Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when sending certain test sequences to an FTP server. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading a file from a specially crafted FTP URI. Successful exploitation allows execution of arbitrary code. Internet Download Manager version 5.18 is affected.
56af8243c012b2993b884e0396af073ae6088b78ca52aa485de63621dbffa10c
Mandriva Linux Security Advisory 2010-088 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
e35095f623ba6a410cd3c46cfabf90eff6d811d179244c48dcb04cae2f29d1d5
Ubuntu Security Notice 934-1 - Marc Schoenefeld discovered a buffer overflow in Netpbm when loading certain images. If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
b35687a340a4fdbf7229769133d5339808e1f1c6becbce15b0647f661933d805
Secunia Security Advisory - Ubuntu has issued an update for netpbm-free. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
42a1c4b2abdfad7c280a2c69153d3d4a7952e9bd74890dcc178c125df00cfa5c
Secunia Security Advisory - A security issue has been discovered in deV!L'z Clanportal, which can be exploited by malicious people to disclose potentially sensitive information.
7d6acee451282ffc82925a88b8d66aad8e9fe71a4bc29d522c4fb3d8c76a9a6b
Secunia Security Advisory - A vulnerability has been reported in Microsoft SharePoint Server 2007 and Windows SharePoint Services 3.0, which can be exploited by malicious people to conduct cross-site scripting attacks.
0f9eb364ecbec46d5cbf86ca7e74aed76aeba37ea7cdc25c5ad1448839dea541
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system.
4271da131c95503e0ab2e9e9f6757f6fad94289067ecadfe809ae4e6d9aadaee
Mandriva Linux Security Advisory 2010-087 - Multiple buffer overflow vulnerabilities have been found and corrected in poppler. The updated poppler packages have upgraded to 0.5.4 and have been patched to correct these issues.
4168f306577bc79b87d31896306a31d170c85717df5212b9d33cbb3aa67282ad
Mandriva Linux Security Advisory 2010-086 - Multiple vulnerabilities has been found and corrected in kpdf (kdegraphics). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. The updated packages have been patched to correct these issues.
176ce851ea5226fd5466f63f85a1de7bc3edc6ecd276970bc8cbdb5ae0388691
Ucenter Project version 2.0 uses an insecure crossdomain.xml set up.
4a0e61c8cb8a5797729d5f127a7d64188188e76c72cb29d715ee92bb6fbb6d9d
Ubuntu Security Notice 933-1 - It was discovered that PostgreSQL did not properly sanitize its input when using substring() with a SELECT statement. A remote authenticated attacker could exploit this to cause a denial of service via application crash.
c5e6c2d965cb8d3c77f1c402acebd01a9f7dcf4e1f91bc9465d926a621ffd86c
It is impossible to maintain a secure session with Twitter, for multiple reasons. Additionally, once a session has been hijacked, it is possible for the attacker to maintain control over the account (not just the session) indefinitely, unless the user changes their password. This is because the session cookie has the same lifetime as the password.
33ce90a17e72942d80262b42b39d4448a3e3b1ef746c48a5ce44c25d9b3ef5ef
Secunia Security Advisory - A vulnerability has been reported in Modelbook, which can be exploited by malicious people to conduct SQL injection attacks.
a7f8269265ea2d34636e23de0cea2f7d485b859e07cabf4c6007d80ab4ed2719
Secunia Security Advisory - A vulnerability has been reported in Video Battle Script, which can be exploited by malicious people to conduct SQL injection attacks.
315f8c36b890b40fd387e0e12118cd7cd4ced7dd790b02901ead710bea629911
Secunia Security Advisory - A security issue has been reported in the Privatemsg module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
2f12ff632adab2fbd98fa6160c6c2de6b7cc9b7fe3bd9dc8b6be18989cf767f8
Secunia Security Advisory - Red Hat has issued an update for xorg-x11-server. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
7f4ccc7bbce6eb2d7d49f00a2fd57cefdc5ac8490b045edab4dc1e7e4acc2e25
Secunia Security Advisory - A security issue has been reported in the Decisions module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information.
5d49bcdd64e5fe71c0f352d333229d0a8158f4c68187541e5baa2f0ef357d6bf
Secunia Security Advisory - John Leitch has discovered a vulnerability in Tele Data Contact Management Server, which can be exploited by malicious people to conduct SQL injection attacks.
649e31d403dfc207d12dc0af240a32d1b0401110fe2db658a11f224975feba13
Secunia Security Advisory - A vulnerability has been discovered in gpEasy CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
06468bb531dd0b141d6d24129baa2958bbc834f5b0e07dc18238ce66ce0dc752
Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes a security issue, which can be exploited by malicious users to cause a DoS (Denial of Service).
419e20bc17306d3e04dcf60cf4a35e232c4c13835268bb17d10fc7646f1d3d7a
Secunia Security Advisory - Some vulnerabilities have been reported in iScripts SocialWare, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
f6010d2c078319f5f855e489fe5a55fb22870caedcc63844d20c11709c6b1001
Secunia Security Advisory - A vulnerability has been reported in 2daybiz Auction Script, which can be exploited by malicious people to conduct SQL injection attacks.
cd879e5523565e51b39e240372bd0ccaf2666048010dd6c4521477691c44716a
Secunia Security Advisory - A vulnerability has been reported in CLScript, which can be exploited by malicious people to conduct SQL injection attacks.
d8ae16113423f3a548edbcad0cd589c1e98e2d587584f20857536495c2e26ce5
Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a user's system.
313b2fb698616bfaf692fa2baeb9cda98bd4eaddec719e4e65d2b4fc957ea617
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, potentially gain escalated privileges, and cause a DoS (Denial of Service) and by malicious users to disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to bypass the scanning functionality, gain access to potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
3f3fbbdf68920af71c24b6666152b7ce98b88e8d8c1f50497bfb75dc3b0fc4b5