HP Security Bulletin HPSBUX02608 SSRT100333 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 2 of this advisory.
33d41ce683d2244b9cb2ed8bc782c9c762848f2ce03638f2d726f4593e82eabe
Sielco Sistemi Winlog versions 2.07.00 and below suffer from a stack overflow vulnerability.
d94010aa6fc723c13bd86c84eb622d7260847f34750e323b8ea30ff2b09cc02e
Alguest version 1.1c-patched suffers from a remote SQL injection vulnerability.
74e5612ef1e3a3fcde68e11c4ca0783489410e5644105238488d6626356aed4c
Debian Linux Security Advisory 2143-1 - Several vulnerabilities have been discovered in the MySQL database server.
2158a59bdea1b08c78875d4e873f56c5c1d87943faee4872b3536d775cff91c6
Mandriva Linux Security Advisory 2011-009 - Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as.p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.
76e0bcc1c9ba81bbf81706d454d9420f4d4853d0b97080829654f06c6930215a
Mandriva Linux Security Advisory 2011-008 - Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
80c2ca4ea49a771bb231a4b2b6e38e246ffca3cc9eb051954b48ef5c808fd0fd
Mandriva Linux Security Advisory 2011-007 - Buffer overflow in the MAC-LTE dissector in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of RARs. The updated packages have been upgraded to the latest version which is not affected by this issue.
d6555124941bcfbee1373e244767eaccf37588cac85e2d2e2e018011ebf469c9
Mandriva Linux Security Advisory 2011-006 - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
699e68d94b0bf5e8d293adb4aa1e03c377f9ff173336de2f1ecaf57f72aa5c02
Objectivity/DB includes many different tools for administration. The problem is, anyone can use these tools to perform operations on the host running the lock server, advanced multithreaded server, and probably it's other servers as well, without any authentication. This design flaw puts the host running these servers at risk of potentially unauthorized operations being performed on the system, locally or remotely. This exploit demonstrates this issue and was tested on Objectivity/DB 10 running on Windows.
e70ea4466739e596a06c0f314f33e2954e9ab0e032242029fe9f8ed5bb3c90b8
Joomla People component version 1.0.0 suffers from a remote SQL injection vulnerability.
23697dd7b00593a0a1c80d8fd8349ed03a6940e61d1851e000e29a65e0b8968e
ICQ 7 does not check the identity of the update server or the authenticity of the updates that it downloads through its automatic update mechanism. By impersonating the update server (think DNS spoofing), an attacker can act as an update server of its own and deliver arbitrary files that are executed on the next launch of the ICQ client. Since ICQ is automatically launched right after booting Windows by default and it checks for updates on every start, it can be attacked very reliably.Proof of concept code included.
04f110048b2b3c991e27e6d5e6a6d9b83938b41ab60b12fc8ec01f2728817316
Blackmoon FTP version 3.1 build 1735,1736 denial of service exploit.
4e22f5c1a35e7774bca49073d10bb43c062118b3ae4d95dd0cd1e2380c0a9189
PHP Dompdf File suffers from a remote file inclusion vulnerability.
97507fa21f019aa2dbbca49fd9a22d4af24728e86af3d91ecfab9fcf19d05b3a
Whitepaper called Session Hijacking Basics.
c10ac5549eb8d9b59dd9e96602ae6fea7e357736816f2e636a019f9594454533
Secunia Security Advisory - Two vulnerabilities have been reported in Mosets Tree component for Joomla!, which can be exploited by malicious users to bypass certain security restrictions.
be0e22f95fac7352f2c5b554e307aff5cec1ee3b0b0b0ebcca8b474d4fb69314
Secunia Security Advisory - Debian has issued an update for mysql-dfsg-5.0. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
781e313b6a59132e7080a257bd5838adc686226f1b61fb42ebe40a3db3b22324
Secunia Security Advisory - Two vulnerabilities have been reported in Sybase EAServer, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
9a26bfd0f80dd43ffd12dfa1eaf6744c9b6661797f8b3f48069e2e5036f59308
Secunia Security Advisory - Red Hat has issued an update for gcc. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
02a99c9bb7768caecca07294cfc5f9f4b273498fae5a0ad8a3437040ceef9e6d
glfusion CMS version 1.2.1 suffers from a stored cross site scripting vulnerability.
7a3e610c9d58ff611844e59f6bd52516278164a8d1fc59bf3d06bec32059c272
Secunia Security Advisory - Fedora has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
f67fb313fb5cd36a190c62350dd77c04b1c214091dc3f886d538c8ce03867a5a
Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in Winlog Pro, which can be exploited by malicious people to compromise a vulnerable system.
18f0ee12f5c57f7f65a1b6c03f9c8f4e515ad3a6ee5bb5855a4ba5c3bc0e1ac2
Secunia Security Advisory - Fedora has issued an update for pcsc-lite. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
00b241f2e3e5711123fa717a05164b1c7d30f2fd241d7e78567ece71a42f0861
Secunia Security Advisory - Fedora has issued an update for Django. This fixes two security issues, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).
c0498dc12aaf70ff9b31c01c365d44012c626ac7c4ef7733bc302694ee3ff77c
Secunia Security Advisory - A security issue has been reported in Objectivity/DB, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
84a17025d6619a898a9db498d14d6103713736c63536b5f9ba18ea6ab893843f
Secunia Security Advisory - Two vulnerabilities have been reported in the NVIDIA CUDA Toolkit Developer Drivers for Linux, which can be exploited by malicious, local users to disclose potentially sensitive information.
d191f389cdd062226919868891e2831f8f59b629ddb4e32f7f713e4c062ab420