Jiros Banner Experience Pro version 1.0 is susceptible to a remote privilege escalation flaw.
427706de5f7f0c0230d5930dad02b4cf54bc198ca11423e6899d43acbdf1bbc1
FreeForum version 1.2 is susceptible to PHP code execution and cross site scripting flaws.
b4a88688c8368c2f89f2856c431b289c2361744d9ab961d2b1ba8efd04417424
There is a high risk vulnerability in Guppy versions 4.5.11 and below that will allow remote attackers to destroy database files. Details provided.
a56334d59160722210ec923946ac49e919e81d4c1acbc090031cf3742db3b438
Ubuntu Security Notice USN-261-1 - Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP response splitting and cross site scripting attacks. PHP applications were also vulnerable to several cross site scripting flaws if the options 'display_errors' and 'html_errors' were enabled. Please note that enabling 'html_errors' is not recommended for production systems.
016844a2172c42aa6db55405377b83f5dbaca538a695f0629958e21295374915
Gentoo Linux Security Advisory GLSA 200603-08 - OpenPGP is the standard that defines the format of digital signatures supported by GnuPG. OpenPGP signatures consist of multiple sections, in a strictly defined order. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that certain illegal signature formats could allow signed data to be modified without detection. GnuPG has previously attempted to be lenient when processing malformed or legacy signature formats, but this has now been found to be insecure. Versions less than 1.4.2.2 are affected.
147982f5f506238d2f3b1c131a858691071cfe3d09f6622d604e8de071e22837
Gentoo Linux Security Advisory GLSA 200603-07 - Chris Moore discovered a buffer overflow in a special class of lexicographical scanners generated by flex. Only scanners generated by grammars which use either REJECT, or rules with a variable trailing context might be at risk. Versions less than 2.5.33-r1 are affected.
ac7f50fa5b7c5442f7670d04b1cfaca981b3278f32a263717c4064e64cfd45b3
Debian Security Advisory DSA 993-1 - Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, can be tricked to emit a "good signature" status message when a valid signature is included which does not belong to the data packet.
d2ec9a70711f451af643059b300e3b1dc3ca6b27e4aa33597e9b1d330dbee653
Gentoo Linux Security Advisory GLSA 200603-06 - Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer overflow when extracting or listing the contents of an archive. Versions less than 1.15.1-r1 are affected.
e6642fca5ac3e87adcb3874336e2333472bef1e3213caadc6a301b8f33200db5
Debian Security Advisory DSA 992-1 - Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code.
653c2e73640e4c3c42b47c4be68817e08f1ddc12dcfc56b51abb34017d12d988
Debian Security Advisory DSA 991-1 - Jean-Sebastien Guay-Leroux discovered a buffer overflow in zoo, a utility to manipulate zoo archives, that could lead to the execution of arbitrary code when unpacking a specially crafted zoo archive.
3df94721d725b86e6115d1bfda407046d378229f8e63242e2778fec76b312aa0
Debian Security Advisory DSA 919-2 - The upstream developer of curl, a multi-protocol file transfer library, informed us that the former correction to several off-by-one errors are not sufficient.
f7346e6f6312b02465948aadee838064e7e0d1c3320e413e676e871db30369c7
Debian Security Advisory DSA 990-1 - A denial of service condition has been discovered in bluez-hcidump, a utility that analyses Bluetooth HCI packets, which can be triggered remotely.
ac5abed1076524dcbdf919f997573b9e0b1c7fe0477183038ec4d26817d9f3ce
All versions of gnupg prior to 1.4.2.2 do not detect injection of unsigned data. Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data.
33664dce746ce85ae7b0b0afb061d573e59b19d74f2b21ee3bfea0498ba07b5e
Secunia Security Advisory - Debian has issued an update for bluez-hcidump. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
2d5337bc19082d8b406c960b6d38a285c48607d177776d750e270625ed228872
Secunia Security Advisory - Debian has issued an update for zoph. This fixes some vulnerabilities, which potentially can be exploited by malicious people to conduct SQL injection attacks.
32330e32ce1d649bc716df2d81376647f5a4366da7a53f206c0ac0e090791509
Secunia Security Advisory - Debian has issued an update for zoo. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
d8215ede3bab980ce61ac5671bcbb6d5c6506010414bef374cd81a20cac690b0
Secunia Security Advisory - A vulnerability has been reported in Ipswitch IMail Server/Collaboration Suite, which can be exploited by malicious users to cause a DoS (Denial of Service).
65e3e137624a95f4b1c2e4cfe9a54ab2e840716427aa0dd9696c8f3ded12243a
Secunia Security Advisory - Leon Juranic has reported a vulnerability in PeerCast, which potentially can be exploited by malicious people to compromise a vulnerable system.
73f5115d992a6e9bbdbeaf282062389894d4cd5bb358a811302f9aa691ecdc8c
Secunia Security Advisory - A vulnerability has been reported in GnuPG, which can be exploited by malicious people to bypass certain security restrictions.
e5787d4e339bf638b2e257ff63b1231dc8188f3dee044541fc26b096be11a33e
Secunia Security Advisory - Revnic Vasile has reported two vulnerabilities in Easy File Sharing Web Server, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to cause a DoS (Denial of Service).
35662e61284198addb43e0d979e75bd0de45c31d0bf9120f1944a002dc8a263c
Secunia Security Advisory - Ubuntu has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct HTTP response splitting attacks and potentially conduct cross-site scripting attacks.
f68ed9f1751e54988e9d63e76cb2642dc5ebdb739a1d73fbd6af7bd14ec70ad5
Secunia Security Advisory - Kiki has discovered some vulnerabilities in QwikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
e0d1c88e47435c02e4fd11b6dc79ce0edd66e416d7780248dd5e60ebb0c22a8a
Secunia Security Advisory - Mustafa Can Bjorn has reported a vulnerability in JiRo's Banner System Professional, which can be exploited by malicious people to bypass certain security restrictions.
08ba4bce5cd09f7f6a57ca049e30270d71795e9e11d8d8f3c73f2418f4b963b5
Secunia Security Advisory - A vulnerability has been reported in DokuWiki, which potentially can be exploited by malicious people to conduct cross-site scripting attacks.
8b45028d056b3595758bd94c7c3ce72d55ca6952afc7cdf8822c90e04b9197f5
Secunia Security Advisory - A vulnerability has been reported in UnrealIRCd, which can be exploited by malicious users to cause a DoS (Denial of Service).
0047bfd9a360473881171d22b47845fe395a4d18ac80c9ecc6c67a5949c77261