Firefox 2.0.0.11 appears to suffer from an INPUT denial of service flaw.
106de90631ae727c057e777f65c56f3e54f8d09f1d807d7aa7fb49cf8f679345
Gentoo Linux Security Advisory [UPDATE] GLSA 200711-29:02 - Samba contains two buffer overflow vulnerabilities potentially resulting in the execution of arbitrary code. The original GLSA only resolved one of the two vulnerabilities due to a regression. New packages are available that resolve both buffer overflows. Versions less than 3.0.27a are affected.
5557de32405923b2805ccfe30b4853e9a647f880a50d5de4f71ef0a5b640500b
Gentoo Linux Security Advisory GLSA 200712-02:02 - It has been reported that the local_graph_id variable used in the file graph.php is not properly sanitized before being processed in an SQL statement. Versions less than 0.8.7a are affected.
da4a4b89600f7f51dc73aa6b1ce47f4768e8e260621ae035de1d06f41a1443af
Gentoo Linux Security Advisory GLSA 200712-01 - Suse Linux reported that Hugin creates the hugin_debug_optim_results.txt temporary file in an insecure manner. Versions less than 0.7_beta4-r1 are affected.
f72a55677a24c843f1f060ea87e950a2a91ad0269c80bcf1ee72aa118b7377c1
ezContents version 1.4.5 suffers from a remote file disclosure vulnerability. Exploitation details included.
836281b1587a26e996351b905a3aabb5dc4198eb9ac3b026a7c8ab57163f12ad
Debian Security Advisory 1420-1 - Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation.
d23d17f90a2adf746f2242041c32d79d54e57c8fc7b7d073a784c2b395e16d41
Cisco Security Advisory - A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.
d6feb3ae1ee89b617ef815ece5040454f7d85e317d3b91ac3b902fda7d1785b4
The Cisco 7940 is susceptible to a denial of service vulnerability when sent a sequence of SIP INVITE transactions. Demonstration exploit included.
a26c3e610685427175a09dd9c6263f17dfcce7d29309566957189aa762b24539
The Nokia RM-159 version 12.0.013 suffers from a denial of service vulnerability when accepting a special sequence of SIP messages. Demonstration exploit included.
982d32bb063c52ac57973b7647ceca386a41fd00f3d6fafc909e609396e52d0c
Debian Security Advisory 1419-1 - A vulnerability has been discovered in HSQLDB, the default database engine shipped with OpenOffice.org. This could result in the execution of arbitrary Java code embedded in a OpenOffice.org database document with the user's privilege. This update requires an update of both openoffice.org and hsqldb.
c16330dba85aa9cc4f0f76fb8674472566d62d50cb9be41f7f80f5c8f1b448b7
This is a script to obtain a basic shell remotely on unix systems behind firewalls. Client gets commands by periodically polling the server and sends the output back after executing them. Traffic traverses firewall as standard outgoing HTTP GET/POST requests. HTTP requests/responses carry payload b64 encoded.
bcbe505bee2a0877ae0ac0de00bbeda57cfbcbba46d50332bd6b6a0dde1abf18
CiscoWorks versions 2.6 and below suffer from a cross site scripting vulnerability.
e82d3e33fc9023b1641db87b491be48e638aec82f23c25a91a6e65ed97d725a4
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
d4503fd2d730443d0c3918048a4fb1482c4e87a55a81e6c6fb92df13accec2bd
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
ee8e022d60a4f225a981bf8408d6c35ffc30b4726665854ced05778cf7c0feff
SineCMS versions 2.3.4 and below with the Calendar module suffer from a remote SQL injection vulnerability.
b0ff2a7916ae3e6728f3450b14ecfd23a3ece8b3aee17a731eb923f882626a4e
The Mambo/Joomla component rsgallery versions 2.0 beta 5 and below suffer from a remote SQL injection vulnerability.
dcb1c4abb718a08363c440ddbec0a9390ab1be55a36bdff64af572c3269968f2
Opera is vulnerable to a remote denial of service attack, using specially crafted BMP files, that causes the browser to freeze for a short amount of time (around 4 minutes on fast computer).
93b879e9a06d7e933fad2efbb0ff9f866107dcf04c983da9154afa99bd7a2b12
The MPAA web site suffers from cross site scripting vulnerabilities.
b8242db2e9de0aa143117b12d1ed5ede37fa7cba62a658fbeacf46f6219df6a6
Mandriva Linux Security Advisory - A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users.
f791a9296c8d4400be0291b24e5962d68ebe3bd47ea912792d38fd87a0988fd5
Mandriva Linux Security Advisory - A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
b9a5ce7c195cf23dc93bea4b0e8421b2c3846ed1d22327a5e165ead7aa461f41
Eleytt has discovered cross site scripting and username enumeration vulnerabilities in the IBM Tivoli Provisioning Manager Express, a HTML injection vulnerability in the Computer Associates eTrust Threat Management Console, and a denial of service and remote user addition vulnerability in Gadu-Gadu.
fda1f78dbc21e6774b76805b3b3221c77386552903d0b01b908867ea83063cbb
Ubuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.
a5ca1e30ea861e4166a60a266a86b1e6214e7fd247ffec66450a64a54d59bf70
Ubuntu Security Notice 552-1 - It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.
2f2bc258abbaf3c5f0854911699f361757f636eec99c67a0c470e681692e7f70
Ubuntu Security Notice 546-2 - USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail.
cd6620ec6ef11dcd2e4ad14c25d074f47f1e99e49f81174d1ae8cd195e713a76
HP Security Bulletin - A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited remotely to gain unauthorized access.
f778ace1842d805c54d5c2c7d179191b9389baafbe1938ad271c0a143f9a7230