BLOG:CMS is vulnerable to a remote file inclusion vulnerability in NP_UserSharing.php.
4c99aa25f7fe4d78348e383ca06ca1193ecaf735dd5f1b2463cddd49a546623b
Ubuntu Security Notice 380-2 - avahi regression: USN-380-1 fixed a vulnerability in Avahi. However, if used with Network manager, that version occasionally failed to resolve .local DNS names until Avahi got restarted. This update fixes the problem.
824819af147156e3aa2a3fbcde7d4c005136d3b8b40be4e05c7be2b8ef8b224f
Ubuntu Security Notice 395-1 - Multiple vulnerabilities in the Linux Kernel.
0b852243a5c4004bbe4f7c751d093d7695fb123d535e29e855336e1b174efd11
ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability
1de2a2b9a39d03e3905a6adad1ba3ba363594639258448ada8c3dc8e3c0a31f4
ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability
3894a4d8fead53f35c767c5a8881b567a3436ca1fc01c10600f8716e43bae563
ZDI-06-048: Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability
eacd705ef996712a733690fbbf14091c12e379ee4e5fc51536ec2cdcc39c053a
ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability
4fe7bbb1282a3bf8cd5edcaed1368e6adb00613450b03f130eab6f6be28407f6
ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability
737e4326cd5707a72e6ec3210659ae992266291130bccddeede75894da315e22
rPath Security Advisory: 2006-0230-1 Previous versions of the evince package contain a vulnerability that enables attackers to provide intentionally malformed postscript files which will cause evince to execute arbitrary attacker-provided code. (This vulnerability was originally discovered in the gv program.)
4e46d0359de36b4b03aa784934a549f206b3c7dd86fa8bd326c2d9a849ca36d8
rPath Security Advisory: 2006-0231-1 Previous versions of the squirrelmail package are vulnerable to multiple cross-site scripting (XSS) attacks that allow the attacker to subvert web browsers being used with squirrelmail.
12d74805d32f058bf4ca695a35a43d031b86aa7f4a029970bc617d598fb74599
rPath Security Advisory: 2006-0232-1 - Previous versions of the libgsf package contain a flaw in parsing OLE documents that could allow an attacker to crash applications that use libgsf, and possibly to cause them to execute arbitrary code, by presenting a user with an intentionally malformed OLE document.
733ac83ebf6a56e8ffd4cea878a6fde0587eed0ce27da2b3687d9f5be50a1e9f
Debian Security Advisory 1234-1: A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.
ee92818c1e973074364d4844a20bb567e5fe0162f7f181d716818cf09a91b059
Debian Security Advisory 1235-1: A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.
55991f7163703cd676e8c34844dfbc934b3ae52e039a7feb6f14fd2e2023d68a
Debian Security Advisory 1236-1: Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell.
fa29eb002e316cba896732e9761a36a4fc7e26edc0b2afbef7c43511c03e6386
Gentoo Linux Security Advisory GLSA 200612-17 - A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the postgresql, mysql or odbc USE flags are enabled, which is not the default, except for the server 2006.1 and 2007.0 profiles which enable the mysql USE flag. Versions less than 1.4 are affected.
d32cf1f8f48064fe7db8a00e65defe5a11482628387d382bb4b1822c64dff8de
Gentoo Linux Security Advisory GLSA 200612-16 - Teemu Salmela discovered that Links does not properly validate smb:// URLs when it runs smbclient commands. Versions less than 2.1_pre26 are affected.
dde232e4315b480ff0045282d6f76c3f25f913fddb5169bf3e74294fcfac1221
Gentoo Linux Security Advisory GLSA 200612-15 - Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DT_RPATH which included the current working directory, rather than $ORIGIN which was probably intended. Versions less than or equal to 4510e are affected.
8aabdffc741482a95da3d62216d1abfb7abb96e41b74ff954a5b95ef44f4fe51
Gentoo Linux Security Advisory GLSA 200612-14 - Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Versions less than 0.10.1 are affected.
0b37644defb76c17b1339bf206673005078cc86c0af08d75526eb47cffd4ff38
Gentoo Linux Security Advisory GLSA 200612-13 - infamous41md has discovered that the ole_init_info function may allocate too little memory for storing the contents of an OLE document, resulting in a heap buffer overflow. Versions less than 1.14.2 are affected.
a49a2f53f32ee94f95ff2ca9f950dc6643ac524a08e0249e7b380c80f12d695a
Gentoo Linux Security Advisory GLSA 200612-12 - F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an infinite loop, and other unspecified vulnerabilities. Versions less than 4.6.7 are affected.
6f00701fd519e8d55dcff7e09af66052b57eaad677433bdd499bd9d822426a85
Mandriva Linux Security Advisory MDKSA-2006:228: A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
97463d4d797ca0c930fef1d5390b8ff7dfb35fd414a4d7b46ba81a77394739bd
Mandriva Linux Security Advisory MDKSA-2006:229: Stack-based buffer overflow in ps.c for evince allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
4b11275815979d9703f00cab3f0f4aefbf9014979cc4eeb86f0249bf907e1937
Mandriva Linux Security Advisory MDKSA-2006:230: The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406).
fc6b127ad472dc1d03362e3be6363193f0d900bac60441839e58af22eeb93262
Mandriva Linux Security Advisory MDKSA-2006:164-2: Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root.
b34a938ff6dce57a5b86576bd6b0dc2c4ac1cc9c2e04fd3a3557e97e81ff1f26
Multiple instances of improper handling of NULL buffers in CA Anti-Virus allow local attackers to cause a denial of service condition. This issue affects only consumer CA Anti-Virus products.
11819a7013b6e40a1cc760c94258674027e522f92b3b43914752ec599d4cbb9f