CVE-2008-4555

Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitrary code via a DOT file with a large number of Agrapht...

SA-2008-022 - Flickr - Cross site scripting

The Flickr module allows one to access photos on one's site via the Flickr API. The module provides a filter for inserting photos and photosets and blocks for a user's recent photos and photosets. Several values are displayed without being escaped, which enables users to inject arbitrary HTML and...

DSA-1462-1 hplip - missing input sanitising

Bulletin has no description...

Inkscape: Two format string vulnerabilities

Background Inkscape is a vector graphics editor, using Scalable Vector Graphics SVG Format. Description Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format...

CVE-2007-1741

Multiple race conditions in suexec in Apache HTTP Server httpd 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that th...

CVE-2007-0802

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter...