Secunia Security Advisory - Mandriva has issued an update for tetex. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and to compromise a vulnerable system.
938b3b1613efc6b3747a1aa738585ebbe2704835cddfe9071cbf1f546e05578a
Secunia Security Advisory - Slackware has issued an update for arts. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
c1b5fb56a750328850e00c21e3bf532ef86b73268c5914cb5c335cfac816d96e
Secunia Security Advisory - Slackware has issued an update for kdebase. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information.
c082e3e7d2ecb73b7a4bb4b3ff44cf1f9903401141b58edee02e2c6c4c208d11
Secunia Security Advisory - Ubuntu has issued an update for mysql-server. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
d6827f0e053c4517946a4f2cd6350d11e6a1ccbc8304db2a8e9f2fa92b33c4a5
Secunia Security Advisory - luny has reported a vulnerability in Metalhead Usenet Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
6cd3f6feb4c9cbaadd7c2cf1073f3aaab024fa12893dc0d245ee05304b74481c
Debian Security Advisory 1103-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
0a2c54ad196f2cfa9218116b3bb0c6f5563fc7cba60ca178312a91393ea19b11
Gentoo Linux Security Advisory GLSA 200606-26 - A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. Versions less than 3.0.2 are affected.
9c1a77a9cc04b7dbab3b6df2d779d889c43fd9253d25127bbb48610c3c38eaa4
Gentoo Linux Security Advisory GLSA 200606-25 - Andreas Seltenreich has reported a possible heap overflow in the array_push() function in hashcash.c, as a result of an incorrect amount of allocated memory for the ARRAY structure. Versions less than 1.21 are affected.
0794e1216598192b7faa2e37b6d5c7afd1e45d142030ef613239d3cadef0a55b
Claroline version 1.7.7 suffers from cross site scripting vulnerabilities.
527e9653b808b6e4a406c0d9068e7977f88f686cc4e2f86849c34574150a37a9
Ubuntu Security Notice 304-1 - Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicious GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.
8ce403909a08d5842575ce2c355e64f139717df41eaa70e0dc91eebc2d07d874
Planetnews suffers from a php shell upload vulnerability.
ef667306450c5b8bd9a3d7cf601f6fbcfb6711e350fbe2e22f6ca46b1872f3ab
The Online Registration Facility of Algorithmic Research PrivateWire VPN Software does not do proper bounds checking handling normal GET requests. Sending an overly long page or script name, it causes a buffer overflow and an attacker can control the EIP to run arbitrary code on the victims machine.
ed57108705046fce7f0788c8851c13a21b39073e06a3b2e3cc8860b156e305dd
OpenPKG Security Advisory OpenPKG-SA-2006.010 - According to a vendor security release note, a memory allocation attack possibility exists in the GnuPG cryptography tool, versions 1.4.3 and earlier.
ea3e7fc582b6e512e44abc057870fae611e22a2034321248199f5314e97c3c3b
Debian Security Advisory 1102-1 - Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.
d71066c86798b30c24f5675f615a795a5fbdaaa5cf3fa7a86a19717324d08dca
It appears that there may be a safe mode bypass via error_log() in PHP versions 5.1.4 and 4.4.2.
c6f9c7254b26d331e6110e668cae4d3caae2f637d4f4cd180b3663b45d4a142d
In previous kernel 2.6 versions, systems that use the SCTP protocol are vulnerable to remote denial of service attacks including remotely-triggered kernel crashes, and all systems are vulnerable to local denial of service including locally-triggered kernel hangs.
0a184d8c9cd14cdfc29f7f2d78a66c38915f67721aee3a75be265bfc14048501
Mandriva Linux Security Advisory MDKSA-2006-111 - Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue.
f8ed87c094831924481b8145d31f992ec2b91591761234bc0da068928d88502d
Gentoo Linux Security Advisory GLSA 200606-24 - A boundary checking error was found in wv2, which could lead to an integer overflow. Versions less than 0.2.3 are affected.
64c9f199bfac9b81f814694c184b26d870f4a30569c979370e170a6f4452da03
A vulnerability has been identified in the Cisco Secure ACS session management architecture which could be exploited by an attacker to obtain full administrative access to the web interface and thus all managed assets (routers, switches, 802.1x authenticated networks, etc). Cisco Secure ACS 4.x for Windows is affected. Legacy versions may also be affected.
fbf80693021296569355b9ad54cadd3aa96fd503cd199519dd68a9b42c2c781e
The Trend Micro Control Manager is vulnerable to a persistent, unauthenticated cross site scripting attack. Version 3.5 is affected. Earlier versions may also be affected.
c3d1d3bbbf78085ec649a55ccb2a77773e6db22a4402d09da1ae786cd449f05e
Trustix Secure Linux Security Advisory #2006-0037 - The Linux kernel and netpbm suffer from multiple vulnerabilities.
2ab7cabaece150fe0d10045a5d14e6a9a1218dd00b173df156c9b9a3bccb3719
HP Security Bulletin - A potential security vulnerability has been identified with the HP-UX kernel. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).
def959faafdb89cbcff7d3a5223705c8886842668bc2b66d9bb3c994a9f32926
Webmin versions 1.270 and below are susceptible to a directory traversal attack.
fa59e3fa0d86976493acec052efc7ea7a7449bd1611072cdf0f932ece26afa50
Debian Security Advisory 1101-1 - A bug has been discovered in the Courier Mail Server that can result in a number of processes to consume arbitrary amounts of CPU power.
389186208da6b5240aafa0008549f543ce3ebfb99d8aae6417ce2ea108185b3c
A remote buffer overflow condition in Real Helix's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed HTTP header. A second vulnerability of equal criticality was also discovered. This bug involved the parsing of HTTP URLs. Affected versions include Real Networks Helix DNA Server 11.0.x and Real Networks Helix DNA Server 10.0.x.
4022b34c3349145110e125c8bc13def3346578012e5faac7c27a6d60fc1afa73