A vulnerability has been identified in Citrix Secure Gateway 3.1.4, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an unspecified error which could result in arbitrary code being executed on the server in the context of the Secure Gateway process. An upgrade to Citrix Secure Gateway version 3.1.5 solves this problem.

A vulnerability allows remote attackers to compromise the archive records on installations of HP StorageWorks File Migration Agent. The flaw exists within the HsmCfgSvc.exe service responsible for managing archive stores. The archive manager is susceptible to tampering due to a failure to enforce authentication from remote users. An attacker could exploit this flaw to compromise the server managing the archives and arbitrarily modify the archive data store under the context of the File Migration Agent software. A workaround is described in the advisory.

It has been found that missing range checks in Samba's file descriptor handling could lead to memory corruption, resulting in Denial-of-Service (DoS). For some releases, patches are available now.

A cross-site scripting (XSS) and path disclosure vulnerability have been found in the WebReporting module of F-Secure Policy Manager 8.x and 9.x. F-Secure recommends that administrators of the affected systems patch or upgrade their systems.

It has been discovered that pam-pgsql, a PAM module to authenticate using a PostgreSQL database, is vulnerable to a buffer overflow in supplied IP-addresses. Avahi is an implementation of the zeroconf protocol. It can be crashed remotely by a single UDP packet, which may result in a Denial-of-Service (DoS). Updated packages are available now.

WinMerge is an Open Source tool for merging and managing files and folders. WinMerge is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing certain files. By persuading a victim to open a specially-crafted .winmerge file, a remote attacker could overflow a buffer and execute arbitrary code on the system. A patch is currently not available.

A vulnerability in the XMLSecDB ActiveX control, installed with HIPSEngine component, might allow the execution of arbitrary code on systems running CA Internet Security Suite 2010. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user. A patch is available now.

Two vulnerabilities have been found in Cisco Secure Desktop. Both might allow remote code execution. Two flaws exist within CSDWebInstaller.ocx ActiveX control, allowing remote attackers to exploit these vulnerabilities to execute arbitrary code on vulnerable systems. A patch is currently not available.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. The flaw exists within the XNFS.NLM component which listens by default on UDP port 1234. When handling the an NFS RPC request the xdrDecodeString function uses a user supplied length value to null terminate a string. This value can be signed allowing the NULL byte to be written at an arbitrary address. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system. Novell has issued an update to correct this vulnerability.

A vulnerability exists in the Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers that may cause the Cisco FWSM to reload after processing a malformed Skinny Client Control Protocol (SCCP) message. Devices are affected when SCCP inspection is enabled. Cisco has released free software updates that address this possibility for a Denial-of-Service (DoS).

No further comment due to legal reasons

Several vulnerabilities have been found in Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch, Cisco TelePresence Manager, and Cisco TelePresence Endpoint Devices. They might lead to a Denial-of-Service (DoS), unauthorized access, the execution of arbitrary code, an administrator compromise as well as the modification or overwriting of arbitrary files. Cisco has released free software updates that address these vulnerabilities.

Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple vulnerabilities:
- Transparent Firewall Packet Buffer Exhaustion Vulnerability
- Skinny Client Control Protocol (SCCP) Inspection Denial-of-Service vulnerability
- Routing Information Protocol (RIP) Denial-of-Service vulnerability
- Unauthorized File System Access Vulnerability
These vulnerabilities are independent. A release that is affected by one vulnerability is not necessarily affected by the others. Cisco has released free software updates that address these vulnerabilities.

Red Hat Network Satellite Server (RHN Satellite Server) is a system management tool for Linux-based infrastructures. Updated packages that fix two security issues are now available for Red Hat Network Satellite Server 5.4.

IBM WebSphere Portal software provides a framework and the advanced tooling needed to build SOA-based solutions. This IBM WebSphere Portal Server is vulnerable to data leakage caused by missing input validation on inputted entry path transmitted via XML. An attacker with valid login credentials could leverage this vulnerability to retrieve system information, such as /etc/passwd. Patches are available now.

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the full name or username field in a confirmation message.
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a Denial-of-Service (DoS) via an empty IPv4 or IPv6 UDP packet to port 5353.
Updated packages have been patched to correct these issues.

A new SUSE Security Summary reports about vulnerabilities in the packages exim, krb5, git, and dbus-1. Updated packages are available now and should be installed on vulnerable systems.

Updated Red Hat Directory Server and related packages that fix three security issues are now available for Red Hat Directory Server 8.2.

Updated kernel packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.

Several vulnerabilties have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS. Updated packages are available now.

Asterisk is an open source PBX and telephony toolkit. When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable. The UDPTL decoding routines have been modified to respect the limits of exploitable arrays.

When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a Denial-of-Service (DOS). Users of BIND 9.7.1 or 9.7.2 should upgrade to BIND 9.7.3. Version 9.5 isn't supported any more, version 9.8 is not vulnerable.

Avira AntiVir is vulnerable to a Denial-of-Service, caused by an error in the avcenter.exe. By persuading a victim to open a specially-crafted QUA file, a remote attacker could exploit this vulnerability to cause the application to crash. An update is currently not available.

A flaw exists within the temporary file naming scheme used by RealPlayer for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. RealNetworks has issued an update to correct this vulnerability.

A buffer overflow in the SIP channel driver of Asterisk, an open source PBX and telephony toolkit, might could lead to the execution of arbitrary code. Updated packages are available now.

PHP is vulnerable to a Denial-of-Service (DoS), caused by a NULL pointer dereference in the grapheme_extract() function. An attacker can exploit this vulnerability to cause a Denial-of-Service. A patch is available now.

A vulnerability in F-Secure Internet Gatekeeper for Linux 3.x allows attackers to gain unauthorized access to information stored in log files. It's recommended to upgrade to version 4.x. A hotfix is provided for installations where upgrade is not possible.

A potential security vulnerability has been identified with HP-UX running CDE Calendar Manager. The vulnerability could be exploited remotely to execute arbitrary code. HP has provided patches to resolve this vulnerability.

Two cross site scripting vulnerabilities were been discovered in mailman, a web-based mailing list manager. They allow an attacker to retreive session cookies via inserting crafted JavaScript into confirmation messages and in the list admin interface.
Updated packages are available now.

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML.
The script awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. Further on, a directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.
Updated packages have been patched to correct these issues.

The Dell DellSystemLite.Scanner ActiveX control (DellSystemLite.ocx) could allow a remote attacker to traverse directories on the system by sending a specially-crafted URL request to the GetData() method containing directory traversal sequences in the fileID parameter to view arbitrary files on the system. Further on, by persuading a victim to visit a specially-crafted Web page that passes an overly long string argument to the WMIAttributesOfInterest unsafe property, a remote attacker could exploit this vulnerability to assign arbitrary WMI Query Language (WQL) statements and obtain sensitive information. No patches are currently available.

Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by Native Instruments USB audio devices. By sending an overly long USB device name string, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. A patch for this vulnerability is available from the Linux Kernel GIT Repository.

The Linux 2.6 kernel shows many vulnerabilities. They can be fixed now bei installing upgraded kernel packages.

A potential vulnerability has been identified with HP NonStop Servers running NonStop Java. The vulnerability could be remotely exploited to create a Denial-of-Service (DoS). HP has made a software tool available to resolve the vulnerability.

A critical class library security vulnerability in the Java Runtime Environment has been found. It hangs when it converts "2.2250738585072012e-308" to a binary floating-point number. This problem affects DB2 for Linux, UNIX and Windows, leading to a Denial-of-Service (DoS). IBM offers an interim solution until the next DB2 fix pack is available.

A vulnerability has been found in Novell ZenWorks TFTPD. The flaw exists within the novell-tftp.exe component which listens by default on UDP port 69. When handling a request the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the ZenWorks user. Novell has provided an update to correct this vulnerability.

Updated packages for OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit (java-1.6.0-openjdk) that fix security issues are now available for Red Hat Enterprise Linux. Further on, also an upgrade for java-1.6.0-sun is available.

A vulnerability was found in the Drupal third-party module Messaging allows remote Cross-Site Scripting (XSS) attacks. Fixed software is available now. Please be aware that Drupal core is not affected.

Updated kernel packages that fix three security issues, hundreds of bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the ninth regular update.
An updated rgmanager package that fixes multiple security issues and several bugs is now available for Red Hat Cluster Suite 4.
Updated ccs packages that fix one security issue are now available for Red Hat Cluster Suite 4.
An updated fence package that fixes multiple security issues, several bugs, and adds two enhancements is now available for Red Hat Cluster Suite 4.

Several vulnerabilities have been discovered in FFmpeg coders, which are used by by MPlayer and other applications. Exploiting them might lead to a buffer overflow, meaning also the execution of arbitrary code e.g.by special ogg file. Some vulnerabilities in the Google Chrome Browser might lead to a Denial-of-Service (DoS) and other unspecified impacts. The distributed file system AFS shows two vulnerabilities. They might lead to a Denial-of-Service also, or even remote execution of arbitrary code. It was discovered that telepathy-gabble, the Jabber/XMMP connection manager for the Telepathy framework, is processing google:jingleinfo updates without validating their origin. This may allow an attacker to trick telepathy-gabble into relaying streamed media data through a server of his choice and thus intercept audio and video calls.
Updated packages are available now.

Cisco Security Agent provides threat protection for server and desktop computing systems. Cisco Security Agent can function in a standalone manner or can be managed by the Management Center for Cisco Security Agent. The Management Center for Cisco Security Agent software releases 5.1, 5.2, and 6.0 is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the vulnerable device. A successful exploit could allow the attacker to modify agent policies and system configuration and perform other administrative tasks. Cisco has released free software updates that address this vulnerability.

A vulnerability exists in the way Microsoft Windows Server 2003 handles Browser Election messages. The reason is mrxsmb.sys, containing a bug in Browser Election message handling, which can cause a heap buffer overflow resulting in memory corruption. So using a specially crafted Browser Election message, an attacker may be able to cause a Denial-of-Service (DoS) or even execute arbitrary code. A workaround is described in the Vulnerability Note, a patch is currently not available.

Multiple flaws were found in the Python rgbimg module. If an application written in Python uses the rgbimg module and loads a specially-crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Certain scripts bundled with the Bash documentation creat temporary files in an insecure way. A malicious, local users could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts.
A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication.
Updated packages are available. They fix these known issues and provide bug fixes.

Oracle is vulnerable to a buffer overflow, caused by improper bounds checking by the exp.exe system. By persuading a victim to open a specially-crafted param file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash, meaning a Denial-of-Service (DoS). A patch is currently not available.

A critical Patch Update for Oracle Java SE and Java for Business has been published. This update fixes some security vulnerabilities that might allow attackers to e.g. leak authentication details or to execute arbitrary code remotely. So it's recommended to install this update.

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A flaw has been found in the way the dhcpd daemon processes certain DHCPv6 messages for addresses that had previously been declined and marked as abandoned internally. If a remote attacker sends such messages to dhcpd, it could cause dhcpd to crash due to an assertion failure if it was running as a DHCPv6 server.
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Some vulnerabilities in SVN might open attackers different ways to initiate a Denial-of-Service (DoS)
Updated packages are available now.

The chfn and chsh utilities don't properly sanitize user input that includes newlines. An attacker could use this to to corrupt passwd entries and may create users or groups in NIS environments.
Updated shadow packages are available now.

An incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expose contents of a parsed OCSP nonce extension.
Updated packages are available now.

For several reasons the internal CSRF protection in python was not used to validate ajax requests in the past. However, it was discovered that this exception can be exploited with a combination of browser plugins and redirects and thus is not sufficient.Further on, it has been discovered that the file upload form is prone to cross-site scripting (XSS) attacks via the file name.
Updated packages are available now.

phpMyAdmin is an administration tool for the MySQL data base. A SQL query can be executed under another user. It's possible to create a special bookmark which will be executed unintentionally by other users. This critical vulnerability can be resolved by upgrading to version 3.3.9.2 or newer or by installing the appropriate patch.

Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. So it's recommended to install this update.

It has been discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a Denial-of-Service (DoS) attack. Updated packages are available now.

An update to the SuSE Linux Kernel brings various bug and lots of security fixes. Since also critical vulnerabilities are fixed, an update is strongly recommended.

Novell iPrint Server (Novell Open Enterprise Server) could allow a remote attacker to execute arbitrary code on the system, caused by an error in the LPD component. An attacker could exploit this vulnerability to execute arbitrary code on the system. A patch is available now.

Apache Continuum is an continuous integration server with features such as automated builds, release management, role-based security, and integration with popular build tools and source control management systems. Two vulnerabilities have been found in Apache Continuum. Administrators are able to change any user's password, but the source of the request is not verified, making the behaviour susceptible to Cross-Site Request Forgery (CSRF). Further on, a request that includes a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages, which is a Cross-Site Scripting (XSS) attack.
An upgrade to Continuum 1.3.7 remedies this problem. A patch has been published for Continuum 1.4.0 (Beta).

JBoss Web Server is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies. A Denial-of-Service (DoS) flaw has been found in the way certain strings are converted to Double objects. A remote attacker might use this flaw to cause JBoss Web Server to hang via a specially-crafted HTTP request. Updated packages are available now.

Updated packages for OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit (java-1.6.0-openjdk) that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

Cgiirc is a web based IRC client. It shows a vulnerability that could lead to the execution of arbitrary javascript due to a reflective Cross-Site Scripting (XSS) flaw.
Insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code.
Updated packages are available now.

A heap-based buffer overflow has been found in the sql_prepare_where function in ProFTPD before 1.3.3d, when mod_sql is enabled. It allows remote attackers to cause a Denial-of-Service (DoS) and possibly the execution of arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. Updated packages have been patched to correct this issue.

A vulnerability has been found in Lotus Notes. Exploiting it might lead to remote and unauthenticated execution of arbitrary code when handling with cai URIs. Currently, not patches are available. These vulnerabilities have been published in accordance with the ZDI 180 day deadline.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. A patch is not available yet. This vulnerability has been published in accordance with the ZDI 180 day deadline.

Microsoft Office Powerpoint 2007 shows a vulnerability. When opening special PPT files, arbitrary code might be executed on a vulnerable system. Hotfixes are currently not available. This vulnerability has been published in accordance with the ZDI 180 day deadline.

Microsoft Excel shows some vulnerabilities. When opening special XLS files, arbitrary code might be executed on a vulnerable system. Hotfixes are currently not available. These vulnerabilities have been published in accordance with the ZDI 180 day deadline.

Multiple vulnerabilities have been found in Lotus Domino. Exploiting them might lead to remote and unauthenticated execution of arbitrary code and commands, respectively. Currently, not patches are available. These vulnerabilities have been published in accordance with the ZDI 180 day deadline.

A new SUSE Security Summary reports about vulnerabilities in the packages gnutls, tomcat6, perl-CGI-Simple, pcsc-lite, obs-server, dhcp, java-1_6_0-openjdk, and opera. Updated packages are available now and should be installed on vulnerable systems.

A potential security vulnerability has been identified with HP StorageWorks X9000 Network Storage Systems. This vulnerability could be exploited to allow remote unauthenticated access to the accounts with expired passwords. The workaround is described in the advisory.

A potential security vulnerability has been identified with HP Power Manager (HPPM) running on Linux and Windows. The vulnerability could result in a cross site request forgery (CSRF) leading to unauthorized administrative access. How to reduce the risk of this problem is described in the advisory.

The Cisco Nexus 1000V Virtual Ethernet Module (VEM) is a virtual switch for ESX and ESXi. This switch can be added to ESX and ESXi where it replaces the VMware virtual switch and runs as part of the ESX and ESXi kernel. A flaw in the handling of dropped packets by Cisco Nexus 1000V VEM can cause ESX and ESXi to crash, meaning a Denial-of-Service (DoS). Updated versions of the Cisco Nexus 1000V virtual switch address address this issue.

Multiple vulnerabilities have been found in krb5. Exploiting them might lead to a Denial-of-Service (DoS) in different ways. Updated software is available now.

The Cisco Nexus 1000V Virtual Ethernet Module (VEM) is a virtual switch for ESX and ESXi. This switch can be added to ESX and ESXi where it replaces the VMware virtual switch and runs as part of the ESX and ESXi kernel. A flaw in the handling of dropped packets by Cisco Nexus 1000V VEM can cause ESX and ESXi to crash, meaning a Denial-of-Service (DoS). Updated versions of the Cisco Nexus 1000V virtual switch address address this issue.

Important vulnerabilities have been identified in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. These vulnerabilities could lead to Cross-Site scripting (XSS), Session Fixation, CRLF injection and information disclosure. Adobe recommends users update their product installation.

Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends an upgrade to upgraded versions immediately.

Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could allow an attackercause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 10.1.102.64 and earlier versions update to Adobe Flash Player 10.2.152.26.

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.615 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions update to Adobe Shockwave Player 11.5.9.620.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

Wireshark 1.4.x could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of malicious files. By persuading a victim to load a specially-crafted .pcap file, a remote attacker could exploit this vulnerability to corrupt memory to execute arbitrary code on the system or cause a Denial-of-Service (DoS). An update to version 1.5.x remedies this problem.

The Replication Manager client installs a service binds the irccd.exe process to TCP port 6542. This service accepts commands using an XML-based protocol. It exposes a vulnerability through it's RunProgram functionality. By abusing this function an attacker can execute arbitrary code under the context of currently logged in user. This vulnerability has been fixed in EMC Replication Manager version 5.3. The bug is still present in the EMC Networker Module for Microsoft Applications. It will be fixed in these products at a later date.

A vulnerability in Novell's eDirectory Server's NCP implementation might lead to a Denial-of-Service (DoS). Novell's eDirectory Server binds to port 524 for processing NCP requests. When the application processes a malformed FileSetLock request, the service will become unresponsive resulting in an inability to authenticate to that server. A patch is available and should be deployed.

A vulnerability allows unauthenticated attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager. This is due to a flaw in the eTrust Common Services Transport (ECSQdmn.exe) running on port 1882. When making a request to this service a user supplied DWORD value is used in a memory copy operation. Due to the lack of bounds checking an integer can be improperly calculated leading to a heap overflow. If successfully exploited this vulnerability will result in a remote system compromise with SYSTEM credentials. A patch is currently not available.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the SCO OpenServer IMAP daemon. An Authentication is not required to exploit this vulnerability. The flaw exists within the imapd process responsible for handling remote IMAP requests. The process does not properly validate IMAP commands and arguments. Supplying an overly long command followed by an invalid argument can cause an exploitable overflow to occur. A patch is not available yet.

Several vulnerabilities allow an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. An update is currently not available.

An update to the SUSE Linux Enterprise 11 SP 1 Realtime Extension kernel brings various bug and lots of security fixes. Since also critical vulnerabilities are fixed, an update is strongly recommended.

TippingPoint's Zero Day Initiative (ZDI) contacted IBM Lotus to report nine potential buffer overflow vulnerabilities in Lotus Notes and Domino; for four of which IBM Lotus has fixes, two of which IBM Lotus continues to investigate a fix, and three of which IBM Lotus cannot reproduce and is pursuing additional information. Workarounds and information about updates can be found in the advisory.

Some vulnerabilities have been found in Apache Tomcat.
When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. Due to a coding error, the read-only setting isn't applied. Therefore a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of.
The HTML Manager interface displays web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages. This is a classical Cross-Site Scripting (XSS) attack.
Tomcat doesn't enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an Denial-of-Service (DoS) via an OutOfMemoryError.
It's recommended to upgrade to a patched version.

In OpenSSH 5.6 and OpenSSH 5.7 a vulnerability has been found when legacy certificates are generated. Due to a flaw this certificate might contain data from the stack that is confidential information. OpenSSH 5.8 doesn't show this vulnerability any more.

Majordomo 2 is an upwardly-compatible rewrite of the popular majordomo mailing list manager. It contains a directory traversal vulnerability in the _list_file_get() function caused by an input validation error when handling files. An attacker can exploit this vulnerability via directory traversal specifiers sent in a specially crafted request to any of the application's interfaces (e.g. email or web). It's recommended to update to snapshot 20110130 or later.

Several vulnerabilities have been found in PHP53 and PHP, respectively. Exploiting them might lead to remote access to confidential data, Denial-of-Service (DoS) or a successful Cross-Site Scripting attack (XSS). Updated packages remedy these problems.

Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to a heap-based buffer overflow, has been found in the way Pango displays font files when using the FreeType font engine back end. If a user loads a malformed font file with an application that uses Pango, it could cause the application to crash or execute arbitrary code with the privileges of the user running the application. Updated packages are available now.

Opera is a famous web browser. It could allow a remote attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability when loading executables. By persuading a victim to open a specially-crafted file from a WebDAV or SMB share using a vulnerable application, an attacker could exploit this vulnerability to execute arbitrary code. It's strongly recommended to upgrade to Opera version 11.01 or later, since this version is no more vulnerable.

A vulnerability was found in the Drupal third-party modules OG Forum, Open Legislation, PowerSQL, AES, Flag page, Userpoints, Chatroom, and Droptor, allowing Information Disclosure, remote Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and SQL Injection attacks. Fixed software is available now. Please be aware that Drupal core is not affected.

Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue doesn't require a software upgrade and can be changed or disabled by a configuration command for all affected customers.

As reported before, some vulnerabilities in the Domain Name Server BIND have been found. Updates for NetBSD are available now.

PostgreSQL is a famous database system. PostgreSQL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the gettoken() function in the intarray module. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system via certain parameters with elevated privileges or cause the application to crash. It's recommended to upgrade to the latest version of PostgreSQL (9.0.3 or later), available from the PostgreSQL Web site.

The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user. If the WebEx recording player was automatically installed, it will be automatically upgraded to the latest, non-vulnerable version when users access a recording file that is hosted on a WebEx server. If the WebEx recording player was manually installed, users will need to manually install a new version of the player after downloading the latest version.