Secunia Security Advisory - Some vulnerabilities have been discovered in SourceBans, which can be exploited by malicious people to conduct cross-site scripting attacks.
debcbb85992d6d7b29bc413ad4b0b230b2d7d6c2d8843cd5dd57f5684f837750
Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in Dolphin, which can be exploited by malicious people to conduct cross-site scripting attacks.
71a2edbc6b1bf96209f4ef080eb9087ae3c62aeea096a6e2e7dc14fc11bb3c7a
Secunia Security Advisory - Some vulnerabilities have been discovered in Smarty, which can be exploited malicious people to bypass certain security restrictions.
6934a2faea3c315ed7dc91a57b3a7f4ef8b639f7c6472d844439603d2076da41
Secunia Security Advisory - Cupidon-3005 has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
a32fcf7f9eeecb3a1a133755e3516ee44651e91b5bed61da80dedbd76542b271
Secunia Security Advisory - A security issue has reported in F-Secure Internet Gatekeeper, which can be exploited by malicious people to bypass certain security restrictions.
cf4a186ac4eb28ea8053a7c7f2ef4abfbbf742cea33d44facd4a9fa7f0b5d198
Secunia Security Advisory - Slackware has issued an update for expat. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
50e8cf4aa1243c5559bfd1c142789944f968e36833d3ae60a9d30f44d4d8aa23
Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware vCenter Server / Update Manager, which can be exploited by malicious users to gain escalated privileges.
b0c8d48c971a8110bae80d2b7f1e01780d7d0d87326a09c6697614e447ff41e1
Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware vCenter Server, Update Manager, and ESX Server, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
28c5ab14bbe7b740d1bb05df7c71645b53bf54e1be5895e2e30976f22d7fa9c5
Secunia Security Advisory - VMware has acknowledged a security issue in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
6284ac2e983520717bded19f993e66786baf054b1230f3a9e453dbc3f6e10ec8
Secunia Security Advisory - Some vulnerabilities have been reported in VMware vCenter / ESX Server, which can be exploited by malicious users and malicious people to manipulate certain data, and by malicious people to disclose system information, gain access to potentially sensitive information, and cause a DoS (Denial of Service).
91e80ad07c4e3da676faa503c26b75e62edf711f3d68549577daa957af96a185
Secunia Security Advisory - Multiple vulnerabilities have been reported in WebAsyst Shop-Script, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
6310e5807f337d28b2033e1b7cf3599301f91577f5c5ae1e14252c13e7bd287e
Secunia Security Advisory - Neil Kettle has discovered a vulnerability in DESlock+, which can be exploited by malicious, local users to gain escalated privileges.
587ba7b285c4cf5cafef84ba512fb215e49af486d9225102bcbcf232e7def04c
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.
3b89937c485a126c617f9e01e639969a0a1a7eaea69497de23b2a6102ae81fc2
Mandriva Linux Security Advisory 2011-033 - awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a WebDAV server or NFS server. Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. The updated packages have been upgraded to the latest version to address these vulnerabilities.
9e4e32cce97beecc5b78553696c4f168221c75fb1d97782e6b9b984727fb3ed4
Mandriva Linux Security Advisory 2011-032 - Multiple cross-site scripting vulnerabilities in the Help Contents web application in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to help/advanced/content.jsp.
8dc057b57d9b2a5ebdab8a0f9109e29794b18eca7d194f2bce07e2a5a4c983e0
Mandriva Linux Security Advisory 2011-034 - The muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
0e0448c4dc79cf12f21b404cb86c345195250fa43fb7acde3e837c7b56676625
Debian Linux Security Advisory 2171-1 - Matthew Nicholson discovered a buffer overflow in the SIP channel driver of Asterisk, an open source PBX and telephony toolkit, which could lead to the execution of arbitrary code.
cd9c888ee04cf444b1453b6f8a8c7026fe34cf45928b3562f9e922139f6b7111
Debian Linux Security Advisory 2170-1 - Two cross site scripting vulnerabilities were been discovered in Mailman, a web-based mailing list manager. These allowed an attacker to retrieve session cookies via inserting crafted JavaScript into confirmation messages (CVE-2011-0707) and in the list admin interface (CVE-2010-3089; oldstable only).
bf4c1ab6425684582dd00c580956547795a061ac12e8a962764fb21a775b50ee
HP Security Bulletin HPSBUX02628 SSRT090183 - A potential security vulnerability has been identified with HP-UX running CDE Calendar Manager. The vulnerability could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.
e23524d75371622d94a1139c07279983bcab41ccf37c863bcb305725889a81f5
Mandriva Linux Security Advisory 2011-031 - Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks via forged AJAX requests that leverage a combination of browser plugins and redirects, a related issue to CVE-2011-0447. Cross-site scripting vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / character in a key in a session cookie, related to session replays. The updated packages have been upgraded to the 1.1.4 version which is not vulnerable to these issues.
35b66525c38b4cc2dbc7f00656d49770e63010bc4caa8000a032054d2a571b32
Mandriva Linux Security Advisory 2011-030 - Multiple vulnerabilities has been found and corrected in tomcat5. When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments. The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages.
050a770d28cff5d52b04cda5bec92927819bf2986938b64d3f0e874bd76b8b05
Mandriva Linux Security Advisory 2011-029 - Multiple vulnerabilities have been discovered and fixed in the Linux 2.6 kernel. The X.25 implementation does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed data, a different vulnerability than CVE-2010-4164. The bcm_connect function Broadcast Manager in the Controller Area Network implementation in the Linux creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. The install_special_mapping function in mm/mmap.c does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. Various other issues have also been addressed.
65f216d797172b0ef5fb798cc0c6bfad2e1a9bea20f92874be16068901dbc644
Zero Day Initiative Advisory 11-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Configuration Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the novell-tftp.exe component which listens by default on UDP port 69. When handling a request the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the ZenWorks user.
55ece0d6e6a2aa1abfba68f1a2fe3d382ac7ce1560c3ee6a79c681db1997c8a0
Ubuntu Security Notice 1067-1 - It was discovered that Gabble did not verify the from field of google jingleinfo updates. This could allow a remote attacker to perform man in the middle attacks (MITM) on streamed media.
5768e5cb1d617582d62051f4634eb09b6343083e1a7a2a28e896aa3257fef5cf
Ubuntu Security Notice 1066-1 - It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
36104c4235322ded05ccaa17185d640b3a46aa379d05468d669681ba9cf4de86