openSUSE 10 Security Update : seamonkey (seamonkey-5815)

This update brings the Mozilla SeaMonkey browser to version 1.1.13. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check...

Mozilla crash and remote code execution in nsFrameManager

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

Mozilla crash and remote code execution in nsFrameManager

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

Analysis of a php exploit code-exploit warning-the black bar safety net

A few days ago to see a period of interesting code, records. First introduced to the php in a famous function pregreplace, which prototype is: mixed pregreplace mixed pattern, mixed replacement, mixed subject , int limit This function is an interesting place to be: as long as the first parameter...

DEBIAN-CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...

Gentoo Security Advisory GLSA 200603-15 (crypt-cbc)

The remote host is missing updates announced in advisory GLSA 200603-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : opensc, opensc-devel (ZYPP Patch Number 5588)

This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization. CVE-2008-2235 NOTE: Already initialized cards are still vulnerable after this update...

Design/Logic Flaw

Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mtrand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681...

perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

Coppermine Photo Gallery <= 1.4.18 LFI / Remote Code Execution Exploit

Exploit for unknown platform in category web applications ====================================================================== Coppermine Photo Gallery authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is...

poppler library DoS

Problem with PDF file widgets initialization...

kernel security update

CentOS Errata and Security Advisory CESA-2008:0607 Updated kernel packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain...

RHEL 4 : kernel (RHSA-2008:0607)

Updated kernel packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating...

CVE-2008-2807

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file...

CVE-2008-1576

Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service application crash, or obtain sensitive information memory contents in opportunistic circumstances, b...

CVE-2008-1576

CVE-2008-1576 affects Mac OS X Mail prior to 10.5 when connecting to an IPv6 SMTP server. It involves an uninitialized memory buffer in the SMTP path that could allow remote code execution, memory disclosure, or a crash. The related OpenVAS/Nessus entries confirm Mail as the affected component an...

CVE-2008-1576

Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service application crash, or obtain sensitive information memory contents in opportunistic circumstances, b...

[NSG_28-5-08] CA Internet Security Suite 2008 &#40;UmxEventCli.dll/SaveToFile&#40;&#41;&#41; remote file corruption poc

!-- CA Internet Security Suite 2008 UmxEventCli.dll/SaveToFile remote file corruption poc by Nine:Situations:Group::surfista this control is safe for scripting and safe for initialize original one: http://retrogod.altervista.org/9sgCApoc.html -- htmlobject...

Stack overflow

Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control PSPUploader.ocx allow remote attackers to execute arbitrary code via unspecified initialization parameters...