Secunia Security Advisory - A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct cross-site scripting attacks.
2fb300e3d8c715ccd9ddbf0bf7dde6b674555ce574b66cf1163ae528afa9c820
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.
dbca2c291e326b6ba9c90f4a0212519e0799cfb0cfa010fc788bf50a34fa8c40
Debian Security Advisory 1621-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
d9e9b17ae430792b3892c2e8cc7aba7e6dc8661a98936f7ac20724829756f2a5
Debian Security Advisory 1620-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.
6e3e15e9e8b3836df02d4373a1b2c87302d63c013578893c8e1e739ccfe98812
Debian Security Advisory 1619-1 - Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.
ebe12a113c6df6c042ef47a1dba8bec4c568a74767c16910863035f96e4a9dbf
Debian Security Advisory 1618-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code.
18280e047380ecb31bcbcbd6d8fe8de6559af0e4692a69fa5ec3ea2352e79e79
Debian Security Advisory 1616-2 - This update corrects a packaging and build error in the packages released in DSA-1616-1. Those packages, while functional, did not actually apply the fix intended. This update restores the fix to the package build; no other changes are introduced. Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
51275dc8498a1260ec4a99764c2986c3d3164b4dc36a15ff51cec45f58d14d6a
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16.
1a1feb90c9988e61bcb518e33f6acd3b11f0f3d648503d3f2efaccfd1b4f80c9
A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control. Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user.
e5a1b62ac9be31af6068765c6d46144550da0621b7283dcfd5d9530cfd5aafe5
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. Upon deletion of this file, an exploitable stack based buffer overflow can be triggered.
2d8b4f84809b950729bc6aaba33360d9344f34c731fe1bb7bd34b47bc0023848
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code.
b433b68fb71e6f89bcc303229b44bf4ed20aa5c9d0698e4e7b03178f568dc5e7
RealPlayer suffers from a vulnerability where the WindowName and Controls properties of rmoc3260.dll do not manage heap memory properly resulting in a use after free condition which can overwrite heap management structures resulting in code execution. RealPlayer 11, 10.5, 10, and Enterprise are all affected.
f4a867bf834fd12002bf185f61e63741d9d542b0daa5b3009f9be2f18b59f04c
Security Objectives Advisory - The Cygwin installation and update process can be subverted to a lack of checksum verification. Cygwin setup.exe version 2.573.2.2 is affected.
7cbfe265f4aef5c957f93a0d315cd5334c327902cc77191d1a586a89fab67f7a
Secunia Security Advisory - Mark Janssen has reported some vulnerabilities in Blackboard Academic Suite, which can be exploited by malicious people to conduct cross-site request forgery attacks.
47b3f4a6da9fb3d92b8f5d41577a9e3cf8a8404a408bfe476a11d83f99251917
Secunia Security Advisory - Mr.SQL has discovered a vulnerability in Atom PhotoBlog, which can be exploited by malicious people to conduct SQL injection attacks.
d556e6a7d45a557a94d6f1c200a9ff7718ca4a40e4177f0663651c54d55b6a58
Secunia Security Advisory - BlueCat Networks has acknowledged a vulnerability in BlueCat Networks Adonis, which can be exploited by malicious people to poison the DNS cache.
4cbddeb039c5677a9505612221d913ee2c6a232b9f4ff2e54b9ae87e5ba64cb6
Secunia Security Advisory - IRAQI has reported a vulnerability in Live Music Plus, which can be exploited by malicious people to conduct SQL injection attacks.
d0d7772764d93d29a3151d957e73d23c4fdf4eff703a554393a75e6841f80c81
Secunia Security Advisory - Some vulnerabilities have been reported in Lore, which can be exploited by malicious people to conduct cross-site scripting-attacks.
09a47817ac455142da7fc69eaa1b2d9e7f6e1bcab38455cb5396da005d881769
Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
c33555efe554154007f0eec9f3a0e55a7e3c3b8df644758ce5feb1ce9c0cd0d9
Secunia Security Advisory - Red Hat has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
da6b3ec3dec5683f929aae4db72211e9eccc86251addf794c1817c33cb159a91
Secunia Security Advisory - Red Hat has issued an update for vsftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
fa585121dcd4c7727104d9d96e4bd8cd6105572bdb54af299ae45bb6197fe7a2
Secunia Security Advisory - Red Hat has issued an update for rdesktop. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
73a4340870193b1f73a1c86c910656609334555d747cc8da5ee33f18ed4963bb
Secunia Security Advisory - Red Hat has issued an update for coreutils. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
6a5a6467a63e070dc20feca15bf5ea08a77786dd710b0a50a3c92081c39b22db
Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or to bypass certain security restrictions.
87a3390b96d65efa94562d921997bc1b3c5eed17eed8c60866eeea1bf591f756
Secunia Security Advisory - Red Hat has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.
f43a0e989b3c251ff1d7c5f7c6a26a82bbe028521e191042168c627ef5b31e71