[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02029444 Version: 1 HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS, Denial of Service DoS, Execution of Arbitrary Code,...

Debian DSA-2025-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does...

openSUSE Security Update : sudo (sudo-2083)

This update fixes two security issues : - CVE-2010-0427:CVSS v2 Base Score: 6.6 Sudo failed to properly reset group permissions, when 'runasdefault' option was used. If a local, unprivileged user was authorized by sudoers file to perform their sudo commands under default user account, it could le...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:051)

A vulnerability has been found and corrected in mozilla-thunderbird : Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by...

Debian DSA-1877-1 : mysql-dfsg-5.0 - denial of service/execution of arbitrary code

In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld allow remote authenticated users to cause a denial of service daemon crash and potentially the execution of arbitrary code via format string specifiers in a...

Debian DSA-1868-1 : kde4libs - several vulnerabilities

Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers...

Debian DSA-1983-1 : wireshark - several vulnerabilities

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4377 A NULL pointer dereference wa...

CVE-2010-0655

Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site...

Microsoft IIS Server Crafted ASP Page Buffer Overflow (MS06-034; CVE-2006-0026)

Microsoft Internet Information Services IIS is a multi-featured server product that ships with all versions of Microsoft Windows 2000, XP and Server 2003. The product provides FTP, SMTP, NNTP and HTTP services. The HTTP component, known as the WWW Publishing Service, allows for the serving of...

Internet Explorer Page Refresh Uninitialized Memory Corruption (MS09-072; CVE-2009-3673)

Microsoft Internet Explorer is the most widely used Internet browser. A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigge...

Gentoo Security Advisory GLSA 200911-03 (c-client uw-imap)

The remote host is missing updates announced in advisory GLSA 200911-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Python < 2.5.2 Imageop Module 'imageop.crop()' BOF Vulnerability

Exploit for unknown platform in category dos / poc ============================================================================ Python 2.5.2 Imageop Module 'imageop.crop' Buffer Overflow Vulnerability ============================================================================ Title: Python 2.5.2...

FreeBSD : opera -- multiple vulnerabilities (2fda6bd2-c53c-11de-b157-001999392805)

Opera Team Reports : - Fixed an issue where certain domain names could allow execution of arbitrary code, as reported by Chris Weber of Casaba Security - Fixed an issue where scripts can run on the feed subscription page, as reported by Inferno %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

DSA-1922-1 xulrunner - several vulnerabilities

Bulletin has no description...

FreeBSD : Xpdf -- Multiple Vulnerabilities (8581189c-bd5f-11de-8709-0017a4cccfc6)

SecurityFocus reports : Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. 1 Multiple integer overflows in 'SplashBitmap::SplashBitmap' can be exploited to cause heap-based buffer overflows. 2 An integer overflow...

Mandriva Linux Security Advisory : graphicsmagick (MDVSA-2009:261)

A vulnerability has been found and corrected in GraphicsMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer...

SuSE 11 Security Update : Kerberos (SAT Patch Number 738)

Clients sending negotiation requests with invalid flags could crash the kerberos server. CVE-2009-0845 GSS-API clients could crash when reading from an invalid address space. CVE-2009-0844 Invalid length checks could crash applications using the kerberos ASN.1 parser. CVE-2009-0847 Under certain...

GLSA-200909-13 : irssi: Execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200909-13 irssi: Execution of arbitrary code Nemo discovered an off-by-one error leading to a heap overflow in irssi's eventwallops parsing function. Impact : A remote attacker might entice a user to connect to a malicious IRC...

DSA-1885-1 xulrunner - several vulnerabilities

Bulletin has no description...

DSA-1877-1 mysql-dfsg-5.0 - arbitrary code

Bulletin has no description...