Debian DSA-1046-1 : mozilla - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...

CVE-2006-3868

Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag...

FreeBSD : freetype -- LWFN Files Buffer Overflow Vulnerability (b975763f-5210-11db-8f1a-000a48049292)

SecurityTracker reports : A vulnerability was reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted font file that, when loaded by the target user's system, will trigger an integer underflow or integer...

US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-270A Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability Original release date: September 27, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows...

CVE-2006-5020

CVE-2006-5020 affects SolidState 0.4 and earlier, exposing multiple PHP remote file inclusion vulnerabilities. An attacker can remote-execute PHP code by supplying a crafted URL in the base_path parameter to a long list of manager/pages scripts (e.g., AccountsPage.*, AddInvoicePage.class.php, etc...

CVE-2006-4694

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and...

CVE-2006-4905

PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function...

CVE-2006-4869

PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallerypath parameter...

CVE-2006-4828

PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PPPATH parameter...

CVE-2006-3454

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in 1 Tamper Protection and 2 Virus Alert Notification messages...

USN-344-1: X.org vulnerabilities

iDefense security researchers found several integer overflows in X.org's font handling library. By using a specially crafted Type1 CID font file, a local user could exploit these to crash the X server or execute arbitrary code with root privileges...

CVE-2006-4559

CVE-2006-4559 describes multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 and earlier. The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL in the context[path_to_root] parameter to several PHP endpoints, including art...

Easy Address Book Web Server Query Remote Format String

It appears that the remote web server is affected by a remote format string issue. Using a specially crafted URL containing a format string specifier, an unauthenticated, remote attacker can crash the affected application and possibly execute arbitrary code on the remote host. %NASLMINLEVEL 70300...

CVE-2006-4489

Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 1.2.2 allow remote attackers to execute arbitrary PHP code via 1 a URL in the configincludedir parameter in actions/ipn.php or 2 an FTP path in the configplugindir parameter in include/initPlugins.php...

CVE-2006-4489

Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 1.2.2 allow remote attackers to execute arbitrary PHP code via 1 a URL in the configincludedir parameter in actions/ipn.php or 2 an FTP path in the configplugindir parameter in include/initPlugins.php...

CVE-2006-4429

PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier Build 3.04.04 allows remote attackers to execute arbitrary PHP code via a URL in the PMpathhandler parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a...

CVE-2006-4428

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include...

EUVD-2006-4270

PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component commambowiki 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter...

CVE-2006-4236

Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the 1 shopid parameter to a s01.php, b s02.php, c s03.php, and d s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATHINFO...

CVE-2006-4197

Multiple buffer overflows in libmusicbrainz aka mbclient or MusicBrainz Client Library 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service crash or execute arbitrary code via 1 a long Location header by the HTTP server, which triggers an overflow in th...