Debian Security Advisory 1046-1: several security related problems have been discovered in Mozilla.
c2f0c9e203162fb84f6b688dccec9383a68497b59eb532ef2e5cace16e088da6
Debian Security Advisory 1045-1: Hendrik Weimer discovered that OpenVPN, the Virtual Private Network daemon, allows to push environment variables to a client allowing a malicious VPN server to take over connected clients.
7e56f1abf9d34d6fdbd18f7cf9d97721361848c944083e1ba23c6524ac565f49
Gentoo Linux Security Advisory GLSA 200604-17 - Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code. Versions less than 0.99.0 are affected.
274c34275604ba38466f25c5349e68a8a12a9f894906491dc9ee4c7542cf0d1a
Gentoo Linux Security Advisory GLSA 200604-16 - Federico L. Bossi Bonin discovered that when handling MPEG streams xine-lib fails to make a proper boundary check of the input data supplied by the user before copying it to an insufficiently sized memory buffer. Versions less than 1.1.2_pre20060328-r1 are affected.
531ceaff9013caccdc626f88d42dcc301d411606a8899d31b399c17c9643a162
Gentoo Linux Security Advisory GLSA 200604-15 - Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing. Versions less than 0.99.4-r5 are affected.
598bb82dbb0a13d0345301e976c12e42cb133a68bc17fb557bb5253daa532a58
Debian Security Advisory 1044-1: Several security related problems have been discovered in Mozilla Firefox.
b689441635aac4e585b34c93df67a8395721260b7788928c34429803f9cb4f83
Debian Security Advisory 1043-1: Erik Sj
24dbde5281a263a3b0505b5c06cea313fd47b3cb6eae947c110dd6b5557834dc
Mandriva Linux Security Advisory MDKSA-2006-079: A vulnerability in how ruby's HTTP module uses blocking sockets was reported by Yukihiro Matsumoto. By sending large amounts of data to a server application using this module, a remote attacker could exploit it to render the application unusable and not respond to other client requests.
2a4613903a321fd77f236960aaee86901b5194f2ca53df46addbb68198bf1d02
Mandriva Linux Security Advisory MDKSA-2006-079: A vulnerability in how ruby's HTTP module uses blocking sockets was reported by Yukihiro Matsumoto. By sending large amounts of data to a server application using this module, a remote attacker could exploit it to render the application unusable and not respond to other client requests.
2a4613903a321fd77f236960aaee86901b5194f2ca53df46addbb68198bf1d02
Mandriva Linux Security Advisory MDKSA-2006-078: A number of vulnerabilities have been discovered in the Mozilla Thunderbird email client that could allow a remote attacker to craft malicious web emails that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, or other information. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the program.
5f84e7e68f4ac060eaeb03eb4c2872d421dcf6d6993ff57259ec7a4ae3449829
Mandriva Linux Security Advisory MDKSA-2006-078: A number of vulnerabilities have been discovered in the Mozilla Thunderbird email client that could allow a remote attacker to craft malicious web emails that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, or other information. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the program.
5f84e7e68f4ac060eaeb03eb4c2872d421dcf6d6993ff57259ec7a4ae3449829
Mandriva Linux Security Advisory MDKSA-2006-077: A number of vulnerabilities have been discovered in the Ethereal network analyzer. These issues have been corrected in Ethereal version 0.99.0
2e95063752443adee9e5ceec80c60e69aaabf4074246e81446192a4bf1a3a64f
Mandriva Linux Security Advisory MDKSA-2006-077: A number of vulnerabilities have been discovered in the Ethereal network analyzer. These issues have been corrected in Ethereal version 0.99.0
2e95063752443adee9e5ceec80c60e69aaabf4074246e81446192a4bf1a3a64f
Mandriva Linux Security Advisory MDKSA-2006-076: A number of vulnerabilities have been discovered in the Mozilla Suite that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other information from web pages. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the browser.
168a1f3d0fc4663f82b500b6b14843de5fdc405aa30aad5679303bb2f2c7c45c
Mandriva Linux Security Advisory MDKSA-2006-076: A number of vulnerabilities have been discovered in the Mozilla Suite that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other information from web pages. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the browser.
168a1f3d0fc4663f82b500b6b14843de5fdc405aa30aad5679303bb2f2c7c45c
EMC Insignia has released an update to Retrospect 6.5 and 7.0 Windows to address several recently identified security vulnerabilities.
64c45ce149d42ad3c25dcc9eac64f21f35f2c9559dbccf5aa9e897b26f08a006
Multiple vulnerabilities have been identified in IP3 Networks 'NetAccess' NA75 appliance. Vulnerabilities include SQL injection, command execution, and information disclosure.
480eafdfcc9a703dadbe001fe7bfc64ba155dfcf0aade9d2d1ca07bd25fce829
Two vulnerabilities was found in the ARI package included in the asterisk@home Distribution versions 0.7.15 and lower. These vulnerabilities allow a user to listen to voicemail from any other users and and to disclose configuration password.
59890f2b941cdebd235dc7cd0cf208a2602022c8cf0d754796a8130687c7ccbf
Cisco PSIRT's response to the privilege escalation vulnerability in multiple Linux based Cicso products including: Cisco Wireless LAN Solution Engine (WLSE), Cisco Hosting Solution Engine (HSE), Cisco User Registration Tool (URT), Cisco Ethernet Subscriber Solution Engine (ESSE), CiscoWorks2000 Service Management Solution (SMS)
5fed5f29f98f68d37f4b0e34a99ad89ec73549e4955eedd56cf3633347bb56be
Assurance.com.au - Vulnerability Advisory: Multiple vulnerabilities in Linux based Cisco products. the "show" application has several vulnerabilities which allow an attacker to "break out" of the shell and execute commands (including /bin/sh) as the root user.
ffd7ec925a08321578c4606c7b0a6bde0583a426858c95a75515779c416b030a
The package SYS.DBMS_LOGMNR_SESSION contains a SQL injection vulnerability in the procedure DELETE_FROM_TABLE. Oracle fixed this problem by using the package DBMS_ASSERT.
1eb412d989006bda131499a0f77fe151a8bbbc7dc287b8e0d7be3dc8c7bd297f
Some components of Symantecs LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack.
a36f19d2a6ed11d0ffb67d60451dbbfebd2b4a55d7432dc8a62f16c20cc2b9fc
phpLister v. 0.4.1 suffers from XSS.
8b1f1255e539096abf589d91e29f48549f7c3a9af76ed4ba68514c56be5bde95
A paper discussing the various vulnerabilities in Ad-Aware.
4b6a28f895b49f29af11ab0ad13559dae263a936ed19aedc7e28d7ca632b9ba8
open security advisory #16 - Xine Media Player Format String Bug - There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.
d4f570c418c920fa2ace268f9e01803444655bf73c95bb1f9a806e7168cb8848