A remotely exploitable denial of service vulnerability exist in WebSM.
A vulnerability in the BIND could allow a remote attacker to cause a denial of service.
A vulnerability in the Perl interpreter may allow a local user to execute arbitrary code as another user.
Patches are available now.

A security vulnerability in the kadm5 library shipped with Solaris may allow a remote authenticated user to command a host running kadmind(1M) and execute arbitrary code with the privileges of the kadmind process (usually 'root').
A security vulnerability in the inetd(1M) service may allow a local unprivileged user the ability to shut down the inetd daemon process, causing a Denial of Service (DoS) to all internet services managed by the inetd(1M) process on the system.
A security vulnerability in the in.iked(1M) service for Solaris 9 may allow an unprivileged local or remote user to crash the in.iked(1M) daemon, causing a Denial of Service (DoS) to IPsec protected network traffic.
Patches are available now.

The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Fixed software is available now.

Avast! antivirus contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute code a vulnerable system. An update is available now.

A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials.
An out of bounds memory read flaw was discovered in Quagga's bgpd. A configured peer of bgpd could cause Quagga to crash, leading to a denial of service.
An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution.
If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content.
Fixed packages are available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages net-snmp, vim, kdebase3, and mod_perl. Updated packages are available now and should be installed on vulnerable systems.

Two vulnerabilities were found in Apple QuickTime. Fixed software is available now.

A security vulnerability in the NFS client module related to the handling of acl(2) packets may allow a local or remote unprivileged user to cause an NFS server to panic, leading to a Denial of Service (DoS) condition.
When the System Management Agent (SMA) SNMP daemon (snmpd(1M)) is running in "master agentx" mode, a security vulnerability may allow a local or remote unprivileged user to create a Denial of Service (DoS) condition by causing a particular TCP disconnect.
Patches are available now.

A Cross Site Scripting (CSS or XSS) vulnerability in the Sun Java System Messaging Server may allow an unprivileged remote user the ability to execute arbitrary JavaScript commands in a client user's Internet Explorer web browser. A patch is not available yet.

It was discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user.
It was discovered that the Open Ticket Request System performs insufficient input sanitising for the Subaction parameter, which allows the injection of arbitrary web script code.
Fixed packages are available now.

Sun Microsystems Java System is a bundle of server applications. One such server application included is the Web Proxy Server, offering services for HTTP and SOCKS. The daemon for SOCKS shows a vulnerability which can be exploited remotely by attackers. It leads to the execution of arbitrary commands with superuser privileges. Version 4.0.5 is available now, solving this problem.

The Cisco CallManager has a web interface, which has some mechanisms against possible attacks. It is possible to integrate external resources when filling out fields, so Cross-Site Scripting might be possible. Cisco has published a patch to improve the web interface.

Apple has published the security update for May 2007. It fixes many potential vulnerabilities, also critical problems. It's recommended to update systems running OSX.

A security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code. A patch is available now.

A buffer overflow was found in file. A patch is available now.

A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. Cisco has made free software available to address these vulnerability.

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. Cisco has made free software available to address these vulnerability.

The BES daemon in OPeNDAP server version 4 contains a vulnerability which may allow an attacker to execute arbitrary commands or upload files to a remote server. Fixed software is available now.

Two buffer overflows were found in tetex. Fixed packages are available now.

A stack overflow bug was discovered in The GIMP RAS file loader. An attacker could create a carefully crafted file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. Fixed software is available now.

A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messges on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message
The APOP functionality in evolutions's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications.
Fixed packages are available now.

A security vulnerability has been identified with HP Tru64 UNIX running Secure Shell (SSH). The vulnerability could be exploited remotely by an unauthorized user to identify valid users. A patch is available now.

A ecurity vulnerability has been identified with HP Systems Insight Manager (SIM) for Windows. The vulnerability could be exploited to allow remote privileged access and arbitrary code execution. An update is available now.

A vulnerability has been discovered in mod_security, allowing a remote attacker to bypass rules Fixed software is available now.

The latest patches for Microsoft are needed to be installed when using the SMA. It's strongly recommended to install these hotfixes from Microsoft.

The APOP functionality in fetchmail's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications. Fixed packages are available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages apache, gimp, and zope. Updated packages are available now and should be installed on vulnerable systems.

Several local and remote vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to a denial of service attacks. Fixed packages are available now.

A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines.
A denial of service bug was discovered in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs.
A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.
Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail.
Fixed packages are available now.

It was discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon.
Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation.
Fixed packages are available now.

The software mentioned above includes the ISAlertDataCOM ActiveX control which shows a stack buffer overflow. Due to this, a remote attacker might be able to execute arbitrary code on a vulnerable system. Symantec provides a patch through their LiveUpdate mechanism and other channels.

The libpng library can be used to allow other applications to render PNG images. It contains a Denial-of-Service vulnerability, so if a malformed PNG file is viewed with a browser, it will crash. The libpng team has released a patch for libpng 1.0.25 and 1.2.17 to address this vulnerability.

A bug was discovered in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. Fixed packages are available now.

The bluez-utils package contains Bluetooth daemons and utilities. A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker would have been able to inject keyboard and mouse events via a Bluetooth connection without any authorization. Fixed packages are available now.

There are several vulnerabilities in Tomcat that could allow a remote attacker to perform cross-site scripting attacks.. Fixed packages are available now.

A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server.
A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh.
Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
Fixed software is available now.

Several local and remote vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to a denial of service or the execution of arbitrary code.
It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.
Fixed packages are available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages postgresql, pptpd, freeradius, and xfsdump. Updated packages are available now and should be installed on vulnerable systems.

SGI has released the Security Update #74 for SGI Advanced Linux Environment 3. These updates fix an already known security related problems in cups, freetype, openoffice.org, php, postgresql, and screensaver.
So it's recommended to install this update.

Darwin Streaming Server is a server technology that facilitates streaming of QuickTime data to clients across the Internet using the industry standard RTP and RTSP protocols. Remote exploitation of multiple buffer overflow vulnerabilities in Apple Inc.'s Darwin Streaming Proxy allows attackers to execute arbitrary code with the privileges of running service, usually root. Due to insufficient sanity checking, a stack-based buffer overflow could occur while trying to extract commands from the request buffer. The "is_command" function, located in proxy.c, lacks bounds checking when filling the 'cmd' and 'server' buffers. Additionally, a heap-based buffer overflow could occur while processing the "trackID" values contained within a "SETUP" request. If a request with more than 32 values is encountered, memory corruption will occur. Apple has addressed this vulnerability by releasing version 5.5.5 of Darwin Streaming Server.

NetMail is an E-Mail and calendar system. A vulnerability exists within the SSL version of the "NMDMC.EXE" service. The application does not perform sufficient input validation when copying data into a fixed size stack buffer. When processing a specially crafted request made to this service, a stack-based buffer overflow occurs leading to corruption of program control registers saved on the stack. So attackers might be able to execute own code with the privileges of the service. Novell has addressed this vulnerability in the beta release of Novell NetMail 3.52f.

Local exploitation of a design error vulnerability in the srsexec binary optionally included in Sun Microsystems Inc., Solaris 10 allows attackers to gain access to sensitive information, such as the root password hash. A patch is available now.

Local exploitation of a buffer overflow vulnerability in Computer Associates International Inc.'s (CA) eTrust Antivirus allows attackers to execute arbitrary code with SYSTEM privileges. A patch is available now.

Remote exploitation of a design error vulnerability in an ActiveX control installed by Symantec Norton Internet Security 2006 could allow for the execution of arbitrary code. A patch is available now.

Trend Micro ServerProtect contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. A patch is available now.

Updated kernel packages that fix several security issues in the Linux kernel are available now.

The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's safed configuration. This configuration file may include passwords or other sensitive information. Cisco has made free software available to address these vulnerability.

A format string bug was found in the way Evolution parsed the category field memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. Fixed packages are available now.

A security vulnerability in Solaris 10 related to the acl(2) system call may allow a local unprivileged user to cause the system to panic, resulting in a denial of service (DoS) to the system. A patch is available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim. Fixed software is available now.

Several Denial-of-Service vulnerabilities were found in multiple VMware products. Fixed software is available now.

It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. Fixed packages are available now.

Several security vulenrabilities were found in the PHP packages. Fixed packages are available now.

Two vulnerabilities have been identified in ldap-account-manager. An untrusted PATH vulnerability could allow a local attacker to execute arbitrary code with elevated privileges by providing a malicious rm executable and specifying a PATH environment variable referencing this executable. Improper escaping of HTML content could allow an attacker to execute a cross-site scripting attack (XSS) and execute arbitrary code in the victim's browser in the security context of the affected web site. Fixed packages are available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages ekiga, gnomemeeting, xscreensaver, cups, and quagga. Updated packages are available now and should be installed on vulnerable systems.

LiveData Protocol Server is used in SCADA environments to record and transmit data to other control points in process control networks. The LiveData server includes a HTTP server that offers a SOAP interface to the product. The Protocol Server shows a remotely exploitable heap overflow, which leads to a Denial-of-Service or even the execution of arbitrary code with the privileges of SYSTEM. It is triggered by specially crafted requests to the service on port 8080. An update is available now.

Axis Communications provides an ActiveX control for viewing motion JPEG streams in Microsoft development tools and Microsoft Internet Explorer. The ActiveX control, provided by AxisCamControl.ocx, is known as "CamImage" or "Axis Camera Control". The SaveBMP() method of this control contains a stack buffer overflow. So an attacker may be able to achieve a Denial-of-Service or even execute arbitrary code with the privileges of the user. An update addresses this issue.

A security vulnerability has been identified in the ProCurve Series 9300m Switches. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS). Fixed firmware is available now.

A security vulnerability has been identified with the HP Tru64 UNIX Operating System running the ps command. The ps command could be used to disclose information about a process's arguments and environmental variables that might be exploited by a local, authorized user. A patch is available now.

A format string bug was found in the way Evolution parsed the category field in a memo. If a user tried to save and then view a carefully crafted memo, arbitrary code may be executed as the user running Evolution. Fixed packages are available now.

Multiple vulnerabilities exist in the Cisco Adaptive Security Appliance (ASA) and PIX security appliances. Cisco has made free software available to address these vulnerability.

Remote exploitation of multiple vulnerabilities in the Internet Relay Chat (IRC) module of Cerulean Studios' Trillian could allow for the interception of private conversations or execution of code as the currently logged on user. Fixed software version is available now.

A local or remote unprivileged user may be able to cause the Sun Java System Directory Server to crash. This is a Denial of Service (DoS) due to a "Ber decoding" issue in the LDAP Software Development Kit (SDK) for C. A patch is available now.

A security vulnerability in Java Web Start may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files that are accessible to the user running the Java Web Start application. Fixed software is available now.

The "Shared Folders" feature of VMware Workstation allows folders on the physical "host" system to be shared with virtual "guest" systems. Due to a flaw in the code which validates that the filename is safe, an attacker or malicious code within the guest system can read or write files on the host system in the context of the user running Workstation. Fixed software version is available now.

A vulnerability was found in Apple QuickTime. Fixed software is available now.

The BGP routing daemon in Quagga did not properly validate length values in NLRI attributes which could allow a remote attacker to cause a denial of service via a crafted UPDATE message that triggered an assertion error or out of bounds read. Fixed packages are available now.

Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service.
Several vulnerabilities have been discovered in wordpress.
Several local and remote vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to a denial of service or the execution of arbitrary code.
Fixed packages are available now.

A flaw was discovered in the way XScreenSaver verifies user passwords. When a system is using a remote directory service for login credentials, a local attacker may be able to cause a network outage causing XScreenSaver to crash, unlocking the screen. Fixed software is available now.

Red Hat Enterprise Linux 4 Update 5 fixes several vulnerabilities in various packages. Affected are unzip, w3c-libwww, gcc, gdb, util-linux, util-linux, busybox, cpio, sendmail, openssh, shadow-utils, gdm, and openldap.

A security vulnerability has been identified with HP-UX running HP Power Manager Remote Agent (RA). The vulnerability could be exploited by a local authorized user to execute arbitrary code with the privileges of the root user. A patch is available now.

Updated kernel packages that fix several security issues in the Linux kernel are available now.