Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. Attackers can exploit these...

libxine -- buffer overflow vulnerability

xine project reports: A new xine-lib version is now available. This release contains a security fix remotely-expoitable buffer overflow, CVE-2008-0225. It also contains a read-past-end fix for an internal library function which is only used if the OS does not supply it and a rendering fix for...

[SECURITY] Fedora 7 Update: imlib-1.9.15-6.fc7

Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. The imlib package...

[SECURITY] Fedora 8 Update: imlib-1.9.15-6.fc8

Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. The imlib package...

AOL Instant messenger code execution

Microsoft Internet Explorer control is used for HTML content rendering without limiting zone access...

USN-550-3: Cairo regression

USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. We apologize for the...

[SECURITY] Fedora 8 Update: poppler-0.6.2-1.fc8

Poppler, a PDF rendering library, it's a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC...

[SECURITY] Fedora 8 Update: gtkmozembedmm-1.4.2.cvs20060817-17.fc8

This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software...

[SECURITY] Fedora 7 Update: epiphany-2.18.3-5.fc7

epiphany is a simple GNOME web browser based on the Mozilla rendering engine...

[SECURITY] Fedora 7 Update: gtkmozembedmm-1.4.2.cvs20060817-14.fc7

This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software...

RHEL 5 : poppler (RHSA-2007:1026)

Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop...

Important: Red Hat Security Advisory: poppler security update

Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop...

Fedora 7 : qt-3.3.8-7.fc7 (2007-2216)

Mon Sep 17 2007 Than Ngo - 1:3.3.8-7 - bz292941, CVE-2007-4137 - Wed Aug 29 2007 Than Ngo - 1:3.3.8-6.fc7.1 - cleanup security patch - Tue Aug 28 2007 Than Ngo - 1:3.3.8-6.fc7 - CVE-2007-3388 qt3 format string flaw - Thu Jun 14 2007 Than Ngo - 1:3.3.8-5.fc7.1 - backport to fix bz243722, bz244148,...

SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)

This kernel update brings the kernel to the one shipped with SLES 10 Service Pack 1 and also fixes the following security problems: - CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network...

Moderate: kdelibs security update

3.5.4-13.el5.0.1 - Remove Version branding - Maximum rpm trademark logos removed pics/crystalsvg/-mime-rpm 3.5.4-13.el5 - Resolves: 293571 CVE-2007-0537 Konqueror improper HTML comment rendering CVE-2007-1564 FTP protocol PASV design flaw affects konqueror 3.5.4-12.el5 - resolves: 293421,...

i965 DRM allows insecure packets

The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager DRM to write to arbitrary memory locations and gain privileges via a crafted batchbuffer...

USN-510-1: Linux kernel vulnerabilities

A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. CVE-2007-2525 An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel...

CVE-2007-3033

Cross-site scripting XSS vulnerability in Windows Vista Feed Headlines Gadget aka Sidebar RSS Feeds Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zo...

CVE-2007-3034

Integer overflow in the AttemptWrite function in Graphics Rendering Engine GDI on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile image with a large record length value, which triggers a heap-based buffer overflow...

CVE-2007-3034

Integer overflow in the AttemptWrite function in Graphics Rendering Engine GDI on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile image with a large record length value, which triggers a heap-based buffer overflow...