Mandriva Linux Security Advisory - Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories via a symlink attack.
c220f0efbae4e4a9ed716672386d7e32b546d8ea170ba357241752871f803b86
Secunia Security Advisory - Sun has acknowledged a vulnerability in libexif included with Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system.
5948b719b10e9659e16b9e4fd51e0bd9a2644e9313d71493cc3032832d07c4c0
Secunia Security Advisory - Gentoo has acknowledged a security issue in multiple ebuilds, which can lead to the disclosure of sensitive information.
d9af2540bbd73403f5ec9aa466a82421974879f3a399453c16f231767dc09102
Secunia Security Advisory - rPath has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
2b7dad8f6550e4eef52185bfff2319bf971153501c1ae24eaba4ccfd19c7d8ad
Secunia Security Advisory - S@BUN has discovered a vulnerability in the Alberghi component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
b3faed5f80832ce2bf3ad6e383a3fd3c6492ee5766d0ce9f7f9fc0f636bc1b7e
Proof of concept exploit for xine-lib versions 1.1.11 and below which suffer from six heap overflow vulnerabilities.
c40238e829405db13c7ee310252992fbca51f179dfbe5f4c4b75ec35d593d269
xine-lib versions 1.1.11 and below suffer from six heap overflow vulnerabilities.
6d60ac8b4dbe43a588f27309219f24260c8609a2d1b447ad77894e3effaa729b
Ubuntu Security Notice 589-1 - Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges.
8cc553b6a816c24515cc31acc6cf6171af40bb0e0c2cd4f80121484f410e4e20
Debian Security Advisory 1526-1 - Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities have been discovered in xwine, a graphical user interface for the WINE emulator.
fe0ba1c0dcd6222991075c0ec3af51535dfb302cc68ece7524f18b9ac75859cb
Secunia Security Advisory - sasquatch has reported some vulnerabilities in IBM Rational ClearQuest, which can be exploited by malicious people to conduct cross-site scripting attacks.
ff74939b586c08ac0467cf8186b1947dc6560691d913bb85a861a9015c1a3634
Mandriva Linux Security Advisory - A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response.
2b41229fdd453f1b261dec7ce9c44685e480552457d143f449fd7c6af4a6b31f
Mandriva Linux Security Advisory - The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset.
a2161f24ca855dc6afcc20b198f4d133bef857767c99052fe5216cedd9f81e9d
Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. Linux and source tarballs included. Also, a Windows installer executable and a manual are included.
51638e982413115a29be81cbffed0f22ae3d52007b08eee92b6ef462fd1d822b
Ubuntu Security Notice 588-1 - Masaaki Hirose discovered that MySQL could be made to dereference a NULL pointer. An authenticated user could cause a denial of service (application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table. This issue only affects Ubuntu 6.06 and 6.10. Alexander Nozdrin discovered that MySQL did not restore database access privileges when returning from SQL SECURITY INVOKER stored routines. An authenticated user could exploit this to gain privileges. This issue does not affect Ubuntu 7.10. Martin Friebe discovered that MySQL did not properly update the DEFINER value of an altered view. An authenticated user could use CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges. Luigi Auriemma discovered that yaSSL as included in MySQL did not properly validate its input. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 in the default installation.
5a8255800f0f13ab0170873f78aa7381ffe3fa764291a6fe05ed17d87fae4f3f
Debian Security Advisory 1525-1 - Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit.
8a005f5ec36bdbd53917c342d96a68635121d0d7e8a082ff1e7174217e1c231c
Debian Security Advisory 1506-2 - A regression has been fixed in iceape's frame handling code. Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.
bc917c9a074c717bec02c4b74ae7fc0455b931a2e434ad745ae25f609e5fd350
Gentoo Linux Security Advisory GLSA 200803-30 - Robin Johnson reported that the docert() function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as src_compile() or src_install(), which will result in the generated SSL keys being included inside binary packages (binpkgs). Versions less than 8.1.16 are affected.
ef9e1371be972f0723c6894ed900fd024b24791d49acd335a4e13e40ae2eb07c
OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.
40e99e5f04ed9a89382123d88fafcb2a0222f57e39074dd3255d757502f9c54c
CenterIM versions 4.22.3 and below suffer from a remote command execution vulnerability.
30698e2ce140f80078987bdf37bf534d5d40549838646eddc2285d1f56c730e4
Sun Solaris versions 10 and below rpc.ypupdated remote root exploit that makes use of an input validation vulnerability. Originally discovered in 1994 but still looms in the SunOS 5.10 source code tree.
c3b971dbcd12a59aecaa3d180afc2b2aa6ffed6ff18c6ba616af43efc1377386
The Joomla Datsogallery component version 1.3.1 suffers from a remote SQL injection vulnerability.
736d45396f52015c478eb530328b6ef7024b4dc91391619e46aae1b41b60d66e
Secunia Security Advisory - Secunia Research has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system.
fb458a0a915f9119f57898d1c71316f5bdc252de5dfc1ab2f8678db1d4e30cb7
Secunia Security Advisory - Some vulnerabilities have been discovered in Gallarific, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and conduct SQL injection attacks.
ac34d0dc786e43cd649120f0ee8598cf22631e790cd82000a99b2a27a67d1b03
Secunia Security Advisory - Collin Mulliner has reported a security issue in RaidSonic NAS-4220-B, which can be exploited by malicious people with physical access to the device to disclose potentially sensitive information.
d7db54e2eb49e2aecb563098496048549c40cf25530549116746645c99edb7e0
Secunia Security Advisory - Some vulnerabilities have been reported in WinRAR, which can potentially be exploited by malicious people to compromise a vulnerable system.
c3b7f600e5cb31f92a1c831aacdd17fa43b5fd5eeaa6a629abaf9372a09dc467