Secunia Security Advisory - Ubuntu has issued an update for imagemagick. This fixes two vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
a585bd16f0fc8e07f0369902f7367112739ffa5e85c1cc445c551c4eae6388b2
Secunia Security Advisory - HP has acknowledged some vulnerabilities and security issues in HP OfO (Oracle for Openview), which can be exploited with unknown impact, to gain knowledge of certain information, overwrite arbitrary files, and to conduct SQL injection attacks.
4a471693ca5f81d6581a4cc37b97b16d4cdcb0f0553f492a8bbc70dd28a8ecba
Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
bfc309ae880f4799c3fd038ad380327708056837d47e11795e4e3195ad702350
Mandriva Linux Security Advisory - Multiple vulnerabilities in the Linux Kernel.
f468cdd7dfeed0b5b4989e9bdcd1832a1eaf9a9aadbfc1f53b306faa7a863d69
Mandriva Linux Security Advisory - A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpreter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site.
a4e3db0d7cbc15065d6f7c0d106d497a16f801a95430aff03ea5c448310faa4d
Gentoo Linux Security Advisory GLSA 200601-11 - Maksim Orlovich discovered an incorrect bounds check in kjs when handling URIs. Versions less than 3.4.3-r1 are affected.
c904c497c5dad9cab2a264f5a8a334230ae4a1b2b269ebfac4e39c913da8321b
Debian Security Advisory DSA 954-1 - H D Moore that discovered that Wine, a free implementation of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files.
fb2479bedb36ebf34a7eeb07278cc6e02076b72527694a66f01a0707ed60bfcc
Debian Security Advisory DSA 953-1 - Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitrary script code into the index page.
6ae1ee4a8fa58e4b0a3fd26d6153a9b27598deb1f5615d2559b5c71308d2d61a
Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identified the following problems:
eea1f4792b9dce39ed16b066bb511324dfa93aa54b14989457397accc5cbf420
Debian Security Advisory DSA 952-1 - "Seregorn" discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code.
297dc39eab131945d3dda20db04a279ff46455cbc3ffd7563053874594bbad70
Debian Security Advisory DSA 950-1 - "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
894517cfbbce2917dba48f8516ba50e796b97b4643208e86422375191b1f6838
Ubuntu Security Notice USN-246-1 - Multiple vulnerabilities in imagemagick.
2c932a143e5c6db4068bb308eb07016d50b4791ae71c7affa3c4b64147c4a086
Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow. By tricking an user into visiting a web site with malicious JavaScript code, a remote attacker could exploit this to execute arbitrary code with user privileges.
137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1
KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability - Maksim Orlovich discovered an incorrect bounds check in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences.
de2920898469668b8477e01dd441a86ad76defc9f97dee827f74e04b4fc113f6
IRM Security Advisory No. 015 - IRM has discovered an information leakage vulnerability in TYPO3 that allows remote users to disclose the file system path of the application when requesting certain files.
b385aa7f32f1b3f660c029e843151ccaf36a908f5c9b73246ebe93270c894671
Technical Cyber Security Alert TA06-018A - Various Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
c32012a8e44781f8409f9639566c1b108afe0366c6ed838709ba52283cf0c8ca
Fortinet Security Advisory: FSA-2006-07 - Fortinet Security Research Team (FSRT) has discovered a URI buffer overflow Vulnerability in the BitComet P2P Client software. It indicates a possible exploit of buffer overflow vulnerability in BitComet. BitComet is one of the most popular P2P Client for file sharing, which uses bittorrent protocol. There is a bug in BitComet, a remote attacker could construct a special .torrent file and put it on any bt publish web site. When a user downloads the .torrent file and clicks on publishers name, BitComet will crash. An attacker can run arbitrary Command on victims host by specially crafted .torrent file.
219c9ec0eded6976a100d7e6ae91e416fcf26afd6ecfcd75a5dc11de98fb928e
Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager versions with Multi Level Administration (MLA) enabled may be vulnerable to privilege escalation, which may result in read-only users gaining administrative access.
e665fa1c49678a873fbea395221a9b83f27ece918f989d91591c2e9f5d0dc978
Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. All Cisco CallManager versions are vulnerable to these Denial of Service (DoS) attacks, which may result in services being interrupted or servers rebooting.
526b6fe76e55d3f5c29d34c72b425c4259e171e9c336c5a68e64b5de33d68420
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
893bdafb33b0995fdf5d4d369fdc534ec823c50ba74e4af414716e55597bbcb8
The following security vulnerability issues have been identified in the DM Primer part of the DM Deployment Common Component being distributed with some CA products.
3bb77b73a739e829a3825d2e8abbaa2acbef94cd5a8a75f892c2a5e96d8e7d82
Blogger's personal page redirection mechanism contains a classic HTTP response splitting vulnerability in the "Location" HTTP header. The problem occurs due to use of unsanitized user-supplied data in the "Location" HTTP header, which enables attacker to inject CRLF(%0d%0a) characters thus splitting server's response taking full control over the contents of second HTTP response. Exploitation of the vulnerability can lead to cross-site scripting (XSS), cache poisoning and phishing attacks.
b1bba7cc5beca200d483fb1ac898c490176fc394f70bf51480e8ff51ed266fc0
The package SYS.KUPV$FT contains 3 SQL injection vulnerabilities in the functions ATTACH_JOB, OPEN_JOB, HAS_PRIVS. Oracle fixed these vulnerabilities with the package dbms_assert.
cacfccadb67c767daee94524725fa95624e17dcb4d30045bcd1abbb1c25e6f85
iDefense Security Advisory 01.17.06 - Remote exploitation of a denial of service vulnerability in EMC Corp.'s Legato Networker allows attackers to crash the nsrd service.
3dd9e50232b3ed57286616217dd334d37e267dd9f103b98f1d2c925be61ba489
iDefense Security Advisory 01.17.06 - Remote exploitation of a input validation vulnerability in Cisco Systems, Inc.'s IOS 11 HTML package can allow attackers to execute arbitrary scripting code.
15d83441eb0f4eca8a5f6e181b29e10704aa00bd1be6c0248814846fe57036e6