Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox...

CuteNews 1.4.5 - show_news.php Cross-Site Scripting

CuteNews 1.4.5 - shownews.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21233/info CuteNews is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An...

GLSA-200611-03 : NVIDIA binary graphics driver: Privilege escalation vulnerability

The remote host is affected by the vulnerability described in GLSA-200611-03 NVIDIA binary graphics driver: Privilege escalation vulnerability Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the accelerated rendering functionality. Impact :...

Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser renders HTML with certain layout combinations. An attacker could exploit this issue to execute arbitrary code in the context of the affected browser. This...

seamonkey security update

CentOS Errata and Security Advisory CESA-2006:0734-01 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open...

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

CVE-2006-5758

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...

CVE-2006-5758

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...

CVE-2006-5758

CVE-2006-5758 is a local elevation of privilege vulnerability in the Windows Graphics Rendering Engine (GDI) across Windows 2000 SP4 and Windows XP SP2. The underlying issue is how GDI Kernel structures are mapped into a global shared memory section created with insecure permissions: the section ...

NVidia Linux二进制图形驱动缓冲区溢出漏洞

NVidia是世界领先的图形处理芯片和显卡制造商。 NVIDIA的二进制blob驱动在加速渲染glyphs（文本字符数据）时存在缓冲区溢出，允许攻击者向内存中的任意位置写入数据。 XRender扩展提供一个名为XRenderCompositeString8的客户端函数要求X服务器在屏幕上渲染glyphs。服务程序的ProcRenderCompositeGlpyhs函数会处理这个请求，从渲染请求中提取出glyphs，创建一个glyph列表，然后通过注册的回调函数调用图形驱动。...

Debian DSA-973-1 : otrs - several vulnerabilities

Several vulnerabilities have been discovered in otrs, the Open Ticket Request System, that can be exploited remotely. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3893 Multiple SQL injection vulnerabilities allow remote attackers to execute...

Debian DSA-911-1 : gtk+2.0 - several vulnerabilities

Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2975 Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to...

Debian DSA-1046-1 : mozilla - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...

Microsoft Windows / Internet Explorer 0-day vulnerability

Microsoft Vector Graphics Rendering Library vulnerability is used for hidden malware installation...

CVE-2006-4868

CVE-2006-4868: A stack-based buffer overflow in VGX.dll (VML processing) used by Microsoft Outlook and Internet Explorer on Windows XP SP2 enables remote code execution via a crafted VML rect tag with a long fill parameter. Affected: Internet Explorer/VML handling. Impact per sources: arbitrary c...

phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosures

phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosures source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure...

Sage 1.3.6 - Input Validation

source: https://www.securityfocus.com/bid/19928/info The application is prone to an input-validation vulnerability that allows malicious HTML and script code to be injected before it is used in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of t...

SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-004 Advisory Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Author : Peter Ferrie / [email protected]...

SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-004 Advisory Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Author : Peter Ferrie / [email protected]...

Buffer overflow

Buffer overflow in the ART Image Rendering component jgdw400.dll in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption...