Debian Linux Security Advisory 2371-1 - Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code.
378ae0ceefe4816301fc1cbd5602b9554680c22218691bc93c90385f418234a7
Mandriva Linux Security Advisory 2011-192 - Security issues were identified and fixed in mozilla firefox and thunderbird. The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving removal of SVG elements. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. Various other issues were also addressed.
74b1c50fa04b0741fdb76a94c0c90b30b2e95ec9554f1e5264d61525601acb44
Secunia Security Advisory - A vulnerability has been discovered in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
2a8873fd498e4864aec167d8bf600d099f08566136857d5e4a2f66caca79f71e
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Managed Printing Administration, which can be exploited by malicious people to compromise a vulnerable system.
9a68c26e6c8423e9131753236ea182eab70f56400c1c0677734986cd0affde57
Secunia Security Advisory - Debian has issued an update for unbound. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a5a00b15c00059d648cbd48c4ff05d6f977c75338250418f6a806ea9e05f5f03
Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.
635187466a9d994594e720ac93f94f792231827fad4311342c1ac4e7802bf083
Secunia Security Advisory - A vulnerability has been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to conduct cross-site request forgery attacks.
e09495fbd2214dc75e8da3a79c84401071d4d268c8ea782bfef8dab078f6929c
Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system.
d29a97290ba10d51b169d16b55b77f9fc68ba8534935da3f161abb98a80cd652
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Phone, which can be exploited by malicious people to cause a DoS (Denial of Service).
d601ccb7ff992a42790dba8ecaa8246e8be0d11887d8ec7d2c601ebdbaab5794
Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in Open Business Management, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.
58a9baff3abf620f79e6309791bac2fc3c40860fe2d454c21233b53076509394
Secunia Security Advisory - Multiple vulnerabilities have been reported in Websense products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a vulnerable system.
19e07477de40c94c6fbe93ecaa6643e97f28171f4060f91f308de2017aad553b
Secunia Security Advisory - MustLive has discovered a vulnerability in Android, which can be exploited by malicious people to conduct spoofing attacks.
9f5ebed4a21407733324342aa69e54c3632ebae0d43bf4a1200a062e07fc22b2
Secunia Security Advisory - Two vulnerabilities have been reported in cApexWEB, which can be exploited by malicious people to conduct SQL injection attacks.
00ea78aeaa5454257f302418a42b455f38c25511417848d7e1e092798aea77b7
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.
9b8166808c22162036618de8808ece544c2774872189246d46e6a80da9b38bf9
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Rational Rhapsody, which can be exploited by malicious people to compromise a user's system.
896533ff6f22bfac84355a38087c350a7a4e991d1ad5e8951dd4a138d9ef1f84
Secunia Security Advisory - A vulnerability has been reported in IBM DB2 and IBM DB2 Connect, which can be exploited by malicious, local users to gain escalated privileges.
fdc3e931c8a06884e63283cfa0a7548e713f2d10c38e14243adf5f71941d198f
Secunia Security Advisory - A vulnerability has been discovered in Public Knowledge Project Open Journal Systems and Open Conference Systems, which can be exploited by malicious people to conduct cross-site request forgery attacks.
ecfe1cf82a2d8092decef4bd7da9d7895960d89e85f0f2252af1c49fc353f846
Secunia Security Advisory - Multiple vulnerabilities have been reported in BB FlashBack SDK, which can be exploited by malicious people to compromise a user's system.
a8970ac1ba41cdb7d29f4062abf18bb71929b92f51df8751a9dc6222d27221fa
Debian Linux Security Advisory 2369-1 - It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.
e634802cfae069d5d50208bd0bc4815d5ddbbfd3098ea941bd70b031e1a7a505
Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5d
Red Hat Security Advisory 2011-1850-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.
22b74347f86b8270406e2b6e7d57aac603828a1c39676ba682aa4f68f794b50d
Debian Linux Security Advisory 2370-1 - It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service.
e000da874c7e25eebb25bcd0318bb4cd093a50d621919fe8f74cae1ca32435f3
Ubuntu Security Notice 1254-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.
7380de76d3f7ae9d28ad3d7ebd18e2d1d0c2c421ee05e83463651e5d8cf20229
Red Hat Security Advisory 2011-1849-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.
59c592d94b44d37b278d4bf844f5506f5e4dd75ac7fedd8ac9b88a73109d048f
Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.
5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5