Mandriva Linux Security Advisory : netpbm (MDVSA-2010:039)

A vulnerability have been discovered and corrected in netpbm : Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via an XPM image file that contains...

CVE-2009-3302

filter/ww8/ww8par2.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."...

CVE-2009-4640

Array index error in vorbisdec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read...

Stack overflow

FFmpeg 0.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow...

CVE-2009-4633

vorbisdec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow...

CVE-2009-4637

FFmpeg 0.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow...

CVE-2010-0562

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an SSL X.509 certificate containing non-printabl...

VideoDB 3.0.3 - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38155/info VideoDB is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

CVE-2009-2624

The huftbuild function in inflate.c in gzip before 1.3.13 creates a hufts aka huffman table that is too small, which allows remote attackers to cause a denial of service application crash or infinite loop or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a...

CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading t...

CVE-2003-1576

Buffer overflow in pamverifier in Change Manager CM 1.0 for Sun Management Center SunMC 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2009-4248

Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and...

SuSE Update for krb5 SUSE-SA:2010:006

Check for the Version of krb5 OpenVAS Vulnerability Test SuSE Update for krb5 SUSE-SA:2010:006 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

CVE-2010-0364

Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle .ass file, probably involving the Dialogue field...

Heap overflow

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file...

Buffer overflow

Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted DNG image...

CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading t...

Gentoo Security Advisory GLSA 201001-06 (aria2)

The remote host is missing updates announced in advisory GLSA 201001-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2009-4614

MoA Gallery 1.2.0 and earlier are affected by multiple PHP remote file inclusion flaws. By supplying a URL in the MOA_PATH parameter to 18 PHP sources (e.g., _error_funcs.php, _template_parser.php, page_sitemap.php, etc.), an attacker can cause arbitrary PHP code execution on affected systems. Th...

Integer overflow

Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service heap memory corruption or possibly execute arbitrary code via a crafted SKP file...