A vulnerability in versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get unauthorized access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus (TACACS+) is incompletely configured.
f4b129b457b402f8fe7136fcc31d2b398212b4e009abebc6478cb32c7649e9e9
Multiple security problems were fixed in PostgreSQL 8.1.3.
149b68c33bae1ccb9882f6bb0ae5bee0d3f0db5c2e009239c51d58c503d9a394
A bug in Mirabiliz ICQ could allow an attacker to trick users into executing files inside an uploaded directory.
10228c07178e00f18f25f0c83f9b4267a5e75001f5907b2cb5739f6183a36609
CYBSEC S.A. Pre-Advisory - Phishing Vector in SAP BC (Business Connector)
38427b713375493d62502bf8a2ad755a64cdfbd6cddd57837ab27a3786d3835b
CYBSEC S.A Pre-Advisory - Arbitrary File Read/Delete in SAP BC (Business Connector)
e48e2421d15b01e38e4bf6a4383cf00fbc0283589a16f72c470b94c15e0db169
Fedora Legacy Update Advisory - Updated Apache httpd packages that correct three security issues are now available.
a69b6dc10322e845044b15e0f381ea47ba9bf02a6ea37d3cf8a0cc69a42bdfd1
Fedora Legacy Update Advisory - Updated openssh packages fix security issues.
c756750f6f72b44cea9d2dc0e01aa41b88c37d744c47b6af4bd1874c0850f26e
Fedora Legacy Update Advisory - Updated squid package fixes security issues
5ad1a6b35111bf69307d0137f87edd4ccc519ef768f24e62b0e2ff42c237235b
OpenPKG Security Advisory - Ulrich Drepper discovered [0] a weakness in OpenSSH [1] version 4.2p1 and earlier, caused due to the insecure use of the system(3) function in scp(1) when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp(1).
ee13382478b98d5e9881b80b1408c8c48aeeed9bf2b32c680e97029ede7b0f16
OpenPKG Security Advisory - According to a vendor bug report [0], an incomplete blacklist vulnerability exists in the Sudo [1] utility which can lead to a privilege escalation. The vulnerability exists in Sudo 1.6.8 and earlier and allows local users to gain privileges via the "SHELLOPTS" and "PS4" environment variables before executing a shell script on behalf of another user.
28de1fcf53a0e1381e1d99865c44e5a080b319b72148122d44c1a342dd7d770c
OpenPKG Security Advisory - According to a vendor security advisory [0] based on hints from the Gentoo project, a false positive signature verification bug exists in the GnuPG [1] security tool when unattended signature verification (e.g. by scripts and mail programs) is performed via "gpgv" or "gpg --verify".
030d5186472ca2cf801586a6e775ee3dc225f67896549cd95db4fe648c5a120c
Mandriva Linux Security Advisory - Tavis Ormandy discovered it is possible to make gpg incorrectly return success when verifying an invalid signature file.
44d7a8979e68fd33adaed91abd8253c2690295581d59c1ae97761699eff92164
Mandriva Linux Security Advisory - Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.
743d04b2a7e12107364aac1661ac40034fb785e6547fe9be74a5daaf35f7437d
Mandriva Linux Security Advisory - Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
9179d8c07b5785da86fb2ee9478380f48c015e92720ca46bd638335bcfd909b0
Mandriva Linux Security Advisory - A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
0625be009bc7a0dc8e3cd217cdc1e5b248ace316664750db0d0c561fa1c48678
Ubuntu Security Notice USN-253-1 - A remote Denial of Service vulnerability was discovered in the heimdal implementation of the telnet daemon. A remote attacker could force the server to crash due to a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast.
f709c2b5400710d731c3b8735b6afeec0940fcd00b9b3d760610dfd2a9140030
Ubuntu Security Notice USN-252-1 - Tavis Ormandy discovered a potential weakness in the signature verification of gnupg. gpgv and gpg --verify returned a successful exit code even if the checked file did not have any signature at all. The recommended way of checking the result is to evaluate the status messages, but some third party applications might just check the exit code for determining whether or not a signature is valid. These applications could be tricked into erroneously reporting a valid signature.
d3c1a9360cb47ce36438718ec628347bab4744c51a7e70b6c60c81571abf7712
Debian Security Advisory DSA 979-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content.
030d75aadac96f0c9268153216a66ead1e5a5e6e611784367b477e694aaae10f
Debian Security Advisory DSA 978-1 - Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, verifies external signatures of files successfully even though they don't contain a signature at all.
1786989a0bddd559cd039639bb948e883343009810bc468a7dc56c0c2fc417f7
TZO-062006-SafenSec - Insecure File execution and Auto-startup
d74e41285a6e36ab1423145edffb11a10cf1d1c911e75311f125375c6e4e6021
Gentoo Linux Security Advisory GLSA 200602-10 - Tavis Ormandy of the Gentoo Linux Security Auditing Team discovered that automated systems relying on the return code of GnuPG or gpgv to authenticate digital signatures may be misled by malformed signatures. GnuPG documentation states that a return code of zero (0) indicates success, however gpg and gpgv may also return zero if no signature data was found in a detached signature file. Versions less than 1.4.2.1 are affected.
a4188a11a5bc0b714c163a0dfef29a9e2bd9905347dbd41d929d5ca23e15972d
Secunia Security Advisory - Secunia Research has discovered a vulnerability in NJStar Word Processor, which can be exploited by malicious people to compromise a user's system.
0473116fe1f17f868babf83b9b3029a0dfa2b7708439a6457f7ca3987e1cfed1
Secunia Security Advisory - James Bercegay has reported some vulnerabilities in Geeklog, which can be exploited by malicious people to conduct SQL injection attacks, disclose potentially sensitive information and potentially to compromise a vulnerable system.
b3d46b13a5e1d1a01107dfcf1f29df4b19bece576afea9babe277d8b897e7087
Secunia Security Advisory - James Bercegay has reported some vulnerabilities in ADOdb, which can be exploited by malicious people to conduct cross-site scripting attacks.
e0b9a87da4d7735a0f0c81fb90908d397cd331953c6374df141f0e881eb049ce
Secunia Security Advisory - x128 has discovered a vulnerability in BXCP, which can be exploited by malicious people to conduct SQL injection attacks.
534cc043c0cd15a5103f3b96ea0e2cd6762bb9fadf23759fbd5e5662134d2e1f