Secunia Security Advisory - Gentoo has issued an update for mono and mono-debugger. This fixes multiple security issues and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, disclose sensitive information, bypass certain security features, and potentially compromise a user's system.
43a420c69f2b80d7e871ccc0518c2ac6a2c8ebfd3abdecb8453f24ee9c457f0f
Secunia Security Advisory - Gentoo has issued an update for pidgin. This fixes some weaknesses and a vulnerability, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service).
4648cd6d084bae2fd511ee24f801f2b0f4ade509c7bd2de5a18e9830d89fd516
Secunia Security Advisory - Gentoo has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
54136add141fde901b1880d9fdc3affed02d38e78a847385b566cf9afed73b3c
Secunia Security Advisory - Vulnerability Lab has reported two vulnerabilities in Interspire Shopping Cart, which can be exploited by malicious users to conduct script insertion attacks.
49878c0872a2123f191e8a62e48e9c5ecf3f8de1f9c91754933c943f05fd757b
Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
74f8bec3952b6a7b490c5f7cef58616d47613312a4c1e521a686253b75262221
Secunia Security Advisory - A vulnerability has been reported in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.
56c66c842d914b32a1967d88ce185ccc83b1c331ae7c7275ee9bfc36685567ed
Zero Day Initiative Advisory 12-100 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PMParamHandler component of Performance Manager, which is served via an Apache Tomcat instance that listens on TCP port 8081. The process receives a filename from a remote user and performs insufficient validation of the provided file path. Additionally, the user can specify an arbitrary extension due to premature truncation resulting from an embedded null byte. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could lead to a directory traversing arbitrary file write and ultimately remote code execution under the context of the SYSTEM user.
62fba378efa118194bf75380e1caf3bdbb3a81ca43f314376ca1627030337be8
Zero Day Initiative Advisory 12-099 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that is received. When parsing a field in this packet, the application will use a signed length to copy data into a statically sized buffer located on the heap. This can lead to a heap-based buffer overflow and allows for code execution under the context of the service.
64bbdb8d912b2e77427f770b39fb5309ace52ec15991e279f6d81b1268f751bb
Zero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.
a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccb
Zero Day Initiative Advisory 12-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x320 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
1c1f3a3e3b1ea2c30d5e88a6ed5a02758054e2e93ac7c92988ed4cbb989df1d4
Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
df8058279a3a470f0f6120f9c7043177979a194827cfc608434c36cb3b42c698
Cotonti version 0.6.23 suffers from a remote SQL injection vulnerability.
b722853730e8c0e87d6f6c56bed1aabbfd2f49198781981da59790b8c8c27954
Zero Day Initiative Advisory 12-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x330 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
ff843e03fe1fd89ea3c39d8a5267a02514914a3b649920437ff61e21fc352272
Zero Day Initiative Advisory 12-095 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the transform attribute the code within QuickTime3GPP.qtx does not properly validate the length of the data within a translate or matrix object before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
a690137e64bef8ffcb153214bdb9c44ed446d4114da83d08686a0c31ffe78477
Zero Day Initiative Advisory 12-094 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Real Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within rn4auth.dll, which is responsible for parsing authentication credentials. When the GetNameValuePair() function calls strcpy, there is an unbounded copy into a stack buffer, which can lead to stack memory corruption. An attacker can leverage this vulnerability to execute code under the context of the process.
3ea4397117582729d6427e6e756813763f37762cbe5048736144e9c8b0b4c896
Infrastructure Resources LLC suffers from a remote SQL injection vulnerability.
0058033c7cdf737464d86c452302bbbb5a5d845ca4f957250921b006a554a2d3
CMS Lokomedia version 1.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
a4fb376b53311da0808f524b506bdcf28600bb6b6eef0e9628cc2ae47aab4be8
Bitweaver CMS version 2.8.1 suffers from persistent cross site scripting vulnerabilities.
94c1ae75fac4899db3bff5a7b213bb36be094f31df2214565996a379b6f2414a
Red Hat Security Advisory 2012-1028-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS Platform 5.3.0 Release Notes.
f5a6eab4adeb9bde444f861593d0766d2577f80b17b7949872cefc121c3995e8
Gentoo Linux Security Advisory 201206-13 - Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. Versions less than 2.8.1-r1 are affected.
8894376799d8215e45a29bc083e642716aabec87867cd424a30c18181dc497dc
Gentoo Linux Security Advisory 201206-12 - A vulnerability was found in tftp-hpa, which leads to remote execution of arbitrary code. Versions less than 5.1 are affected.
c70562ba5771d8a3a2703bb987d476774bc3df50d029fb7834ba272e952df386
Gentoo Linux Security Advisory 201206-11 - Multiple vulnerabilities were found in Pidgin, the worst of which allowing for the remote execution of arbitrary code. Versions less than 2.10.0-r1 are affected.
fccbf14641980aaf2607eb97aeca7b851f33722796f8da32707b4794b511eb68
Gentoo Linux Security Advisory 201206-10 - Multiple vulnerabilities have been found in ejabberd, the worst of which allowing for remote Denial of Service. Versions less than 2.1.9 are affected.
6cd681249ed6044831c35f3c68aa924ec71fde18cf604b30cb8c2814194b8e5c
Gentoo Linux Security Advisory 201206-9 - Multiple vulnerabilities have been found in MediaWiki, the worst of which leading to remote execution of arbitrary code. Versions less than 1.18.2 are affected.
2ae3bc72ec6a16c6837ec41edc36fb76dded93cd54de24920dc77b2d2a0cb4d6
WordPress Schreikasten version 0.14.13 suffers from a cross site scripting vulnerability.
e9b47fbc580675c3a26e6b1fb58f07c5fd9133fffeed38a9bb1881beb19443ed