Mandriva Linux Security Advisory 2010-004 - A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences. This update fixes the issue by disabling the display of control characters by default. Additionally, this update fixes the unsafe file creation in bash-doc sample scripts. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
cecf5d289b6ca57a4dbcfdb0a5b2ba9a1c0fd3f8c8df30f2765c92c0d911648a
Populum version 2.3 suffers from a remote SQL injection vulnerability.
c951f53ecf3b068d13e19036ad579f67028a58dab197523e95aa602382181c8a
East Chicago Avenue version 1.0 suffers from a cross site scripting vulnerability.
418758c5705a7ea47423c270bd7ef681a167bb5493a118390aaaae87cb615d3d
Technology for Solutions version 1.0 suffers from a cross site scripting vulnerability.
83720b477bc0df93c1b0e90e3b24a3bcf5312c096c8182f74cc42154404f22b1
SwiFTP version 1.11 denial of service proof of concept exploit.
8a1bac54a2d5ef9200e561c52e92b2045fd7be0facb069101ec7ddf1ce3c9489
Secunia Research has discovered a vulnerability in Flash Player distributed with certain versions of Windows XP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a use-after-free error in the bundled version of Flash Player when unloading Flash objects while these are still being accessed using script code. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code.
e8fe4e0af5b93e0d9bbfa1967f643e5a9513e596229ed6ea1e8b573d47934a1c
MIT krb5 Security Advisory 2009-004 - Integer underflow bugs in the AES and RC4 decryption operations of the crypto library of the MIT Kerberos software can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution. Only releases krb5-1.3 and later are vulnerable, as earlier releases did not contain the functionality implemented by the vulnerable code.
193c3366049395667e47d23e4b590c4d4d8774883250a735de92418983d0d6ec