Gentoo Linux Security Advisory GLSA 200609-13 - Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a pathological data stream may result in the modification of stack data such as frame pointer, return address or saved registers. A static buffer underflow was discovered in the pack decompression support, allowing a specially crafted pack archive to underflow a .bss buffer. A static buffer overflow was uncovered in the LZH decompression code, allowing a data stream consisting of pathological huffman codes to overflow a .bss buffer. Multiple infinite loops were also uncovered in the LZH decompression code. Versions less than 1.3.5-r9 are affected.
30fcf5b5522c1d10fe551b1d248f87e3659e6eb8846997b7b00e1c760b290dc5
Gentoo Linux Security Advisory GLSA 200609-16 - A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of tiki-searchindex.php. Versions less than 1.9.5 are affected.
f2eecb0d5db4bfa1629ca5148414f24a9754c71d23a65baca91a88f11475d48e
Gentoo Linux Security Advisory GLSA 200609-15 - verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Versions less than 1.4.4 are affected.
fa912ed233c18b7bab4dd7b1440863dc41e2e171d4fa1329a0d72cef1e5d811d
Gentoo Linux Security Advisory GLSA 200609-14 - Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder. Damian Put discovered a heap overflow in the SGI image decoder. Versions less than 6.2.9.5 are affected.
7b4d89d292ba01e50cab46884be9d45aa9daf41deda8b1516aea29a89429648f
Ubuntu Security Notice 352-1: Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it.
ef41dc1fee07a1ae965fe581decc1503ce2decfffe048ae6ce777eddaa2c1b90
Bypassing network access control (NAC) systems - This whitepaper examines the different strategies used to provide network access controls. The flaws associated with the different network access control (NAC) solutions are also presented. These flaws allow the complete bypass of each and every NAC mechanism currently offered on the market.
7dc8e38caef9108f721a21493544a4ba21ddafddf32210c7962320556e319394
Debian Security Advisory 1184-1: Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
799b73182cd6e5ee3bb6eda6525bd22cba6be99b8731e039bb2255d59682907f
Debian Security Advisory 1183-1: Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
2faa9a072bfc51aea394c6ead17fd2f5a173df0362e669e5cadf46b8acec555e
Debian Security Advisory 1184-2: kernel-source-2.6.8 - This advisory covers the S/390 components of the recent security update for the Linux 2.6.8 kernel that was missing due to technical problems. For reference below please see the original advisory text.
1c3601bd0c15b034cc1a82a45342e1e3a41e312c008209c84ae5c091bca914ee
FreeBSD Security Advisory - Multiple vulnerabilities exist in gzip.
40bd13cb8cb2081691ce02d2adabac8a542bd62b8d47fd3c4d05236d29b0cb78
Pie Cart Pro suffers from a remote file inclusion vulnerability in the Home_Path variable.
7a4ecb1e02c979364450299da14442bd5fe538b9e1daea068d190366b4cf8bd9
rfdslabs security advisory: RLSA_02-2006 - OSU httpd for OpenVMS suffers from full path and directory content disclosure.
16de47fd65bebc0e046d055c8c96b19a4810c54a3c3841c748cc09991dca61c8
PT News 1.7.8 suffers from cross site scripting in search.php
d3cd807a73eac4fb5ec22ad458c9791d1544cd616169a82a734fd90e9ae008c7
Mambo's script mambo_hotornot versions 1.2.2 and below allow malicious users to upload and execute arbitrary php files.
e1db3ac6f8a8f905f67e50e753efd1049b3e7ad69cb0aff0b5644aff6c8c9bc8
PhotoPost PHP 4.6 - 4.5 remote file inclusion vulnerability.
4017bf6d0707a213d1e1668261ee285786f994f2d0f1c83f9f667f1d23e36c4b
PNphpBB suffers from a remote file inclusion flaw in functions_admin.php.
b3b9efc8dd69fd3136a65cf35f5c6be2438a8aa5638793604e190cc64258faf5
Techno Dreams Articles and Papers Package versions 2.0 and prior suffer from a SQL injection vulnerability.
10c191951b629a4ef676a092be40c6258e3f6d8efdc34887ebc8bf3e9506d756
ECardPro v2.0 suffers from a SQL injection vulnerability
47e1a3da96391f379384df8d10b7b9703b75ceea46951637183fb0af7b821c20
PHPQuiz versions less than or equal 1.2 remote SQL injection exploit.
cc00d20894ec963b7a7b4fc0753f725c8a1c20fe67c2d7bc22cacd57706eee68
Kurdish Security Advisory #27: artmedic links 5.0 remote file inclusion vulnerability.
f977e352a3a6cf456a6af7414bfd3261fc0baecb4d39b961d5720daf6d643eca
Plume CMS 1.1.10 suffers from a remote file inclusion vulnerability.
83570734e0074fe652424bc5712d1d89dcf971c4f099f79a87994eb1e6d5048e
HitWeb v3.0 suffers from several remote file inclusion vulnerabilities.
1db8e70d9e9a641a2cbced9ca9aea7d1adb970b2717ef2a3697baf8259d792af
NextAge Cart suffers from a cross site scripting vulnerability.
0184a14b97b555de5fddecb7459888d3cea17928d82b3a9db66ffa2d2c35b87f
Site@School 2.4.02 and below suffers from multiple remote command execution vulnerabilities.
ff6a0d11614613f5191f0ad6e4b0439e5b8d31e19d7623056d32f3db781a3e0f
Triton Model 98xx series cash dispenser operation manual
b554f64d5fd2f3cf77330af9b8323cd6f7240e06b81247994910f19ed60dcafc