Yahoo Instant Messenger suffers from a remote flaw that allows a browser to be launched.
3664cbddcc34785d915a40ed0743f9f1bca1614515aebb46884146fb317f77a9
Secunia Security Advisory - Some vulnerabilities have been reported in Dokeos, which can be exploited by malicious people to conduct cross-site scripting attacks.
0f4c03f8a14b19bd04f8d087758f1ec10b2e08b45f6c4f72c831664a4fa6436d
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Application Server (SJSAS) and Sun Java System Web Server (SJSWS), which can be exploited by malicious people to gain knowledge of sensitive information.
a5b21a2201907f7b53a0e0183bc4668082c153259b0a2de730355d7b89a7c949
Ubuntu Security Notice USN-328-1 - Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling for Apache 2.
5d77a8775e2b6a5bbfe4f64cd313a26d5c76928cd971164d7d08fbd0b0aa3655
Ubuntu Security Notice USN-327-1 - A multitude of javascript related vulnerabilities have been patched in Firefox.
a86d624fcd8df7fc620b513f3e6fe047d4d853bda7e7a3cb1a90dbc9c55e4fbc
Technical Cyber Security Alert TA06-208A - The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
86ea302741e04f7adec9c59cfe0f6d1c012d7ce705526cc004e3a7bf46a8a996
Ubuntu Security Notice USN-326-1 - Yan Rong Ge discovered that heartbeat did not set proper permissions for an allocated shared memory segment. A local attacker could exploit this to render the heartbeat service unavailable causing a denial of service condition.
7600556aac7c37b758cd243710ba9b13c441db44370096f4c00c8749f5352e97
Ubuntu Security Notice USN-325-1 - ruby1.8 suffer from flaws where the alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations.
9c1a6992c54e44376d86b629d30ceea887c1f54569b11165a6763e0d35aa4d22
Secunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an memory corruption error within the handling of simultaneously happening XPCOM events resulting in the use of a deleted timer object. Successful exploitation allows execution of arbitrary code. Versions below 1.5.0.5 are susceptible.
762ec07c76ea414272e2b2b553bef57a62f2f3d3ca6502c14d0ca71ffef11f14
A stack-based buffer overflow has been discovered in Winlpd version 1.26.
6417117d987bd7535b592edb12b8f55e974a45f5b19effd46b1948d79d789f97
Debian Security Advisory 1126-1 - A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private Branch Exchange and telephony toolkit, which may allow a remote to cause a crash of the Asterisk server.
ed97b618f3fe640d0a39f1848913ff8349dbea8a91798c9f7875aaae2036c1d8
The NSFocus Security Team discovered a remote denial of service vulnerability in ISS RealSecure/BlackICE product lines' detection of the MailSlot Heap Overflow as discussed in MS06-035.
5dfdf3223765450a2bdc73337631272e27ef28cafd53ac721bfcaa511b04ccf4
Yahoo! Mail suffers from a cross site scripting flaw.
53aa1dbba6ce325a55d608e20fde59636f71ead1fd1dfcdde26ec3e0a8a77207
A vulnerability exists in Firefox versions 1.5.0 through 1.5.0.3 and SeaMonkey versions 1.0 through 1.0.2 that allows attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
92ff76589f52b7f12a99064f622ee16a1fcf346cee16f9c98a1edf93b848a97c
Debian Security Advisory 1125-1 - Several remote vulnerabilities have been discovered in the Drupal web site platform, which may lead to the execution of arbitrary web scripts.
d33d79b369ff9056d0cb5795b4f5bb0d5be992bd5fb933073859c9c6f9010aee
Debian Security Advisory 1111-2 - It was discovered that a race condition in the process filesystem can lead to privilege escalation for the Linux 2.6 kernel series. The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated.
29d04f30390e5c6a5457d0a7c7fb811303f7b8c1e81d94df734664be018dbfad
SUSE Security Announcement SUSE-SA:2006:042 - A slew of kernel related vulnerabilities has been fixed in SUSE Linux for the 2.6 series.
4c8c22343a9c6f45ba441423e790535d6fa953e7a4733a9309a92d7c98856860
NTA Monitor discovered a denial of service vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer in July 2005. The vulnerability affects Phase-1 of the IKE protocol. Both Main Mode and Aggressive Mode over both UDP and TCP transports are affected. The vulnerability allows an attacker to exhaust the IKE resources on a VPN concentrator by sending a high rate of IKE requests, which will prevent valid clients from connected or re-keying. The attack does not require a high bandwidth, so one attacker could potentially target many concentrators. This mechanism behind this vulnerability is similar to the well-known TCP SYN flood vulnerability.
be9e71e7ed762a62e165c493b33ebe9e8bc248cea205d65985b9212c0de7e083
Secunia Research has discovered a vulnerability in AutoVue SolidModel Professional Desktop Edition, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of ARJ, RAR, and ZIP archives. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is opened. Successful exploitation allows execution of arbitrary code. AutoVue SolidModel Professional Desktop Edition version 19.1 Build 5993 is affected. Other versions may also be affected.
e93adff3a8f625d54d58dc9486926383f88de6f10f23d5b6f9a008feef926f49
Ubuntu Security Notice 320-2 - USN-320-2 fixed several vulnerabilities in PHP. James Manning discovered that the Ubuntu 5.04 update introduced a regression, the function tempnam() caused a crash of the PHP interpreter in some circumstances. The updated packages fix this.
2198394c03ebd4c25f5b37e6da9b26b5af15075834b194d7361046b1ac0d0df8
Ubuntu Security Notice 323-1 - A massive security update for multiple vulnerabilities in Mozilla has been released.
5bac46201d85b7d87564a81483d060451294ae059915c3f5ed9d49a994560665
OpenPKG Security Advisory OpenPKG-SA-2006.014 - Brian Caswell from Sourcefire discovered vulnerabilities in OSSP Shiela, a CVS repository access control and logging extension. The vulnerabilities allow arbitrary code execution during CVS file commits if a filename is specially crafted to contain shell commands.
651a47962b4a17cf094ec8d6a0a5335125974ff1d48fa54c362051e4b58cf1c3
An arbitrary code execution vulnerability exists in PowerArchiver version 9.62.03.
be1c7f5acea357664b1372470353015f39b13264a61266b84630702156f1c79c
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
ca910b5e37e9b7f2457130bcc74c4501716cae92c7e6c40a020f4c920fc00416
Secunia Security Advisory - A vulnerability has been reported Heartbeat, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
98af680579b0b8d507a1f05da143f6235c24ea406e73de0898a881772016a33a