Secunia Security Advisory - Bernhard Mueller has reported a vulnerability in Perdition, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
4cb6006f1fac6e8f6a30b6cf1389f8dddd23a9d1e19ca5bac6924b4eecd36938
Secunia Security Advisory - Duncan Gilmore has discovered a vulnerability in yarssr, which can be exploited by malicious people to compromise a user's system.
d97f17986e1d34179964985b4da70b2c44705a1348ea0e5048d677e1da76f79a
It appears that the firewall on the new Mac OS X Leopard system is a bit botched.
efa50c2ac1cc5fbec32db0b5e76f7437fc458042c3a85e3b25136a6246f482e1
SEC Consult Security Advisory 20071031-0 - The Perdition Mail Retrieval Proxy versions 1.17 and below suffer from a format string vulnerability.
4efe9018c77b580c8c0bdf7897b14f170b94aec142d3cc6dc57eb1e1f9e4d1f1
Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags.
ff66b477e49a4a9b5d88d1542d5cee03ef01f2f4ca231988e62038f76d3f78fd
Secunia Research has discovered a vulnerability in McAfee E-Business Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets. Affected is McAfee E-Business Server for Linux version 8.1.1.
48d4afec2f5d9ccb7c0a2dfc502a2ae72692c50ed8690518870a45beb34c756d
Gentoo Linux Security Advisory GLSA 200710-30:02 - Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified off-by-one error within the DTLS implementation. Versions greater than or equal to 0.9.8f are affected.
0d73f5bba0849e1ddcfad464c93bbf52c3b793bef96268a80458eb993f14cef2
Gentoo Linux Security Advisory GLSA 200710-31 - Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly enforced. Versions less than 9.24 are affected.
5de4d869f192fec6d1b11761c3c219e64fa4c2a60bc85eb35ea929e7ffea4dd1
iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.
1a95829422936a89bd9887255c30ff92f350d73e274073408ed62d53ae1c4d5f
iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the ftp client of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the domacro() function. This function is called when executing a macro via the '$' command within the ftp program. When executing a macro, the parameter is copied to a fixed size stack buffer using an unbounded call to strcpy(). By specifying a long argument, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 (5300-06). Previous versions are suspected to be vulnerable.
3dec465fdd656832a851c313df9dd10488b2e285927b610249519c54c3cf6f7e
iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-V' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
1152160dd4f6457dc8644941e7cf9fd4d5b9fa651d55372dea033af1fc1e7361
iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-p' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
eb8cc170ed6bb2ea346bb5e6132e53f58af5bec2acd833b04f0b10e62fb9c848
iDefense Security Advisory 10.30.07 - Local exploitation of an integer underflow vulnerability in the dig program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within dns_name_fromtext function within the libdns.a library. This function is called when processing the '-y' command line parameter to the dig program. By supplying a specially crafted TSIG key parameter, an attacker is able to cause an integer underflow, resulting in potentially exploitable heap corruption. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 is not vulnerable since the dig command is no longer installed set-uid root.
ec26bd7b077f967aa8a68f926d03462460aa6ced38d18b3c6d83bfa3e540affe
iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the crontab program of IBM Corp.'s AIX 5.2 operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the main function. While processing command line arguments, the crontab program will copy a user-supplied argument to a fixed size BSS (data segment) buffer. Since no bounds checking is performed, it's possible to overwrite a large portion of the data stored in the BSS memory area. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 does not appear to be vulnerable.
bf2bf7ab5d98550fc89a5faddb98bd4109429208cc010b3c2097a31ab31c0e91
iDefense Security Advisory 10.30.07 - Local exploitation of a file access vulnerability in the swcons command included in multiple versions of IBM Corp.'s AIX could allow for the creation or modification of arbitrary files anywhere on the system. The vulnerability specifically exists due to a lack of sanity checking when using the -p option. If a user specifies a file with the -p option, the contents of that file will be overwritten with 65,535 bytes of uncontrolled data. If the file doesn't exist, it will be created. In both cases, the file will also be converted to mode 222, which allows all users on the system to modify it. By specifying a system file, users can cause a denial of service condition or elevate privileges. iDefense has confirmed the existence of this vulnerability on IBM AIX version 5.2. It is suspected that previous versions are also vulnerable.
137f1cad4a41d7bcbdb4f9ae9c4cf56ffb3ca54059b49a1b60264399bd6c42f0
Secunia Security Advisory - A security issue has been reported in Liferea, which can be exploited by malicious, local users to disclose sensitive information.
c45892a67321ca0fda774d36067af6f0cb866bd402a336be15ad352fe5a3e46e
Secunia Security Advisory - Secunia Research has discovered a vulnerability in the IMail Client, which potentially can be exploited by malicious people to compromise a user's system.
d90e0e574f1a26be3de62b51e0f769d4c64bb9d1af1fedcdc6742e17f0092a08
Secunia Security Advisory - Fatih Ozavci and Caglar Cakici have reported some vulnerabilities in RSA KEON Registration Authority, which can be exploited by malicious people to conduct cross-site scripting attacks.
2a78f18e1de140d32f2b878fcd997505ecb3af1c092a4cb6fb1ded04361aeb3f
Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
59cf61227907084b9441ce6c855e66bd4b2943ed71f734804249efc09efe4488
Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
b6434f871c6a2219d2951540714048beb09bc9730d855a6a46b86799d663141d
Secunia Security Advisory - Janek Vind has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
4ffdc6a0e0547f79cf7ed236db00d31cfd0133303f8b86e54be47dfa0606ab08
Secunia Security Advisory - A vulnerability has been reported in Sun Fire X2100 M2 and X2200 M2, which can be exploited by malicious people to compromise a vulnerable system.
9e7baccbff28851235fa660fa87fd238e4ddfdcb29d390915d4ff6d23e9e9c40
Secunia Security Advisory - rgod has discovered a vulnerability in GOM Player, which can be exploited by malicious people to compromise a user's system.
8423a7a19569b1ffe40ceb834dbee3d6fabd64c8f95fa87430594e264faf6622
Secunia Security Advisory - 0x90 has reported a vulnerability in PHP-AGTC membership system, which can be exploited by malicious people to bypass certain security restrictions.
21b91a27815844d3d76a7fd6f5de522fc4783137e182523d9ce916b6907650c9
Secunia Security Advisory - Fedora has issued an update for ruby. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
3bc780fe13bbae50641cf16a68252ab25f805b94d581587923450571713074c0