SUSE Security Announcement - SUSE-SA:2006:016 - A programming flaw in the X.Org X Server allows local attackers to gain root access when the server is setuid root, as is the default in SUSE Linux 10.0. This flaw was spotted by the Coverity project.
3b96230c3677d9dbeaa5a217f3bf600f0d44bb66092ec2f718dc5d5495ab900d
Mandriva Linux Security Advisory - Multiple integer overflows in the new_demux_packet function in demuxer.h and the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value.
54fbfa44bc4ce46c7e7e5a855cf8134006656b7d86c6868f140376e5c7da05a4
iDefense Security Advisory 02.24.06 - Local exploitation of an access validation error in SCO Unixware allows attackers to gain root privileges. The vulnerability specifically exists due to a failure to check permissions on traced executables. The ptrace() system call provides an interface for debugging other processes on the system. SCO Unixware's implementation of the ptrace system call fails to check for setuid permissions on binaries before attaching to the process. This results in the complete control of memory and execution for the traced process with root privileges. Attackers can inject data into the running setuid process and execute arbitrary code with root permissions. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
6eaaa424b75ac17dcb4ec8cdd9b4609599cfbdd9bbe9aea98a0e116202a59614
SUSE Security Announcement - A new release of Heimdal fixes a file ownership flaw and a bug in the telnet server.
b0218c3a06d64bab844e1669fd6710cd43861365008010a8bab1d843588da063
IRM Security Advisory No. 018 - A buffer overflow exists in Winamp's handling of a m3u playlist file. Version 5.13 is affected.
3def06357bbd61ad42bef60b1155880a09482b306cbc4c4de3efe11138eb667c
SpeedCommander version 11.0, ZipStar version 5.1, and Squeez version 5.1 all suffer from directory traversal vulnerabilities when processing malicious JAR and ZIP files.
bb515a90987a52b0bcf6be0d1ee106843efd253c6e4dd84acebf0dd2ddc1b8cd
The StuffIt and ZipMagic family of products are susceptible to directory traversal attacks when fed malicious ZIP or TAR files.
c215ce4b2050fda487a6104a94326d192aa07123f49c0b623e011bedb6bebc27
WinAce Archiver versions 2.6 and below are susceptible to a directory traversal attack when fed a malicious RAR or TAR file.
ac1620c545b765e381ee1711f9bad0b294b6f1193c8e749431f4df0125cbca8b
Archive_Zipr is susceptible to a directory traversal attack when fed a malicious ZIP file. Version 1.1 has been found vulnerable.
280500752b6fde37f790414e1ab015b3a73d55ec4a39e136d19dc4b299d57e9a
Crypt::CBC versions 2.16 and below suffer from a ciphertext weakness when using certain block algorithms.
f911e6164e240e4f4fde21d27cd692bd4c1b77cdb690b5af3dc882147bb16a64
NSA Group Advisory - The Bat version 3.60.07 is susceptible to a buffer overflow.
53f832a283f56cfbff68c6402cc8fabd33f8d209921d19e1231bd45409611b88
Adobe Macromedia Shockwave is susceptible to a remote code execution flaw. This specific flaw exists within the ActiveX control with CLSID 166B1BCA-3F9C-11CF-8075-444553540000. Specifying large values for two specific parameters to this control results in an exploitable stack based buffer overflow. Due to the nature of this vulnerability, the target user is not required to have fully completed an installation of Shockwave to be vulnerable.
5cfaec539f1b7ff761308b0fdf9486321ec0325ee3f51ac51d4e9913b27e0688
Secunia Research has discovered a vulnerability in WinACE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when reading an overly large ARJ header block into a fixed-sized heap buffer. This can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious ARJ archive is opened. WinACE version 2.60 is affected. Earlier versions may also be susceptible.
2bc58b470920ea0971ae09b25bd4b75948eee79271c3c6fe7f2cc91ae220dc28
Ubuntu Security Notice USN-257-1 - Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user.
f278b8de3efefa0e1abe7ac7bc7a1a3cdc508ea219eb209035d7748efdac5d67
Secunia Research has discovered a vulnerability in the Visnetic AntiVirus Plug-in for MailServer, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Visnetic AntiVirus Plug-in (DKAVUpSch.exe) not dropping its privileges before invoking other programs. This can be exploited to invoke arbitrary programs on the system with SYSTEM privileges. Versions affected are Visnetic AntiVirus Plug-in for MailServer 4.6.0.4 and 4.6.1.1.
e6abf29609df3b464f194c697b9d4dcf039a87ca86548e384289852d847d8cb8
NSFOCUS Security Advisory - The NSFocus Security Team has discovered a buffer overflow vulnerability when Winamp processes .m3u files, which might cause Winamp to crash or even execute arbitrary code when a user loads a malicious .m3u file and plays it. Affected software includes Nullsoft Winamp version 5.12 and 5.13.
8dadda208c99cdc53be72be04a2cd2d0749f14f94461308a501d946622836140
When feeding zoo a specially crafted archive, an attacker may be able to trigger a stack overflow and seize control of the program.
9422982e39289d304e78eb097b387485df9810f1e7aa80c2b08a8bf23dce1d39
Mandriva Linux Security Advisory - Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail.
66586910de893ad381f105ced19dbb725b10b417fed83d7b0ced7c14a5c1f7a3
Technical Cyber Security Alert TA06-053A - A file type determination vulnerability in Apple Safari could allow a remote attacker to execute arbitrary commands on a vulnerable system.
e78af957993380eb8d34d7bed3c1bf745e97d177298bd9e1219a921d7c7c119e
Google reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.
b1be74e59c96822e90d0d4e5c97dcb26b009d8564d84704e647d8be123188fd9
IRM Security Advisory No. 017 - PortalSE version 2.0 allows a remote attacker to read any file on the filesystem as it runs with root privileges by default. It is also susceptible to a directory revelation issue.
f8316bbc40f81a1d40c3e902f0af3406d89e4ee05c47d023e44a90dfd9660f25
SUSE Security Announcement - An update has been released to fix a remotely exploitable stack buffer overflow in the pam_micasa authentication module.
15d9a76deb0ec2aec35d0fd89ec0f8a1a6a0c027a8f78750b5a4004c3e19d4d5
South River WebDrive version 6.08 build 1131 is susceptible to a buffer overflow vulnerability.
6e6576a6ba534e62e3cf726664e8ffa2521c1d35fed2beaa540783da83a32ad6
PEAR::Auth version less than 1.2.4 and 1.3.0r4 suffer from SQL injection flaws.
3181e9c1c858d0f66f213ffc468ef66ca9bf67e04f13d99ad1b4daaf96b43fb3
Global Hauri Virobot is susceptible to an authentication bypass flaw.
3b3ac939a77acd88b3bd2b1eb448a9cedf10c16a6c06e1f6d4abbb794893e7b3