OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities.
439326d231827e72e3d0872c060c5c62dddd34691c556c0825bfa59c8c7f1d96
Secunia Security Advisory - A vulnerability has been reported in the Chaos tool suite module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information.
a8db0f30b9271f122f48329f760cb003e0fa1324a73e9ab0ac9e0d5b7ffcb8a1
Drupal Chaos Tool Suite (ctools) third party module versions 6.x and 7.x suffer from cross site scripting and local file inclusion vulnerabilities.
12064a3019b369f44e0d7a14cf85b3ca9fa4586cade8f60da291fa6cfddc03ae
Red Hat Security Advisory 2012-1151-01 - OpenLDAP is an open source suite of LDAP applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security negotiation with OpenLDAP clients.
b5e58ac02a262a4dec401a753af836111759f4a329334fb8c3c1a2a0b7b62159
AfterLogic Mailsuite Pro (VMware Appliance) version 6.3 suffers from a stored cross site scripting vulnerability.
70975b139f142c6b5aa2788169c1656874f10ae8fd42b3b7714b3d1791acff41
Secunia Security Advisory - Matthew Joyce has discovered some vulnerabilities in ConcourseSuite, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
048a6cd89895dd4d0e3351bc27906ef963207169477b47fcc1219eddb3f3694f
Debian Linux Security Advisory 2520-1 - Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.
01058fb3e73899f5614de4378a1f281d11b663b075a75d78a87026487124e896
Secunia Security Advisory - GBS has acknowledged a vulnerability in multiple iQ.Suite products, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
b6d4ac71ce3089e5e78315d51b8b103d09b1f36a1afa20e4b2fc34122a78b81b
Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
b59bd2e586688730a92ac126349c089bef1303f0b4131b5918f5c095da0db017
Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
ef5af1d4129c97a023a0cc2e74caaa7ad86b3ab37d19926858984185cae82c3c
Debian Linux Security Advisory 2513-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
ecdacb7db4117e0389ca3b7ac3b6bbf964b7f0e66d078e72b75033ee15856f52
Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle E-Business Suite, which can be exploited by malicious users to manipulate certain data and by malicious people to manipulate certain data and bypass certain security restrictions.
1df6ed34712f36a018214b51e49d4c7db103899c14a21168b21e566b59b9fc79
Secunia Security Advisory - Two vulnerabilities have been reported in Hitachi Command Suite products, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
32a01a0d6ef5577b38a8c7cf248b95698cd1b9f7e905603f81e3a19475854b60
Red Hat Security Advisory 2012-0899-04 - OpenLDAP is an open source suite of LDAP applications and development tools. A denial of service flaw was found in the way the OpenLDAP server daemon processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure. These updated openldap packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.
5bbf4104a0f6737f6233dae01d97d330f3d178b6e09366055e842bbb725e8ef4
HP Security Bulletin HPSBUX02791 SSRT100856 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS). PHP is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
82242c858879c5590d3cc4aa2be0779747605eb91aaebb7622591ecb8aca1651
Debian Linux Security Advisory 2494-1 - It was discovered that ffmpeg, Debian's version of the libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).
4501feb8273e9684718b44e670322a6446313c332368d2d5a2059638c53e4d2a
Secunia Security Advisory - A vulnerability has been reported in BMC Identity Management Suite, which can be exploited by malicious people to conduct cross-site request forgery attacks.
9f5d160e78b11276c481ea41549eba5f462a49ebe3546027de24aceb57e803a0
ClanSuite version 2.9 suffers from a remote shell upload vulnerability.
4cddd6e26800a71ebda87657e74dc50f77b7e8201898a675b391e0b6025449b4
Debian Linux Security Advisory 2489-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
69f085e8eee306fbae80d0470ee3fb7b7cd2709170e43ebde8de65d32dbce086
Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.
6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370
OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.
c0fbf3513a8c6f3a2d74cceeb3b60aa04aa8253399451b37f5db876426268ecb
Wonderware Archestra SuiteLink suffers from resource consumption and denial of service vulnerabilities.
c34e1df7a3082d619c7c03aab1d1f9f1341e2d5947161396f2bcfcb5128fa599
Mandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.
54666cdfa2efbdfef9bc70d2dfc67f9deaea6c7ad3fe4059fb274292752c2164
Apple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
8a1ec648cdab00dde0f7ff37efd462d6ad93a16f2b5d89ca92fb566b939516e3
Mandriva Linux Security Advisory 2012-070 - A file existence disclosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.
f73e89882b6346ed93095ab15bfe3217fa69a9be28af45eabd68ea7d46a92cfa
Mandriva Linux Security Advisory 2012-069 - A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.
b43d6952e069ab1c764cbca75c6c3956e4fbed97ca5cf8d5101e51452823a6f3