Mandriva Linux Security Advisory 2011-172 - Multiple vulnerabilities has been discovered and corrected in libreoffice. Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted.lwp file. oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.
4fd81df2fa0142fdec47f52a8a168c1a357a0b84ccca8a96b9d1c47d50f2c6b8
Debian Linux Security Advisory 2344-1 - It was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution.
033975c3139e31efe4ff8206eb96eefc354fa2755ad953e26c9cbcb77cabd27e
Mandriva Linux Security Advisory 2011-171 - GNOME NetworkManager before version 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
b0497990b7cd3f0be96a104f99d44c5413f36998cce68cf0d2fd1763c43b2bbc
Catalogue 2011 suffers from a remote SQL injection vulnerability.
8a262513115f5409aceeb57f4b44a2acd1211b1c4ad6b1724b0300974daf5851
The Joomla Content component suffers from a remote blind SQL injection vulnerability.
2e512eedd5f4ab4a0a48db04f9dc574fbe2b10500492950c7c3367c1627ff060
Gentoo Linux Security Advisory 201111-3 - Multiple vulnerabilities were found in OpenTTD which could lead to execution of arbitrary code, a denial of service, or privilege escalation. Versions below 1.1.3 are affected.
b951768d5e2347203366c650684104908ab59f45148ba3a22a15400e36699cca
4shared.com suffers from a cross site scripting vulnerability.
4a097611bd26647f91cbceaadedc5af210cba48d13181cdd5c048a046e2672a7
Agentportal.westernunion.com suffers from a cross site scripting vulnerability.
de42a1656deb7e30879a65442f0a0ddae03d218e8335e13e747942475a1bebb0
Shockwave.com suffers from a cross site scripting vulnerability.
1c346d7d92e5f11ec467171084c6a946ad3500134aaf59ff28667968bb8e2beb
Tinderbox.mozilla.org suffers from a cross site scripting vulnerability.
da12d621b9af4c8729e5a546f808e6a5f92477c423365113122d103242a4809e
Whois.com suffers from a cross site scripting vulnerability.
f851a7a0ebb8e35c2de8c2651f796032b4336fc863d9511c4bc1447496b78bc6
IBM.com suffers from a cross site scripting vulnerability.
9a5b1508a82bda33ca2e95780663299764aeadf13aad4d77f6a557fc9546033a
MS11-083 denial of service proof of concept exploit. It attempts to trigger the ICMP refCount overflow in TCP/IP stack of Win7/Vista/Win2k8 hosts. This requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. A dereference function must be called that is not triggered via UDP but ICMP echo packets. This exploit creates 250 threads and floods a host with UDP packets and then attempts to trigger the de-ref using ping.
8599b0b1ac07fed75a167b44758ada7368eb687ba515c6c1f6c4ea9d3e84cbf4
The Skype vendor website suffers from a cross site scripting vulnerability.
22dbe42f1a221b90095564d5f9448154d5c7174012997d50ff15350beae0f877
Mandriva Linux Security Advisory 2011-170 - Security issues were identified and fixed in openjdk (Icedtea6) and icedtea-web. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
e2c7f52186f217d479f8d33ec72b7002da0b148f003d9142d6a982774c54a2e1
iCloudCenter.net suffers from a cross site scripting vulnerability.
ec809a7bc51d0abdca5617be5e231b4c9623ce69d7d2cd29f18297fae905ef14