PHP version 5.4.1 suffers from a getimagesize() denial of service vulnerability.
062a86e9879faeb6c1aa8e905521f4a2542f35255d298957dd129b354f229978
Debian Linux Security Advisory 2462-1 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.
132c0a8aab05698e43ed93ac17041bec1f40bc314bb4d4da66317818ef77adc3
Secunia Security Advisory - Two vulnerabilities have been discovered in the Zingiri Web Shop plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
9a703d7b33d8ce708c6ed5044605ab1953fc8bf0b87a5a7929f5b9ae3961f1dc
Secunia Security Advisory - A vulnerability has been discovered in the nBill component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.
9116c188a9768e937e2cace1b8948477e94ff899fbfc784bb8abf1812af1e8a5
Secunia Security Advisory - Secunia Research has discovered a security issue in Quest Toad for Data Analysts, which can be exploited by malicious, local users to gain escalated privileges.
7b29ec9436a73582515b18edf5ed09ae4f79daa4f6445d05887070b8f048dfb2
Secunia Security Advisory - G13 has discovered two vulnerabilities in PHP Volunteer Management, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
91c92cc81f3bf02dfce9d2dd852560cfcf9c637d3da8ef29bc5a7824eca04fec
Secunia Security Advisory - Ubuntu has issued an update for jetty. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
2a4a62d6a2d6daab66a9a3b9d760815a0e113e1996f14546141dc211b050560f
Mandriva Linux Security Advisory 2012-066 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. Various other issues were also addressed.
52c7580faddde89c8ddd93ee504f0bd91f907d7b0db98c6e88c400c8de82300c
VMware Security Advisory 2012-0008 - VMware ESX updates have been created for the ESX Service Console. The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel. The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues. Various other issues have also been addressed.
27151f1e6ac2161133d87031a0879739a1b47509b25590993f62b5efcc45c458
HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.
ce91c089270db6db060c9c1d7c9215979ae30446e5abfbcc9e91e77982f91126
Mandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed.
a018be1990be06d135afc8ee885fd862474162711692134a45a97fbfa7ed502c
Ubuntu Security Notice 1430-1 - Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
67ae4e60c7c4227d24e8e863ffc4b31d3d982effbae4356720ddf768ebcda670
Ubuntu Security Notice 1430-2 - USN-1430-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. Various other issues were also addressed.
44f4181bac4074a9c5247b38e39020bfa8f6cf272fcd0fc6ab6e22817c81fadf
Secunia Security Advisory - the_storm has reported a vulnerability in Car Portal CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
69c71994ab9e66698a9d6899c363fdfcd8c4470086bb6cefd6c0f7b14bb7c9d9
Secunia Security Advisory - Haunt IT has discovered a weakness in eFront, which can be exploited by malicious people to disclose certain system information.
a07a78ced36c6935962d2d6e7a927bf8861046d2532f76be51690aec5e8511f6
Secunia Security Advisory - r@b13$ has reported a vulnerability in TwonkyServer, which can be exploited by malicious people to disclose potentially sensitive information.
9b26b30e057636b1be22fff1cc466fb51027ad7ade91745d0f5379f2d5390a37
Secunia Security Advisory - A vulnerability has been reported in TwonkyManager, which can be exploited by malicious people to disclose potentially sensitive information.
4f24c1defe0b4de613e5aa742ed4953c3aa2b686dccf2f00e5a593d675734b2e
Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
0b12f39b342eb1829c76d58dd55fe7251952b81a6482442c71dbb77c6cc2a356
Secunia Security Advisory - Red Hat has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
45862f65ff2999ba18491b5c982d20596689a8406e5a04b6ff277f3094977629
Secunia Security Advisory - Haunt IT has discovered a vulnerability in gpEasy CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
3fffc10da248e5cf87a86cf06a297e7fa954da81b90a465a4dbd4b0d80f2fb7e
Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise the vulnerable system.
c7cdc1a75c0b9e3b9dff860b47f045568545b2ca9fb35e810c73cfdd70997164
Secunia Security Advisory - Debian has issued an update for spip. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
a0eb9c5437dcf098fa3e79e322b2fb4dcd94c336754f6eaee44d626eb5ad947d
Secunia Security Advisory - HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
07d62548cf408fb99c08d8f40506d18f083065802d4738c77c4df80b3aeea44e
Secunia Security Advisory - Jakub Galczyk has discovered a vulnerability in concrete5, which can be exploited by malicious people to conduct cross-site scripting attacks.
63a543ea1bfb5ec5e4bc6895a9f6dd3b689ae56f7d1b8a47f322333fe9aeac6c
Secunia Security Advisory - Two vulnerabilities have been reported in the Ubercart module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system.
6bedca469ac81b268bd9bbf9eaf8567e74c1ed737770e55d87c3752065cc204a