OpenOffice.org versions 3.3 and 3.4 Beta suffer from a memory overwrite vulnerability.
8835dab05febe30ee3df1bb4c48de2c02504156f840dc2d1d9c1e0014179f8ce
Debian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.
68e370faf2beb6cdbf84c61722cf35114006eff0082075706e518107a0b26ec1
SiliSoftware phpThumb() version 1.7.11 suffers from a cross site scripting vulnerability.
b0297f9e69c26f42d51c1e7aaaba6b1b125a76fa647dcd73ccf099f2fd2f43d6
FlashPeak SlimBrowser version 6.0.1.38 suffers from a denial of service vulnerability.
bec3ee10be31916a3a36ac078cec5caf93d30294833af00776ebe8c44bda9670
Drupal Aberdeen third party module version 6.x suffers from a cross site scripting vulnerability.
ee88888847b82bb8706b2dec511d766960874ac9ed9c858f867dbc4171cb1f72
Drupal Hostmaster third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.
7c02451f79ba6d4bfe66bd38a9d30bc0c21b9498c33fec40e740f123d695f5e5
Drupal Post Affiliate Pro third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.
24cfc303df362d58ad5a3d229f184bbbbe3f53d9a28d7441c2155d9f83548fec
A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
9b9385109737f1c4e076d9b046209fed8fd0d8cc5001274e0f5a3f2bbb355d40
PRE-CERT Security Advisory - The Linux kernel contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c).
8a1ff866f8c109707f489791566f77bc54087a39904a2e9018d41836f35c9f85
The SEC-T 2012 Call For Papers has been announced. It will be held from September 13th through the 14th in Stockholm, Sweden.
396756fabc238c4d83767b9e2075975da880c74bad443c78d42a7b5e737cbe3c
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
57c27e1b2292d0b0350bc4e9a6a61eb501064eaa248f2cdb7fc88e7fb35ed920
Unijimpe Captcha suffers from a cross site scripting vulnerability.
c9ffa6f225a88c626b7fb1d77ea68e165963c1478a15e7002f9086141d811ccd
Drupal Smart Breadcrumb third party module version 6.x suffers from a cross site scripting vulnerability.
efa13b22a802826add663af52ab799213ef8c7c5710a4d1d236b277a44d092b9
Drupal Advertisement third party module version 6.x suffers from cross site scripting and information disclosure vulnerabilities.
40c8ec8f9df7dad38b0ad224dba92d7d02b70026bf96f514a6175e20c372358f
Drupal Ubercart Product Keys third party module version 6.x suffers from an access bypass vulnerability.
63170eba807768a010da595df4dddb13c2785adc91ef336d17dba438e6e4529e
Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.
fb5e1c809897c9f19723eac2b149d18e7bbd0d84cf8545cb5f93e9b78c5c44fb
Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.
4324b59d64b342a521a0980f0e685008be9a14f33f0173e24e06a2608c59a814
Gentoo Linux Security Advisory 201205-2 - Multiple vulnerabilities have been found in ConnMan, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0-r1 are affected.
ed625e222ec8e2fd20bd7ee907062c3b0e92b9b05983eab68d6d8bdf497f1f1c
Secunia Security Advisory - A vulnerability has been discovered in ispLEVER Classic, which can be exploited by malicious people to compromise a user's system.
48c802d298509fcda8f15ef36b0b3b6c2ef7f668c8d07b800c62d59e30fa0bfb
Secunia Security Advisory - A vulnerability has been discovered in ispLEVER Classic, which can be exploited by malicious people to compromise a user's system.
48c802d298509fcda8f15ef36b0b3b6c2ef7f668c8d07b800c62d59e30fa0bfb
Secunia Security Advisory - SUSE has issued an update for gnutls. This fixes some vulnerabilities, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library and potentially compromise an application using the library.
17aa0133e7b523989c4d0996bbca9116436ed57e53c268768e8e1d8b9c34fb20
Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
400b2d738e070f94ef3fca7538a5c1e2f5673488a2999e0c0897d5deb91b4076
Secunia Security Advisory - gainover has discovered a vulnerability in JW Player, which can be exploited by malicious people to conduct cross-site scripting attacks.
4f7c0a28e0e8a70a6eb582c6f1cfa65478ce1f72bd4999a46188485fb40cc357
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in 3DVIA Composer, which can be exploited by malicious people to compromise a user's system.
bea660ef1c11ddaadc4629a4f99666b5a7c49ef146ba237564b1370dcd3c7c3d
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in 3D XML Player, which can be exploited by malicious people to compromise a user's system.
7936044c8f02e77cf0b42c885997b7e2ee7fae4d7049fc62f15ee500a141f638