[SECURITY] Fedora 7 Update: Django-0.96.1-1.fc7

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 8 Update: Django-0.96.1-1.fc8

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

DSA-1402-1 gforge - insecure temporary files

Bulletin has no description...

helios-xss.txt

Hi PacketStormSecurity.org; I'm reporting a vulnerability of type XSS in Helios Calendar, thank you for all. +==============================================================================+ + Helios Calendar =1.2.1 Beta XSS Multiple Remote Vulnerabilities +...

Microsoft Visual Studio PDWizard.ocx ActiveX Control Code Execution (CVE-2007-4891)

Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications, and web services.The vulnerability is due to an error in the Microsoft Visual...

openSUSE 10 Security Update : km_drm (km_drm-4484)

This update fixes the following issues: X Font Server buildrange Integer Overflow Vulnerability IDEF2708, X Font Server swapchar2b Heap Overflow Vulnerability IDEF2709, Composite extension buffer overflow. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

openSUSE 10 Security Update : libmusicbrainz (libmusicbrainz-2044)

This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. CVE-2006-4197 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

java: Vulnerability in the font parsing code

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

HTML files generated with Javadoc are vulnerable to a XSS

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2007-6354 · Oracle +1 · Jdk +3

Name of the Vulnerable Software and Affected Versions: sun jdk affected versions not specified sun jre affected versions not specified sun sdk affected versions not specified Description: Potential security vulnerabilities have been identified in Java Runtime Environment JRE and Java Developer Ki...

Unfixed XSS vulnerability at www.classicwebdevelopment.com

Security researcher OMEHA, has submitted on 10/05/2007 a cross-site-scripting XSS vulnerability affecting www.classicwebdevelopment.com, which at the time of submission ranked 4190254 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/05/2007. ...

Unfixed XSS vulnerability at www.yycc.net

Security researcher MaXWeL, has submitted on 10/03/2007 a cross-site-scripting XSS vulnerability affecting www.yycc.net, which at the time of submission ranked 536725 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/03/2007. It is currently...

XSS on Obedit v3.03

=============================================== Obedit v3.03 - XSS Vuln. =============================================== Author: Ishkur fuxxx0rz at gmail com Impact: XSS and Cookie Alert Patches: in development ------------------------------------------- Affected Software Description:...

obedit-xss.txt

=============================================== Obedit v3.03 - XSS Vuln. =============================================== Author: Ishkur Impact: XSS and Cookie Alert Patches: in development ------------------------------------------- Affected Software Description:...

kdm -- passwordless login vulnerability

The KDE development team reports: KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled...

SOL7923 - Cross-site scripting vulnerability in the logon page after enabling a pre-logon sequence - CVE-2007-6704

A cross-site scripting XSS vulnerability—CVE-2007-6704—exists in the FirePass logon page when a pre-logon sequence is enabled. The affected FirePass URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages,...

konquerer -- address bar spoofing

The KDE development team reports: The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL...

qt security update

CentOS Errata and Security Advisory CESA-2007:0883 Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and...

Directory traversal

Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...