Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

PYSEC-2011-10

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...

GroupWise Internet Agent < 8.0.2 HP1 Multiple Flaws

The version of GroupWise Internet Agent installed on the remote host is older than 8.0.2.11941 and hence affected by the following issues : - Multiple 'Content-Type' header parsing issues can result in arbitrary code execution on the remote system. ZDI-10-237 / ZDI-10-238 / ZDI-10-241 - Multiple...

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...

kernel: ipv6_hop_jumbo remote system crash

The ipv6hopjumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service NULL pointer dereference and kernel panic via a crafted IPv6 packet...

CVE-2009-0164

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks...

mail f/w system vulnerable to allow unauthorized email transmissionk

Overview mail f/w system is software that enables the the emailing of the contents of a form. A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers. Impact A remote attacker may...

Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpstk.dll library within the dhost.exe web interface of the eDirectory Host...