Pardus Linux Security Advisory - A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
d16110974dcef3470fc6cbffe3e9a7f9caf390c6bd780e26c1c6afc0a50d92f1
Cisco Security Advisory - An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx Meeting Manager contains a buffer overflow vulnerability that may result in a denial of service or remote code execution. The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting. When users connect to the WebEx meeting service, the WebEx Meeting Manager is automatically upgraded to the latest version. There is a manual workaround available for users who are not able to connect to the WebEx meeting service.
284e969b22dcb41ef0ee69b3d14ee6b3bb42d74793934f4975f0905768ecb6ca
Zorum version 3.5 blind SQL injection exploit.
2b0dd46d06ebd61e35f125ca5bd9f7a139c3c1f40ed72b646f70fe4175eec016
Forensic Trade Shows, LLC is proud to announce two events for 2009. The Computer Forensics Show will meet the needs of industry professionals by providing detailed information regarding the changes and advancements in the IT security marketplace. Each event will highlight exhibits from some of the leading companies in the industry, complemented by a comprehensive conference program to provide attendees with important information about the latest technological advancement, ideas and practical information available today.
a663706e62227aa155a4a880960ed741b96ce7834d074370545881856541db67
Secunia Security Advisory - Red Hat has issued an update for postfix. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
26e5b93f1420f1afe82359972f67749e64fbfeb262620810c2d867f2b3b48324
Secunia Security Advisory - Red Hat has issued an update for yum-rhn-plugin. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
62669103159ce37e63fd39a870a3758074b13edc3f5d85ed82114db2bfe5eb73
Secunia Security Advisory - Gentoo has issued an update for postfix. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges.
c500bb971ee2c103bdc4a5fea4b85441a249449ab5f93ecfd5104473a3d0ca02
Secunia Security Advisory - rPath has issued an update for freetype. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise an application using the library.
d4a70c43191f294920299fabee34a27298eae9babe4c102613ab30c34e3be6bf
Secunia Security Advisory - A vulnerability has been reported in Symantec Veritas Storage Foundation, which can be exploited by malicious people to bypass certain security restrictions.
4904328c8b12a0701ab34855d708472fa882823670b64a313ac70f71d1200414
Secunia Security Advisory - A vulnerability has been reported in HAVP, which can be exploited by malicious people to cause a DoS (Denial of Service).
e9862edbe7fa90c7e03477c6c5db531c940c434010729e3aef49d115e314fd67
Secunia Security Advisory - Some vulnerabilities have been reported in xine-lib, which potentially can be exploited by malicious people to compromise a user's system.
02e56d325972f3bb9655d38bd84d80b35e7354c24c6e4f9163b8c365149fa57c
Secunia Security Advisory - Two vulnerabilities have been reported in Harmoni, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.
52f3ea07ad42a645bc8b301fe15d63bb3e42b9ccd4e0a5548ed42d9a659c960b
Secunia Security Advisory - A vulnerability has been reported in GnuTLS, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).
e5ae9e033314b0f364b930c8b10de894fd1714f6596d4abb6fc52b139b667867
Secunia Security Advisory - A vulnerability has been reported in Mktemp, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
fb1fb4aef3c53145d247161bf89cb553722b42d723d8a2ce692a1939966f577d
Gentoo Linux Security Advisory GLSA 200808-12 - Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this can lead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Versions less than 2.5.3-r1 are affected.
d497bc162a46389e6722a35709f7ab1c3bd832aedc68b2878c475b7a46f79038
This document aims to raise awareness about the many security threats based on the IP protocol, those that we are currently facing, and those we may still have to deal with in the future. It provides advice for the secure implementation of the IP, and also insights about the security aspects of the IP that may be of help to the Internet operations community.
d32ba62cbedc3f111b56160738e51c8e5893201d8d65bdbb0a87c1efae6be3dd
Symantec Security Advisory - It is possible to circumvent the security patch that resolved a previously identified authentication bypass, remote code execution vulnerability in the Veritas Storage Foundation for Windows version 5.0 Volume Manager Scheduler Service. Successful exploitation could result in potential compromise of the targeted system.
cc2bd91daf243365afc7b9922ff500bf1b63b422140d1e5641709fbb7c025089
A vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user.
3652171caf78ee8bd5e8d4dffd1352e18b45cce0e160d428be5706660113a647
A vulnerability allows remote attackers to deny services on vulnerable installations of OpenLDAP. Authentication is not required to exploit this vulnerability. The specific flaw exists in the decoding of ASN.1 BER network datagrams. When the size of a BerElement is specified incorrectly, the application will trigger an assert(), leading to abnormal program termination.
826dd8760f58a7442033869b73442fa313eff4808ff2cf50406dfb60620980f0
SUSE Security Announcement - The SuSE Security-Team has found two critical issues in the code for openwsman. Two remote buffer overflows while decoding the HTTP basic authentication header exist and a possible SSL session replay attack affecting the client exists.
1b8fcd5682a7cf47d644d8c7af1a82a9ef7996b63316f6aaacb337171c13ac8b