KDE Security Advisory - The Debian project was alerted that KDE's DCOPServer creates temporary files in an insecure manner. Since the temporary files are used for authentication related purposes this can potentially allow a local attacker to compromise the account of any user which runs a KDE application. Affected are version KDE 3.2.x up to KDE 3.2.3 inclusive.
650cf7c1856dd61b02738370add6ac1637635e590a07b095095cc7e81d599a31
Freeware Advanced Audio Coder (FAAC) version 1.28 suffers from multiple denial of service vulnerabilities.
3aeaef89eaa445da9bfd2cd62c4c393f873265ae4b990e53e06e264ca446a8a3
Parallels Tools version 9.0 for Windows suffers from an unquoted search path local privilege escalation vulnerability.
4ac561e0a8ae43976d960ffd7ca304c4850b8d9c8ae4062502ad7e6f64ca3b20
sudo versions 1.8.0 through 1.8.3p1 suffer from a format string vulnerability that allows for privilege escalation.
81fb04538af951a21c660e19f143b2d360f83aa70ff21c86befc1fc8af952094
Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.
6eaad22fe33effe3e4d1a3e355ffa9f4cb239465e6efdd17446f0304e8263e07
KIS 2008 and Kaspersky AntiVirus for Workstations suffer from a local privilege escalation vulnerability in Klim5.sys.
986d0ad816e789cda1a3b6e60acf76a92dd2c3e35c8b13cf6af11184f8f77d00
Microsoft Windows Kernel is prone to a local privilege escalation due to an integer overflow error within the IopfCompleteRequest function. This vulnerability may allow attackers to execute arbitrary code in the kernel context, thus allowing to escalate privileges to SYSTEM.
83416b5326404b535c7aca5df86a5d9d9c86e01657b803c965feda37f7d987fa
Direct Web Rendering (DWR) version 2.0.1 suffers from a cross site scripting vulnerability.
f28ec0ceb8f160cab1326b00711ead1f5eeaf1365e622032d55cf49a026321ed
Singapore Modern Template versions 1.3.2 and below suffer from a cross site scripting vulnerability.
17b2ad18278497521392372fb3a0c92e5ea42b5e3d64e3ff2545d6a7cf2fb553
Microsoft Windows 2003 SP2 and Microsoft Windows 2000 SP4 Server suffer from a predictable DNS transaction ID vulnerability.
17df89085333f3c12c52a302a32379289e5cde6b3d5bc244cb20b4eadc104298
Blackboard Academic Suit suffers from cross site scripting vulnerabilities.
63651576f1653ebc3feb97b3ac6c1f9b29569bdd2d0d66224b804bea25132928
The Mambo component AkoBook versions 3.42 and below suffer from a script insertion vulnerability.
f823e27062db2005da028cac1266f9af6b787c932b0f0f56d285469a54d781fa
Google suffers from re-authentication a bypass vulnerability with the SID and LSID cookies.
4f025da75376d5304616a5f06e5e0cbc824d41e86de0ab0e7ddad020d50ade61
FlexBB version 1.0.0 10005 Beta Release 1 suffers from a SQL injection vulnerability when parsing the user supplied cookie value.
43fdf56c7c5fd42533478278547df832f104fe6c96ebce307fe4959802e89779
realGuestbook_V5 suffers from a HTML injection vulnerability.
b86ba6f04ebc3607caae18cbb9583cca99aa5c34260a4f01415eda8a014f5b3c
KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.
11a8b2185f26494437aee4a5b794dd9dfc7df3072b51c8db1a96b3d190915204
PHP-Gaestebuch versions 6.3 and below suffer from a HTML injection vulnerability that can allow for cross site scripting attacks.
2e93b4d81779ca64b2a6b178843c2da8f2564aa45d9289efe4ab6618d10fa2cd
Hardened PHP Project Security Advisory - Multiple browsers suffers from a cross domain charset inheritance vulnerability. Affected include Firefox versions 2.0.0.1 and below, Internet Explorer 7,and Opera 9.
dcd8c435391d3c078ac9563c091bc0f6313cafd8de503cb88d02e58310efcc93
KDE Security Advisory - kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause denial of service (infinite loop) via a PDF file that contains a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
42812a15864105269027b14064b13deb20beeca385431654ec9eb079ccaf20c4
KDE Security Advisory - On 2006-12-27, a proof of concept for arbitrary code execution in ksirc was published by Federico L. Bossi Bonin. The published exploit triggers an assertion in ksirc and results in a a NULL pointer dereference (crash) for non-debug builds.
bbe226f8526b19cff802b45793648da93e38d02f08a6eb41783cd101bf62423d
Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to SQL injection and arbitrary PHP code execution vulnerabilities.
6ae242405ad8f267856415ba69fbe2d72b0564bc948f563c7faddf7468dc8a27
Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to a cross site scripting vulnerability.
2e3cbc0dfeeffe8d32e3e64641b81da4f32b8024d0bbc6b54762599b015b0f9a
KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.
5e616116d126762e0386e401b5ffeb2270a95ffca025fe458d9dd87fc7b1f07b
Hardened PHP Project Security Advisory - Dotdeb PHP versions below 5.2.0 revision 3 suffer from an email header injection vulnerability.
7aba22abbcde28fff1cae212fbfcccf3a83a9218f5ce24a5357f7b683d45e2bd
Hardened-PHP Project Security Advisory - PHP 5 versions 5.1.6 and below and PHP 4 versions 4.4.4 and below suffer from buffer overflows in htmlentities() and htmlspecialchars() which may allow for remote code execution.
dd4e3c70ff80ad927aae14623932b488a0e87be06018a88e926d95737511aa1d
Hardened-PHP Project Security Advisory - phpMyAdmin versions 2.9.0.2 and below suffer from a cross site scripting vulnerability in error.php.
1bae322ca8783399c8a21d7d7775c5260943a18a3e1112ed3866646ec425d742