Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.34, 5.0.0 to 5.0.30, 5.5.0 to 5.5.20, and 6.0.0 to 6.0.5 suffer from a cross site scripting flaw in Accept-Language header processing.
d999b15d8c14e8f9941eb0de2b9fcc406bb711763d4e143d20615de1a557bab6
iDefense Security Advisory 06.18.07 - Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. The vulnerability specifically exists due to improper handling of UTF-8 sequences. When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.5.1. Previous versions are suspected to be vulnerable.
eaec603cc0f1fc35245ab560fc482e2cf32d55c0def227512013cdcf240eb5f1
FuseTalk version 2.0 suffers from a SQL injection vulnerability.
79e424a6046bfd9991c3bc4708f02f767edba1870e8667c40d360d161345227f
Debian Security Advisory 1312-1 - It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.
d6e583ec69a0e856aaa4acac15a004b79f0f9e922d60c725400771ac6e3f4fd8
Debian Security Advisory 1311-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statement called "security definers", which could lead to SQL privilege escalation.
f08303e0be1766a41d362b7f6b57ab00c0283603b5318df656b3e21da5e27cd5
Debian Security Advisory 1310-1 - A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.
967623ddb81a7982e09c9a0c4fed2f8f1ce6412d50236b450aacc4657b41fd37
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.4.
e1a9acb96925546add3e1ce254a50bbc614252f074056a0ef5979608da50141f
Debian Security Advisory 1309-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called "security definers", which could lead to SQL privilege escalation.
50aa9626cfa4730da2fe0ed5a11678a3a2a16dad9a652c32e07e8f4b9cd94973
Safari version 3.0.1 for Windows appears to suffer from a denial of service condition in corefoundation.dll.
3eb10776e8d0480314e59dc2a8e510c996109a6b09fea84edeceb51250f9432f
Debian Security Advisory 1304-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
32a9a2f20377739a47fa7d5c7bff44f5ffa3ce0d0a0a58fdfd7b4b880621dba8
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.4.
05c53ade90b873cf4bb988e7c07cf6d6684d8a3da90559b82317f62755e0aff3
phpListPro version 2.0.1 suffers from a cross site scripting flaw.
4ac08140ae3c4f00c6daf5b11559df1a45663acd0a1fd3b36d12bd4c45de1e95
Papoo Light CMS version 3.6 suffers from cross site scripting flaws.
e579f75a655d419fa11dd11b26f62c32799f3cbefdaed0aa31631736bd823045
Gentoo Linux Security Advisory GLSA 200706-05 - ClamAV contains several vulnerabilities leading to a Denial of Service. Versions less than 0.90.3 are affected.
b4e345fa075f4c567e32596985e2cd9f416f9aef985602312552f6b5d244db90
Kaspersky Internet Security 6 hooks many functions in SSDT and in at least nine cases it fails to validate arguments that come from the user mode.
88baa51895098a119b253129abb370e0e3855658a1194e120b3e2226fededcb1
Mandriva Linux Security Advisory - SpamAssassin 3.1.x, when running as root with unusual configuration options using vpopmail or virtual users, could allow local users to cause a denial of service (via corrupting arbitrary files) using a symlink attack on a file used by spamd.
51a5fdeaf6c02118794caa0acc1dd810f18dbb0fb0675dc53164d334f034c39a
Elxis CMS versions 2006.4 and below suffer from a SQL injection vulnerability.
d53eb6928d0f75544d96921f1a3054e4b17885be06a5ee60f367852f79e0e232
iDefense Security Advisory 06.14.07 - Remote exploitation of an input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting (XSS) attack. The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted. iDefense has confirmed the existence of this vulnerability in MyFaces Tomahawk version 1.1.5. Previous versions may also be affected.
244283775e3ba1442966782ad515ee3b4e94173b27931fb11f8a1cb4f498d173
Debian Security Advisory 1308-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
d0351618063473adc3c0fb3a3bec7f4695f33cf5c58e5d2ea61ac013924a3fee
Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from a cross site scripting flaw in the Host Manager Application.
0cf8c43036f2c7837ce86bba5bc54b9dea03e8669966df6441046992fbb203b0
John Heasman of NGSSoftware has discovered a high risk vulnerability in the handling of RTF documents within OpenOffice. The vulnerability affects all versions of OpenOffice prior to 2.2.1. If an attacker can coax a user into opening a specially crafted RTF document then the attacker can execute arbitrary code in the security context of their victim.
be4a33febe226d70a1f14570aa889aadb761814ecb40cb7d6d9614c7df6778d0
Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue.
c2838daf428e6274de9cf428e2c50be048207775770e300811229d5279e638f4
Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Libwmf uses an embedded copy of the gd source and may also be affected by this issue.
a8c79f68d3e3b0e5f6f5a4590aa697c61132ca007fc791d15e58185c6f9f9cf6
Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption.
2e3ba270ea3c4d1919f6f93689f647974c766f1a7bc9af560a39ea9541d60645
Mandriva Linux Security Advisory - An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program.
94960e6f55bc1b10bf6a19df85e9a6c69aa8b76672a3ba11ef83907969b799a6