Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in Sitecore CMS, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks.
731fef840f3213963e162f633ea7b022fe5af69e90ca6c74559161c846ba7ddf
Secunia Security Advisory - Kees Cook has reported some vulnerabilities in MiniSSDPd, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable system.
25d471b4352ea034c000ecbddcc72fde5ccc9fd48a67f8f55cdc0d40f00d220c
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in Hitachi JP1/IT Resource Management.
6dc7af8f00ee5a56965bea264114d8bdedc00fb36baf910daa290ced2b20a576
Secunia Security Advisory - A weakness has been reported in UnixWare, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
11ee57117d9a0038bf0b1cb14c9c9e697fd0514e1954cf7fe744e0705e4715e4
Zero Day Initiative Advisory 11-244 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexera Software Flexnet License Server Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the lmadmin component which listens by default on TCP port 27000 (this can vary however if the port is in use). When handling a packet type having the opcode 0x2f the process trusts a user provided value when calculating the bytes remaining in the packet. Using this tainted remaining length value the process then copies packet data into a buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the lmadmin user.
db7e59a0376e24785389a9bdd53eb17e30918197fb24d6479b7244441faff253
Debian Linux Security Advisory 2288-1 - Hossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.
0942125455ecdca6e7d9c6ac052199e949491719d018fa17cc47170a2500f8b9
Ubuntu Security Notice 1181-1 - It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.
14e4949d1f5bc313734e55b50adf2646d195731a6e58ea63f28211c4574fdbca
A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7e
Debian Linux Security Advisory 2287-1 - The PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image.
3e4ff8efb347ee8c838157bb520547cc9e35f8767d8e12ee5f0743289e6a2a10
Red Hat Security Advisory 2011-1105-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
a15792b3f1e80ca14608f17434901abad86b00e590ca41af294df19788e35990
HP Security Bulletin HPSBUX02689 SSRT100494 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
410d172768a0ba4e161eff00917672425a62136388aa62870dd61928f6ac75a7
Ubuntu Security Notice 1180-1 - Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.
73488b7895c24ac8ac74d084316a22f34c14b187f20dc4e1f7217d106c0d496b
The PacSec 2011 Call For Papers has been announced. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In an informal setting with a mixture of material bilingually translated in both English and Japanese the eminent technologists can socialize and attend training sessions. It will take place November 9th through the 10th, 2011 in Tokyo, Japan.
dca0f39b75814edf6679ea7e25c56ab736e16bbde5f2457e3596373f50b9883b
A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecb
HP Security Bulletin HPSBMU02669 SSRT100346 3 - A potential security vulnerability has been identified with HP Data Protector's Media Management Daemon (mmd). The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 3 of this advisory.
023f9f0287071bd93ef56a2a9b53002c263f6c32acbfbdbfd8bb60c304c8288d
MyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.
673ed7cfec26749b14ec4996ad07fbed7d17e304de1e91825849f7949f92e9ba
MyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.
d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330f
Red Hat Security Advisory 2011-1104-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
092507d3038dfbf480768d784c2a9a2cdafa92eeddaa12ebcd38a530810d7ef6
HP Security Bulletin HPSBMU02691 SSRT100483 2 - A potential security vulnerability has been identified in HP Performance Agent and HP Operations Agent. The vulnerability can be exploited by remote unauthenticated users to delete arbitrary files. Revision 2 of this advisory.
d48b2413875cfdf36d816dcc286b9523aa1e735d9005430b43bc08b4467c992a
ICQ versions 7.5 and below for Windows remote denial of service exploit.
3a6a1153fe46b2a5d8f478cd4dbaf2afc905b2e7008deeedbe8ac9a11442f4d1
ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.
4307cd7c0b9620083e36f686fe14e007f7ca64884c5ceaa83beff75b77a767ac
Ubuntu Security Notice 1179-1 - It was discovered that the hash processing code in libclamav improperly handled messages with certain hashes. This could allow a remote attacker to craft a document that could cause clamav to crash, resulting in a denial of service.
9ccd80cbdb629179bdb7f149238901f7768ec936dde8922f437227d26cddb7c8
Red Hat Security Advisory 2011-1103-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
9dc92fb24236ca66b3fa9371b984aa55e313f796547e3aad55237ae4d87a267b
HP Security Bulletin HPSBMU02693 SSRT100583 - Potential security vulnerabilities have been identified with HP Network Automation running on Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS). Revision 1 of this advisory.
20cbc43130c1c87ccf95c28570cd3fa91cfef30974544441bbec0ad97014ac6b
A stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
8c2aad516fccebdeefca7b40556e1cfb18e6b22108f839a744c124db43130d39