Fedora 8 : kernel-2.6.23.8-63.fc8 (2007-3837)

Update to kernel 2.6.23.9-rc1: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.4 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.5...

Format string

frame.html in Aida-Web Aida Web allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the 1 Mehr and 2 SUPER parameters...

CVE-2007-6056

frame.html in Aida-Web Aida Web allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the 1 Mehr and 2 SUPER parameters...

[SECURITY] Fedora 7 Update: kdeutils-3.5.8-2.fc7

Utilities for the K Desktop Environment. Includes: ark tar/gzip archive manager; kcalc scientific calculator; kcharselect character selector; kdepasswd change password; kdessh ssh front end; kdf view disk usage; kedit simple text editor; kfloppy floppy formatting tool; kgpg gpg gui khexedit hex...

Ubuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/2.6.15/2.6.17 vulnerabilities (USN-416-1)

Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented IPv6 packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has has already been fixed for Ubuntu 6.10 in USN-395-1; this is the corresponding fix...

Ubuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities (USN-395-1)

Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will foll...

CVE-2002-2293

Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and 1 hitting the cancel button or 2 killing the screensaver from the task manager...

Unfixed Redirect vulnerability at www.karangturi.org

Security researcher Narcoticxs, has submitted on 30/09/2007 a Redirect vulnerability affecting www.karangturi.org, which at the time of submission ranked 2527778 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/10/2007. It is currently unfixe...

Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence

'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...

Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence

'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...

Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence

'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...

CVE-2007-3593

Multiple cross-site scripting XSS vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the 1 alpha parameter in a netflow/jspui/applicationList.jsp, the 2 task parameter in b netflow/jspui/appConfig.jsp, the 3 view parameter in c...

CVE-2007-3593

Multiple cross-site scripting XSS vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the 1 alpha parameter in a netflow/jspui/applicationList.jsp, the 2 task parameter in b netflow/jspui/appConfig.jsp, the 3 view parameter in c...

Exploit for eTrust Antivirus Agent r8

No description provided by source. / ---------------------------------------------------------------------- | 48Bits Advisory -=- Privilege Elevation in eTrust Antivirus Agent r8 | ---------------------------------------------------------------------- Affected versions :...

CVE-2007-2686

CVE-2007-2686 describes a Cross‑Site Scripting (XSS) vulnerability in Jetbox CMS 2.1. The flaw is in index.php, where an attacker can inject arbitrary web script or HTML via the login parameter in the sendpwd task. Affected product: Jetbox CMS 2.1. Reported impact per sources is XSS with potentia...

CA eTrust antivirus multiple security vulnerabilities

Local buffer overflow in task scheduler, remote buffer overflow in antiviral server TCP/12168...

CVE-2007-2523

CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions NULL security descriptor for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before...

CVE-2007-0732

Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to the Mach task port."...

CVE-2007-0732

CVE-2007-0732 affects Apple Mac OS X 10.4–10.4.9, via the CoreServices/CarbonCore subsystem. The vulnerability is a local privileges escalation caused by an unspecified flaw that allows a local user to obtain a send right to the Mach task port, enabling elevation of privileges. Affected component...

Internet cafe management software reproduction of vulnerability-vulnerability warning-the black bar safety net

Internet cafe management software is again exposed with the accounting loopholes, and this vulnerability than six months ago that the more concealed, by the operation, can achieve one hour of money for unlimited Internet access. Reported material said, in the stone floor of the bridge all the...