Secunia Security Advisory - A vulnerability has been reported in Discuz!, which can be exploited by malicious people to conduct cross-site scripting attacks.
45147727edb737972c04223710c147593473d2f08e34864ac63c730511bd7a50
Secunia Security Advisory - HP has acknowledged a vulnerability in HP-UX, which can be exploited by malicious users to bypass certain security restrictions.
1fd8ae201f01601776f609400b5628d75277bfc210207ecb3c6368912ed90649
Secunia Security Advisory - A vulnerability has been reported in F2L 3000, which can be exploited by malicious people to conduct SQL injection attacks.
b1e461935c43b6ef7a7e3ea142c84ba5291c4fe8c6bcabe0698b32978d0ed4cf
Secunia Security Advisory - Ubuntu has issued an update for python-xml. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
f688a19de55081af738641af52e77a7f585f8dc0e1b7cd3c4b6920e0afce6e8a
Secunia Security Advisory - A vulnerability has been reported in e107, which can potentially be exploited to compromise a vulnerable system.
785a98a49cb5484331a7f0eecadf8992fba8a0a28fad233b7c2ea10ac1e2fc37
Secunia Security Advisory - A vulnerability has been reported in Status2k, which can be exploited by malicious people to conduct cross-site request forgery attacks.
f2eac820cb3abefe91bda00f5274d9d5363d540c79bf1005a76031fb705b0682
Secunia Security Advisory - Debian has issued an update for phpgroupware. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, or conduct cross-site scripting and SQL injection attacks.
a61c4bb2490ecd3f1b69a787f492a6341a65cf097f9781d7697c1365a132af59
Secunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Web Proxy Server, which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system.
3caff4f311ba1ee5fd6b8144da6ff7c14c7f8883e03e144c4591de09204698bb
Secunia Security Advisory - A vulnerability has been reported in Piwigo, which can be exploited by malicious people to conduct SQL injection attacks.
372a2a8ec9c02c4798130e8c7d940826f4e65b2942786aaf0bf652228dbd89bf
Secunia Security Advisory - Some vulnerabilities have been reported in LedgerSMB, which can be exploited by malicious people to conduct cross-site request forgery attacks and by malicious users to conduct SQL injection attacks or bypass certain security restrictions.
597e279a83f4947a3dce5f574a463ad120e35e708ac96c42a9cad078476d58fc
Secunia Security Advisory - A vulnerability has been reported in WebSphere DataPower, which can be exploited by malicious people to cause a DoS (Denial of Service).
5d1f1b6ca8eaa25e6e94e42eebf511cdbea960b45652ad39d87908d97574af71
Secunia Security Advisory - SUSE has issued an update for acroread. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
83b0204a0e519c0f12b6b441cb0d61a18280a6bc1eb0221461e4ac827c1305c4
Secunia Security Advisory - Multiple vulnerabilities have been reported in Event Horizon, which can be exploited by malicious people to conduct SQL injection attacks.
f2e22eaa99f7bfda7ea8747d5592f33294c2e7eaf82ff43fc48043b7e734ad81
Secunia Security Advisory - A vulnerability has been discovered in sudosh2, which can be exploited by malicious, local users to gain escalated privileges.
6f535930e3b22bc649d358160838220ea3fc5693d4a497b6128514f7e9eac7b1
Secunia Security Advisory - A vulnerability has been discovered in sudosh3, which can be exploited by malicious, local users to gain escalated privileges.
621ee184db3e05aecf62dffa3166a25f2624f52009f9402c32f8edd26c1c961f
Debian Linux Security Advisory 1979-1 - Multiple vulnerabilities have been discovered in lintian, a Debian package checker.
66bdce5efc2c4f89600880114fde96c74c17bd93a0f636d2f784a32d116812e2
Ubuntu Security Notice 803-2 - USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem. Original advisory details: It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.
c90a7824d2bd0d7a5899ee65553262f2b5893da989fde41ccb00958d6d18c356
Cisco Security Advisory - Multiple vulnerabilities exist in Cisco Unified MeetingPlace. These range from insufficient validation of SQL commands to privilege escalation.
4aa2bb0a2d41ca620ec9b7fb3d6cde2d020c75b3fc9ea78f77febad00c3de1b2
During a penetration test, RedTeam Pentesting discovered that the GNCaster software has multiple bugs in its implementation of HTTP Digest Authentication. Versions 1.4.0.7 and below are affected.
9d79b054da7caa24e58f55b14bf0e509c7751dadf932bbd3cc895783315d6c75
Mandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.
bcbed668507255178c552af90eaf168b462be20aa49012dc6e3325cff54e5b26
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be exploited to gain unauthorized access.
f005f9cfa047a6194fc3cee0b7cdb059b9ebba599306ba8cfe92220af2f03747
Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.
701ad2e7099f449e19e82471a31b95691ff8ff843d3d5029da766636d5585359
Debian Linux Security Advisory 1978-1 - Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP.
69f85bade634aaa80b3a1ffe6f5ddcafd82e697ba944c468ffbf9fa38537dbdd
Mandriva Linux Security Advisory 2010-026 - libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \\'\\0\\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
d24aa6b26a33a379ee5a3aeb6a16a1856818804de3fa37eae392f97c6825290a
Ubuntu Security Notice 890-4 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
42a2daccd8cc1406010126b963ee66d202639413a9de1bb48654443115f644d7