e15f476d1ff00bb2d6a612811d91291eaf0fd9db6818e540c6c7c
Secunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to gain knowledge of sensitive information, bypass certain security restrictions and compromise a user's system.
d86e4272f26f8fd0a2eda7175d7a3232bb3cda13da014ba7370fc6b1af821ce2
Secunia Security Advisory - Debian has issued an update for libgda2. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
360b383f70942d3899be1061d03a76ecbc42bfc9d2314c70c47412f3d10ebe21
SCO Security Advisory - Buffer overflow in xpdf 3.00, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
c12e6d6bc481931dcd7411f64221e71a6d5e58832187420893295ac95607b08d
iDEFENSE Security Advisory 10.20.05 - Remote exploitation of a buffer overflow vulnerability in the Service Location Protocol (srvloc) dissectors within Ethereal, as included in various vendors' operating system distributions, could allow attackers to crash the vulnerable process or execute arbitrary code.
f84a2cd36e4396316ddd959b480a5923aa5ec3cbd094fbefa3f0372f500ea2eb
Nightmare TeAmZ Advisory 011 - multiple sql injection, XSS, and HTML injection vulnerabilities exist in Zomplog blogging software. POC included.
a6018601dd4804eec98dbf68da4ae123df219bbbff9b7373071b420fc139d4a0
Chipmunk Forum, Topsites, Directory, and Guestbook suffer from multiple XSS and path disclosure vulnerabilities.
23cac3529e4cae30ba7ad7123e1343b17e4ac7da4d4902d5bd9b5eb3dfbe7921
Oracle Workflow is part of the database or application server installation. The parameter end date is vulnerable against XSS/CSS attacks.
2015cccd11fc56c421cc335833dd6265eb14354db7e65f1005b9a8dc48d71dc8
Oracle Workflow is part of the database or application server installation. The parameter response form is vulnerable against XSS/CSS attacks.
2eb6c4ef458b17429b16b1a95e05c214585b85fc4637ec1a482c95d69ecf2c6f
Ubuntu Security Notice USN-211-1 - Hadmut Danish discovered an information disclosure vulnerability in the key selection dialog of the Mozilla/Thunderbird enigmail plugin. If a user's keyring contained a key with an empty user id (i. e. a key without a name and email address), this key was selected by default when the user attempted to send an encrypted email. Unless this empty key was manually deselected, the message got encrypted for that empty key, whose owner could then decrypt it.
15251a7898ac8f26d9970d075f01be3625c63059e6609f41c62dcd1dd6737e59
Gentoo Linux Security Advisory GLSA 200510-18 - RedHat reported that pnmtopng is vulnerable to a buffer overflow. Versions less than 10.29 are affected.
b6fcea74d0ed679c88e40d8e959391fc05cd6ec9dfc18d7c30fc0d65a7099de0
Gentoo Linux Security Advisory GLSA 200510-17 - Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Versions less than 2.2.11 are affected.
e7e66e422db95c30c79aa3f04099d0c57b9306bd7186e3754307131367a27ed6
Mandriva Linux Security Update Advisory - Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code.
ab8941b3a540e289eb42a82f483c7ffbd67af77efba8be26cecb24ffb9d35617
Mandriva Linux Security Update Advisory - Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed.
df8d7dc5bef1b8661acb2ae9fd7ad34493349baa3daba6e152d7f4fa96136577
Mandriva Linux Security Update Advisory - A bug was found in the way the pam_ldap module processed certain failure messages. If the server includes supplemental data in an authentication failure result message, but the data does not include any specific error code, the pam_ldap module would proceed as if the authentication request had succeeded, and authentication would succeed. This affects versions 169 through 179 of pam_ldap.
1c8c93daaa5f913213407f6a73ad9ff723b3821b0c481e4640796f19fd334bd6
Mandriva Linux Security Update Advisory - "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.
2d5b26da4c2651904587f7e2e1c4a615c6750ac7d289224abbbeb27829f09aee
Mandriva Linux Security Update Advisory - Javier Fern
1e8cee6ff1485779117b7c9f67f24678d6f076377f7903083aa290c52eb891f7
Mandriva Linux Security Update Advisory - Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitize data read from an SVG file and is hence vulnerable to execute arbitrary Python code.
f000475a6708305f86349410e4b1108f015d991817e44392ae088316b69a934b
Secunia Security Advisory - Gentoo has issued an update for phpmyadmin. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
f7604f37c4fee38c638e4dee70d2cfbd5f3822ecaeb8d1aed90f2eda9360c472
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM HTTP server, which can be exploited by malicious people to conduct HTTP request smuggling attacks.
379b56c8a3e1aa42f93738f96d18ea8e359fd6ce40f80650a9736b3a6442e30a
Secunia Security Advisory - Thomas H. Ptacek has reported a vulnerability in Network Appliance Data ONTAP, which can be exploited by malicious people to bypass certain security restrictions.
8dbd4b266ae1477f111ab6cf3bfcdd5b401b02d907fccf2f8cee27a93912ce2e
Debian Security Advisory DSA 869-1 - The developers of eric, a full featured Python IDE, have fixed a bug in the processing of project files that could lead to the execution of arbitrary code.
3dd09913c1aa97d29bf853f01d6b3848cf7d26711d747e5df738ebfb29270246
Debian Security Advisory DSA 868-1 - Several security-related problems have been discovered in Mozilla and derived programs. Some of the following problems don't exactly apply to Mozilla Thunderbird, even though the code is present. In order to keep the codebase in sync with upstream it has been altered nevertheless.
a27ce35d6aff87fa238c97afe173eb8ec84701827f563a520d7c429815e9ec98
Debian Security Advisory DSA 867-1 - Eduard Bloch discovered that a rule file in module-assistant, a tool to ease the creation of module packages, creates a temporary file in an insecure fashion. It is usually executed from other packages as well.
ba6a331b5a7ddc5f2ac3b42d2c5f3e666528ade8e9b7ff6fcb88b236002cfb96