Mandriva Linux Security Advisory - CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. This update was too late for inclusion in Mandriva Linux 2009, so it is being released now for that version.
057cc00fb8f186be7032374de00c42bdc803457f6c45ccb348535206b9dac36b
Mandriva Linux Security Advisory - A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An attacker could create malicious SGI image files that could possibly execute arbitrary code if the file was printed. An integer overflow flaw leading to a heap buffer overflow was found in the Text-to-PostScript texttops filter. An attacker could create a malicious text file that could possibly execute arbitrary code if the file was printed. Finally, an insufficient buffer bounds checking flaw was found in the HP-GL/2-to-PostScript hpgltops filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code if the file was printed. The updated packages have been patched to prevent this issue; for Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided that corrects these issues and also provides other bug fixes.
7608e3bc5aaab4d41002691856a523d026b6aac29e25deeb3a6f44548eaf4c26
Debian Security Advisory 1646-2 - In DSA 1646-1, an update was announced for a denial of service vulnerability in squid, a caching proxy server. Due to an error in packaging and in testing, the updated packages did not correct the weakness. An updated release is available which corrects the error. A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.
c86b7cac5874a3f1851233619e56e4f46d095a57079707a883b872a5b19e88c9
CA BrightStor ARCServe BackUp is an overall data backup solution. The RPC interface of CA BrightStor ARCServe BackUp does not handle user's input exactly that allows anonymous attacker to inject any command, a remote code execution attack may achieved through this way. Details are provided. CA BrightStor ARCServe BackUp version R11.5 is affected.
f8d09baffc323cebdb0ee128fa1a375f7483be296775677fead1555e2c71a4be
The Joomla Jeux component version 1.0.0 suffers from a remote SQL injection vulnerability.
b48737acd74894b8381b920afce23da77a554e3b26950c33c24df4d3251bbcbc
The Joomla Videos component version 1.0.0 suffers from a remote SQL injection vulnerability.
752445bbccf773bc2a18559aa2bb464d6096343b2042d08bc2153cdb6843919d
The Joomla Photos component version 1.0.0 suffers from a remote SQL injection vulnerability.
f0ae2bdef86e0ba7fc130b98c6c8ac91c455d1a74f35d96488ea9eed50b2193e
The Joomla Flash component version 1.0.0 suffers from a remote SQL injection vulnerability.
5c25875976b0683ac93eec8743d241390202e85607fbd7bfbf27678e963626f6
The Joomla ownbiblio component version 1.5.3 suffers from a remote SQL injection vulnerability.
06a62715666675b062aed70859e985fc986d71d5c3cc7ee1a647c1b4d9bcffdf
EEB-CMS version 0.95 suffers from a cross site scripting vulnerability.
57d61a19bac861b8a37c8580653cb38fd90c3d0e72c2ec4014261333d2d1739c
SlimCMS versions 1.0.0 and below privilege escalation exploit that uses redirect.php.
625eb8b6f77dfa9ea22f49f685e465db7c2f77848757bf68619c4906a1700a5e
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple CUPS. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hewlett-Packard Graphics Language filter. Inadequate bounds checking on the pen width and pen color opcodes result in an arbitrary memory overwrite allowing for the execution of arbitrary code as the "hgltops" process uid.
43b38342476d71a0e4742db59587e779dbd1fc675da878775ea4e5dd7e5b6375
Apache Tomcat versions 4.1.0 to 4.1.31 and 5.5.0 suffer from an information disclosure vulnerability.
465aad4edd5d33fc410a93390311c63759bed560f67aa892017afbf7cb22422b
The Joomla mad4joomla component suffers from a remote SQL injection vulnerability.
2b5058cc89f03efc3a78460698568502507b390f61e13f316774f90bd03bf197
The Joomla Ignite Gallery component version 0.8.3 suffers from a remote SQL injection vulnerability.
4c8e09305172b89038a71af592e43a497fbffcdafd4c0b16751479c43684ee3f
Easynet4u Link Host suffers from a remote SQL injection vulnerability in directory.php.
b2ae92d088496de5be64000392a9d94758c07244d0db12160084cc9a3a52b586
Easyney4u Forum Host suffers from a remote SQL injection vulnerability in forum.php.
3917c46d61a4aa15f2bce760726714e0e61ea9b798173887702953cf49af67f5
Easyney4u FAQ Host suffers from a remote SQL injection vulnerability in faq.php.
5602933e579c3c3a3804ae7c5fe03dc15a1fad5fd0ca7229317868fa56f788e4
Ubuntu Security Notice 651-1 - A large amount of vulnerabilities have been addressed in Ruby. These issues include integer overflow, bypass, input validation, and various other vulnerabilities.
5557d431a53fdfbc495c90e3822a34c8b1dcc60e208ef88fe797ec0c86bfdcfa
The Nokia Mini Map Browser suffers from a silent crash vulnerability.
ea8657ee3bff0560317b033c2fec9f30414dbc0595ff68403bf49e94ffbca132
A vulnerability has been discovered in the Tape Engine component of CA ARCserve Backup. Insufficient input validation when processing remote procedure call (RPC) requests is the cause of this vulnerability.
00278161704cbe007a374c1ce77d61fa33b2af3b8d8d51f3df41928d3e541e03
A vulnerability has been discovered in the DB Engine component of CA ARCserve Backup. Insufficient input validation when processing remote procedure call (RPC) requests is the cause of this vulnerability.
5ba6b5a0f0b2fe9a559c894c4b246cea5204a73a7f625b2de9c4cc1a0de60245
Ayco Okul Portali suffers from a remote SQL injection vulnerability.
d85d5c274fd61589aee280590bc454697ef3ddf1a63089dd65cb9c77e7ef12c9
Secunia Security Advisory - A vulnerability has been reported in multiple Juniper Networks products, which can be exploited by malicious people to manipulate the router's neighbor cache.
a7f1c105c22f11b8b6b6fa3e1b30e13c453bcb9ff78e64f9415889cbc5e34dcf
Secunia Security Advisory - Fedora has issued an update for mediawiki. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
9e20802e718a1c3a9dcd4371b06ac8ecfbeec99bc3dee1e5241886d6e233ab66