Mandriva Linux Security Advisory 2010-211 - The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues have also been addressed.
c4aa2dae679ba79e24b8322c372a70db3de31777d295bd7bdc83df4e576d061f
Mandriva Linux Security Advisory 2010-210 - Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Various other issues have also been addressed.
b49486071419be28e46150635739bbf1691dc4896d5fd2196ec5211581c260cf
PyProxy Proxy Hunter and Tester version 9 high-level cross protocol proxy-hunter python library.
cba978bee526ceb35eb10cd5ce910c0b25b9b45364e32bfc6f7fb676d869f026
W-Agora versions 4.2.1 and below suffer from cross site scripting and local file inclusion vulnerabilities.
34e4ef1db03fada054256f916dfe9cf40aced3ff3f65c9e4fe2b2e6d81cb2d78
Mandriva Linux Security Advisory 2010-209 - A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitrary code execution.
cf7b44c0abecb921f207fc7f27c5244f40e3f24c3167eb87026c2974168fe890
Debian Linux Security Advisory 2122-1 - Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.
857fca073644547dae968ea11ffbcdca81c4d210891ea09f1af7219cd193c2c6
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.
56712911c7ae4fe887c781b84ff85146b9dcdb7cd4f854c31d844764ea7f5191
HP Security Bulletin HPSBMA02593 SSRT100237 - A potential security vulnerability has been identified in HP Virtual Connect Enterprise Manager (VCEM) for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.
9b417f8a3b89f033a8c2a022a3bde58caf421466dfba6f41bc28cec6afb3874d
Spider Player version 2.4.5 suffers from a denial of service vulnerability.
642dc26d6c15a5cae279107e02180ac799795066cab5e7fc6aa726488ceaa74a
Microsoft Internet Explorer suffers from a cross-origin leak vulnerability.
53499dc63a1db7878a76102343c1baf73d12e3bc3f97685e9fc61b7aa875f0dd
Ubuntu Security Notice 1008-2 - Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to 'raw' when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the 'format=' option when specifying a disk. Original advisory notes that it was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
4d8e02c3a4d091d01b98eb080d057e61ab552e957bde8a3214bbd12d6c7d4a0b
Secunia Security Advisory - Multiple vulnerabilities have been reported in iWiccle, which can be exploited by malicious people to conduct cross-site scripting attacks.
6cf84b8c6012aa71e33e8378f9ae726bb52cd6fcd47a872f3f840a34ef713f24
Secunia Security Advisory - J. Greil has discovered multiple vulnerabilities in Sawmill, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system.
cd8527aa6fa6cc0ba69ce6b7cf8d8816fb945fbd15de6d888740bc047672ec10
Secunia Security Advisory - Chris Evans has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.
f3e88a50734501ee7b2248c16d43dbf585e57e7d91c00a4802d1e6b2a54af5a7
Secunia Security Advisory - A weakness and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
de1b1fc493d72b8d749d034af4652da2a40f10c2c8de8ff0e32b3b9bc71760ab
Mandriva Linux Security Advisory 2010-208 - It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.
2dcc45f1140e070e5166be26b8d3ee85ca8334858f66c04bf67550e965a60fef
Pecio CMS version 2.0.5 suffers from a cross site scripting vulnerability.
05dc4479ffde12054111c5b44dadfafa2c5120d85eb6482e1494df7de92e8cf7
Wiccle Web Builder CMS and iWiccle CMS Community Builder both suffer from multiple cross site scripting vulnerabilities.
131b387ddda597eea6f5958b0702c023bd31d235e6b60d19fce3e2b40dd9604d
Ubuntu Security Notice 1008-1 - It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
c064ab38868a95bbd59b13f2896302bf08bc54ede0f09b2e2a8362053a7462e5
Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.
19c623243755d4e723f8bafe5e6b21f7bc24f231ced44057c528a648edd4ae9e
Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.
2bd10f0a3d3cc78cbdd70e360341145cdcc41d59f78c199e223b197ec74303a1
Squirrelcart PRO version 3.0.0 suffers from a remote blind SQL injection vulnerability.
240276667d87c9d02ced8d4a4562ea465e0ea1d9039cda58277ea31e5bea9ea2
HP Security Bulletin HPSBMA02596 SSRT100271 - A potential security vulnerability has been identified in HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.
5cb27aaadce212727e1fb1b7d6053f27b3c3f046ab99308fbdb5f12747debf67
HP Security Bulletin HPSBMA02592 SSRT100300 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows running Adobe Flash. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), and unauthorized modification. Revision 1 of this advisory.
ed7bca84d41ba120ee86c4bc10906b785b5840de9ba41f6163285c718f510e73
HP Security Bulletin HPSBMA02591 SSRT100299 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely resulting in cross site request forgery (CSRF), cross site scripting (XSS), and privilege escalation. Revision 1 of this advisory.
36b03398e5c2de3131e9eba0578be33ca589245e6201650f2a48454b9415e19a