[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 8 Update: chmsee-1.0.0-1.26.fc8

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. ...

SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited...

PHP <= 5.2.5 stream_wrapper_register() denial of service

Application: PHP = 5.2.5 Web Site: http://php.net Platform: unix Bug: Denial of service fonction: streamwrapperregister special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1...

[SECURITY] Fedora 7 Update: kdewebdev-3.5.8-3.fc7

Web development applications, including: kfilereplace: batch search and replace tool kimagemapeditor: HTML image map editor klinkstatus: link checker kommander: visual dialog building tool kxsldbg: xslt Debugger quanta+: web development...

[SECURITY] Fedora 7 Update: kdevelop-3.5.0-4.fc7

The KDevelop Integrated Development Environment provides many features that developers need as well as providing a unified interface to programs like gdb, the C/C++ compiler, and make. KDevelop manages or provides: All development tools needed for C++ programming like Compiler, Linker, automake a...

[SECURITY] Fedora 7 Update: Django-0.96.1-1.fc7

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 8 Update: Django-0.96.1-1.fc8

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

DSA-1402-1 gforge - insecure temporary files

Bulletin has no description...

helios-xss.txt

Hi PacketStormSecurity.org; I'm reporting a vulnerability of type XSS in Helios Calendar, thank you for all. +==============================================================================+ + Helios Calendar =1.2.1 Beta XSS Multiple Remote Vulnerabilities +...

Microsoft Visual Studio PDWizard.ocx ActiveX Control Code Execution (CVE-2007-4891)

Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications, and web services.The vulnerability is due to an error in the Microsoft Visual...

openSUSE 10 Security Update : km_drm (km_drm-4484)

This update fixes the following issues: X Font Server buildrange Integer Overflow Vulnerability IDEF2708, X Font Server swapchar2b Heap Overflow Vulnerability IDEF2709, Composite extension buffer overflow. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

openSUSE 10 Security Update : libmusicbrainz (libmusicbrainz-2044)

This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. CVE-2006-4197 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

java: Vulnerability in the font parsing code

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

HTML files generated with Javadoc are vulnerable to a XSS

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2007-6354 · Oracle +1 · Jdk +3

Name of the Vulnerable Software and Affected Versions: sun jdk affected versions not specified sun jre affected versions not specified sun sdk affected versions not specified Description: Potential security vulnerabilities have been identified in Java Runtime Environment JRE and Java Developer Ki...

Unfixed XSS vulnerability at www.classicwebdevelopment.com

Security researcher OMEHA, has submitted on 10/05/2007 a cross-site-scripting XSS vulnerability affecting www.classicwebdevelopment.com, which at the time of submission ranked 4190254 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/05/2007. ...

Unfixed XSS vulnerability at www.yycc.net

Security researcher MaXWeL, has submitted on 10/03/2007 a cross-site-scripting XSS vulnerability affecting www.yycc.net, which at the time of submission ranked 536725 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/03/2007. It is currently...