Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
ae88faae108f01ca6ae7ea5089ab26ccdc686f733c93ddbd726ddb2b9f5100ff
Secunia Security Advisory - rPath has issued an update for openssl. This fixes some vulnerabilities and a weakness, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to potentially bypass certain security restrictions or to cause a DoS (Denial of Service).
0cce34c7d131303f32a64dffaeec7548e6a03beea391c0dc8cf71a40115589dd
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
f4eba2703a2f33c25aa54751b737178bdbbe28df50b712e768423e1cbbe8e110
Secunia Security Advisory - Fedora has issued an update for ntfs-3g. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
c64e2afc6774972bf68eb4e32a42d8517c40cb688fec7f750e0509c28c7d1fd5
Secunia Security Advisory - Red Hat has issued an update for gimp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
c025905117b738dc0174fa087018efe0115e05bdb4be6330b720dc62da237a8c
Secunia Security Advisory - Ubuntu has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information.
d3cc8d3494a50adb331851812ef82a995ae84d7d3b368470c77f3d3bad021009
Secunia Security Advisory - Janek Vind has discovered a vulnerability in the Dance Music module for PHP-Nuke, which can be exploited by malicious people to disclose sensitive information.
437b399504b607900beeb770c6aa812161c59452a75c5faabe6725b9a3cc2253
Secunia Security Advisory - Jason Kratzer has reported some vulnerabilities in JSPWiki, which can be exploited by malicious people to disclose system information and conduct cross-site scripting and script insertion attacks.
fe0007408d063b313e2c712ca7c462ec21e3cd26078704b913cf9df8deb787bc
Secunia Security Advisory - Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
9c285fb00edd50ae37ef1f780bd6bbb590c1ef0927a17973d19d9a1dd7cf5e39
Secunia Security Advisory - Luca ikki Carettoni and Luca Daath De Fulgentis have reported some vulnerabilities in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to compromise a vulnerable system.
e801a02c9a902072d6ae0c6b5c8e63eaf8bfab85d7e9f4b4770ae2c0f5a173d8
Ubuntu Security Notice 520-1 - Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service.
08fdf822b219ed0f0abf8b3431b5a4c1910e9651393d36ef7b66b19ca7021083
OrakelCrackert is a tool that can crack passwords which are stored using the latest SHA1 based password hashing algorithm. To speed up cracking, the tool exploits a weakness in the Oracle password storage strategy. Therefore, cracking - for most passwords - is still just as fast as it was before the introduction of Oracle 11g.
5293c61b9916b0a25af39e553ff393284d2acd51443e7e5e0dd7b3270a0955b4
Secunia Security Advisory - K3ZZAP66345 has discovered two vulnerabilities in FrontAccounting, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
8817e159c2dedf33fa7367995968cdf693e8c71b40454ed14f6ddb9acefe3f51
Secunia Security Advisory - Red Hat has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or to conduct cross-site scripting attacks.
e1e607520371b27bd3a905bb402ee6f8bbdf482eb379a99ab1fc66cd086b45c0
Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
6526e3a4fb2fb638aa2f6f55fc53198350d77d349f17a5d512a64b6ac0410c18
Secunia Security Advisory - Fedora has issued an update for bugzilla. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
05148f2762ebba2bf81711d610b845204840416046bdf97bfea2c06b6c1aaefe
Secunia Security Advisory - Jesper Jurcenoks has reported some vulnerabilities in SimpGB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1eab444ef3e1bf6056b14272679d2878f482651a68b2e967b6d37bd02f170611
Secunia Security Advisory - Jesper Jurcenoks has reported two vulnerabilities in SimpNews, which can be exploited by malicious people to conduct cross-site scripting attacks.
e2f6764f8eb9d9c664e05be0aa07c8963bbe1a292f8ad3fe8e17e16f9830bd57
Ubuntu Security Notice 519-1 - Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information (such as passwords).
8eb3ffc0a271f7162f7d84997a46e1b0768044e5a04c16030d0c288789b788b0
Mandriva Linux Security Advisory - PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
25a0c70c9813bfaedfc228bc8e7892c1430ac76c2a3b7232fe0568c80eac73f2
Core Security Technologies Advisory - Remote command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software. Versions 6.1, 6.2, Pro, and Lite are affected.
a169752bda3d6b540fda18a859076936d25011576f4d4dcaa1301b5888256f66
SimpNews version 2.41.03 suffers from a local file inclusion vulnerability.
66293223fd03c19a5fcd12f3842660cc0deeb3af05a93b299417b9837443317f
SimpGB version 1.46.02 suffers from an information disclosure vulnerability.
2963f36b0a3ca99b6716c8153cf68812209159f572fe153b2c4456b7754d3411
SimpGB version 1.46.02 suffers from path disclosure vulnerabilities.
c9981ca4a730f121d4211200f419eb49d93bcbecb992b49f9ae7d075667fd42d
SimpNews version 2.41.03 suffers from path disclosure vulnerabilities.
3ee4df8a1f7ac08c8902567a0e2a16ae61b9b3db066ac1c66bea635c0c6fdb8e