Gentoo Linux Security Advisory GLSA 200702-12 - When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca() function resulting in a shift of the stack pointer to arbitrary memory locations. Versions less than 0.39 are affected.
0cdeb08a32cce111fd038a019241c00a67b448dfb8ac26688dcb2da33eae0435
Gentoo Linux Security Advisory GLSA 200702-11 - When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Versions less than 1.0_rc1-r2 are affected.
f6262f3d53ecb81efa85041c13e6624dcd2bb0a207a29c394dd43c0def1e4990
Whitepaper entitled "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences".
5e052565e3661c687c0142cb2a857a3b5d8400a27ec65832792185de33fbad3d
It appears that the un.org web site suffers from SQL injection vulnerabilities.
8edf0f91665807343bb0e713e66964ee4d23be23665f7b848ae9dcf9eb64d76b
Multiple vulnerabilities have surfaced in multiple Windows applications. Follow the links in your Russian is decent.
01c8f8496e59e7683989c0c77460c8e0c1f06ade3b45e75a62366fa2c0b4ff24
Gentoo Linux Security Advisory GLSA 200702-10 - Five vulnerabilities were found: a buffer overflow in recv_add_unit(); a problem with improperly trusting user-supplied string information in decode_stringmap(); several issues with array manipulation via various commands during play; an SQL injection in server_protocol.cpp; and finally, a second buffer overflow in recv_map_data(). Versions less than 0.7.1062 are affected.
7bb43db8613f943b782ed33c40c4f6c0feb0ece6ac15a313c55151ec2efba5c6
Gentoo Linux Security Advisory GLSA 200702-09 - Nexuiz fails to correctly validate input within client commands. There is also a failure to correctly handle connection attempts from remote hosts. Versions less than 2.2.1 are affected.
67972ac189283280a0e29a785c5e5a54cd5f6532acbba8ca2af079202aa55a28
SQLiteManager version 1.2.0 suffers from local file inclusion and multiple cross site scripting vulnerabilities.
0801568530feffe7fc7f87e429113facaddaa00f9cb11a79d66f5f6bea21c0cd
PHPWebGallery version 1.4.1 suffers from multiple cross site scripting flaws.
5a02974fc1c9ebfb5d0fc2e9c905508965ca1fef15df90a0893c3ee857057918
Coppermine Photo Gallery version 1.3.x blind SQL injection exploit.
628c7641d783fec5ce41a8c30c833f58cce4757bd991f43dbe66239702e430b6
Photostand version 1.2.0 suffers from multiple cross site scripting vulnerabilities.
2d9f1ac802579e3d728f4e09487463c8e1dc0732380ae4ba86e9ca2d450ed9f3
Whitepaper entitled Rogue XML Specifications. It discusses insecurities that relate to XML schema.
8f898961deadbbea1e0a38424a21b14dc2cd3202e6954fa1ff015c971451cb97
ActiveCalendar version 1.2.0 suffers from cross site scripting and local file inclusion vulnerabilities.
513b48e4fd48b42dbb697f29d0b224b641534ba4e92774151fd71c49c5916e88
Pickle suffers from a local file download vulnerability.
053c72f707859708312af60d0f95b7649892cd38e5fc1ba8d432d8ae2f4dbf0e
Mandriva Security Advisory - A bug in the way that SpamAssassin processes HTML emails containing URIs was discovered in versions 3.1.x. A carefully crafted mail message could make SpamAssassin consume significant amounts of CPU resources that could delay or prevent the delivery of mail if a number of these messages were sent at once. SpamAssassin has been upgraded to version 3.1.8 to correct this problem, and other upstream bugs. In addition, an invalid path setting in local.cf for the auto_whitelist_path has been fixed for Mandriva 2007.0.
c5f6e215c75a28d923bc71e2534adebe232ba6f5f01f07832d989c57fbe0b4cf
Simple One-File Gallery suffers from local file inclusion and cross site scripting vulnerabilities.
4feb613dd583b4d8271756458f9ab29be34f28254f4ed8fd60d37927e6c4d673
sitex suffers from upload and cross site scripting vulnerabilities.
d049e5066c8158f632c257a7fa9b3d8ab821a800a4fd277933d64782e4252604
MTCMS version 2.2 suffers from upload and cross site scripting vulnerabilities.
1c2b781aa2810cd0355873f992e38743d3b685df68a93fb493ebb8c02c64034d