finch, libpurple, pidgin security update

CentOS Errata and Security Advisory CESA-2010:0788 Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVS...

Moderate: Red Hat Security Advisory: pidgin security update

Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Fedora 14 : glibc-2.12.90-17 (2010-16308)

Implement accurate fma BZ3268, 43358 - Fix alignment of AVX save area on x86-64 BZ12113 - Fix regex memory leaks BZ12078 - Improve output of psiginfo BZ12107, BZ12108 - Don't return NULL address in getifaddrs BZ12093 - Fix strstr and memmem algorithm BZ12092, 641124 - Don't discard result of...

MS10-070 ASP.NET Padding Oracle File Download

Exploit for asp platform in category remote exploits ============================================= MS10-070 ASP.NET Padding Oracle File Download ============================================= !/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved...

ecshop modify any user password vulnerability XSS exploit-vulnerability warning-the black bar safety net

Currently ecshop presence of the reflection typeXSS, you can use, if the secondary development existXSSor other CSRF problem, then use more. Once encountered this problem, slightly affected by its damage） ByXSSstructure post submission of personal information is modified, the modification is...

Ученым удалось расшифровать геном южных комаров

14:33 01.10.2010 Ученым удалось расшифровать геном южных комаров, способных быть переносчиками таких заболеваний, как малярия, энцефалит, лихорадка Западного Нила, филяриатоз и другие смертельно опасные заболевания. При помощи исследования полученного генного материала исследователи надеются...

ImageMagick security and bug fix update

6.2.8.0-4.el55.2 - Fix SGI image decoding 625058 6.2.8.0-4.el55.1 - Add fix for CVE-2009-1882 504304...

Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish

intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting XSS attacks via crafte...

CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

Microsoft Exchange and Outlook TNEF Decoding Integer Overflow (CVE-2006-0002)

A buffer overflow vulnerability exists in the way Microsoft Exchange and Microsoft Outlook process TNEF encoded messages. When the TNEF decoder used by these products processes a TNEF object record with a large size value, an integer overflow can occur. An attacker potentially can exploit this...

Internet Explorer HTML Decoding Memory Corruption (CVE-2006-2382)

Microsoft Internet Explorer IE is the most widely used web browser application. The browser supports various languages as well as most of the known character sets. Character sets define the character encoding used in an HTML page. Languages that have more characters than the ASCII set defines nee...

JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

xen: emulator instruction decoding inconsistency

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux RHEL 5 allows guest OS users to cause a denial of service 32-bit guest OS crash via vectors that trigger an unspecified instruction emulation...

Spammers Outsource CAPTCHA Decoding

Faced with stricter Internet security measures like CAPTCHAS, some spammers have begun borrowing a page from corporate America’s playbook: they are outsourcing. Read the full article. The New York Times...

Heap overflow

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

CVE-2010-0849

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

Debian DSA-2025-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does...

DSA-2025-1 icedove - several vulnerabilities

Bulletin has no description...

gnutls: gnutls_x509_crt_get_serial incorrect serial decoding from ASN1 (BE64) [GNUTLS-SA-2010-1]

The gnutlsx509crtgetserial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1readvalue with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list CRL check and cau...