Mandriva Linux Security Advisory 2008-237 - A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. This update also provides HTTP/1.1 compliance fixes. The updated packages have been patched to prevent this issue.
c7a3ce4c7ea18585321395dda89073129fb20d6547f928b4893616651c4d0562
iDefense Security Advisory 12.02.08 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when reading the Pack200 compressed Jar file during decompression. In order to calculate the size of a heap buffer, the code multiplies and adds several integers. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows and Linux. According to Sun, Pack200 was first introduced in JRE 1.5.0. The latest version of JRE 1.5, 1.5.0_15, does contain the vulnerable code, but the browser plugin does not handle Pack200 encoding. As such, exploitation through the browser does not appear to be possible with JRE 1.5.
dab9693cbfab156b58ccd573d6ed1ca78b9c9f6523942ff72a05ea968306ee0a
iDefense Security Advisory 12.02.08 - Remote exploitation of a memory corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with the privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for an attacker to pass an arbitrary GIF file to the splash logo parsing code. The vulnerability occurs when parsing this GIF file. The parsing code does not correctly validate several values in the GIF header. This lets an attacker write data outside of the bounds of an allocated heap buffer, which can lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_10 and 1.6_07 on Windows and Linux. Previous versions may also be affected.
790c9e0a41b95f39a04f9482a6b4f788552c5cbb8b7c9ddd89a814700672e139
iDefense Security Advisory 12.02.08 - Remote exploitation of a heap overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when processing TrueType font files. During parsing, improper bounds checking is performed, which can lead to a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows. Previous versions and versions for other platforms may also be affected.
c281806ed9fa3e749351d077f4638d4f3bb9c48e4b82e1c2431bf89b0c70d7e6
ASP Template Creature suffers from remote SQL injection and database disclosure vulnerabilities.
0e6919ac30044b840b3cb63a635ba6ca0d5bcb6a988b9f53ce60b25eb0ede00c
User Engine Lite ASP suffers from a remote database disclosure vulnerability.
acab9128389de8554c3ec4167bb07846fa23b67745fa6fe9fdd937b9871080fb
Debian Security Advisory 1681-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
95e39d29e0477fef6b59e2180db3d8fbec76a96d664655da3d4549872abc8a11
The Joomla mydyngallery component suffers from a remote SQL injection vulnerability.
fd74b4bb9711d2dceb88c1d1c6a47fd70cb10747bfeb965241a698d6897f5e7a
Orb Networks' Orb media server is vulnerable to a denial of service condition. Sending malformed http requests may crash the service denying service to legitimate users.
31f64a68d3792091f476fbaddac0f45076e43a3bc3437502076738705202fa0b
Wbstreet version 1.0 suffers from remote SQL injection and database disclosure vulnerabilities.
a45ecc7020ec66f7fa6cc694997a071a754e5fdb33e76cb6330f1e53f42e530f
Debian Security Advisory 1680-1 - Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050).
5fef039bd5fe94fc3f5cd4e925d326a2dc6daffed4198f3b8139a06c7c0806ba
PHP versions 5.2.6 and below suffer from a directory traversal vulnerability in ZipArchive::extractTo().
eef814d8f1daf79eb48fd58c0722cd5768082f124ee55a347e0683274424e5eb
ccTiddly version 1.7.4 suffers from multiple remote file inclusion vulnerabilities.
647f1009146697b1b355eb47a299f491cd35ae1f7166be6f63ebc78d8c59fa91
Mandriva Linux Security Advisory 2008-236 - vim suffers from input sanitization, format string, and arbitrary code execution vulnerabilities.
165be09831b0a0e46b603c97fb0f80a49e7ef578c6376bb2360d775b3340c334
Multi SEO phpBB version 1.1.0 suffers from a remote file inclusion vulnerability.
dc3131d8d76bdfe983d66f4cf287d6d80c66fdaf0c07ca790fcdf2d9b11cdce0
VSR identified a vulnerability in Java Web Start related to the execution of privileged applications. This flaw could allow an attacker to execute arbitrary code on a victim system if a user could be convinced to visit a malicious web site.
8ca3bf4453e1d97e1df8cb1777248b40098c96ebee21fac715d1bd6643e51396
Secunia Security Advisory - A vulnerability has been reported in ImpressCMS, which can be exploited by malicious people to conduct session fixation attacks.
f49585a2c6c0366d63244e10588bb987b498eb0bcbb0938d423e4fcd9d03260b
Secunia Security Advisory - NoGe has discovered a vulnerability in Multi SEO phpBB, which can be exploited by malicious people to compromise a vulnerable system.
ed3b510a087529956c036067f5f2916891a146949feedabf2fc36052fc3a8d2a
Secunia Security Advisory - A vulnerability has been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).
39b6e66edcacbd87e8db2120424935ebfd18531d2c52a381c221d73421c1c684
Secunia Security Advisory - IBM has acknowledged a weakness in IBM HMC, which potentially can be exploited by malicious people to conduct cross-site scripting attacks.
94353db257679a135b986ae3eafcadab44594b94283fede57308da6d563a147b
Secunia Security Advisory - Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to compromise a vulnerable system.
8f311061792305c52846374b8b83af943e86b6f0a29009ccdf7568d53893cd39
Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
8cf46091e43f4d48b2311e8b3155f460fb8f89f74a1e4ec7d3007134572af87e
Secunia Security Advisory - Debian has issued an update for perl. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
e2c21f8e512e73b84872a6040a4aadad256db82bba3853ae86ba9d440bd3db83
Secunia Security Advisory - R3d D3v!L has reported a vulnerability in Gallery MX, which can be exploited by malicious users to conduct SQL injection attacks.
0555c1c1393ddfdd08275de14b5256d9a223e47b58cb0b51874719a9686a2899
Secunia Security Advisory - Pouya_Server has reported a vulnerability in W3matter RevSense, which can be exploited by malicious people to conduct cross-site scripting attacks.
690cd8475683045e77e0192179da7f9c80d73d820469217333bd9784d32f7cb0