[ MDVSA-2008:053 ] - Updated pcre packages fix vulnerability

 ( 632 days ago)

Mandriva Linux Security Advisory MDVSA-2008:053 Package : pcre Date : February 28, 2008 Affected: 2007.1, 2008.0 Problem Description: A buffer overflow in PCRE 7.x before 7.6 allows remote attackers to execute arbitrary code via a regular expression that contains a ...

CORE-2008-0130: VLC media player chunk context validation error

 ( 632 days ago)

Core Security Technologies - CoreLabs Advisory VLC media player chunk context validation error *Advisory Information* Title: VLC media player chunk context validation error Advisory ID: CORE-2008-0130 Advisory URL: Date published: 2008-02-27 Date of last update: 2008-02-27 Vendors contacted: VLC, Miro player Release mode: Coordinated release ...

[ MDVSA-2008:052 ] - Updated cacti packages fix multiple vulnerabilities

 ( 632 days ago)

Mandriva Linux Security Advisory MDVSA-2008:052 Package : cacti Date : February 27, 2008 Affected: Corporate 4.0 Problem Description: A number of vulnerabilities were found in the Cacti program, including XSS vulnerabilities, SQL injection vulnerabilities, CRLF injection vulnerabilities, and information disclosure vulnerabilities. ...

Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products

 ( 632 days ago)

Luigi Auriemma Application: Trend Micro OfficeScan Corporate Edition other Trend Micro products could be affected by this vulnerability since it's located in a function used to decrypt a specific type of passwords used by this vendor Versions: <= v8.0 Patch 2 - build 1189 ...

Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS

 ( 632 days ago)

These vulnerabilities in the MOStlyCE editor were fixed and a new release made within 2 days of the Mambo Team being notified of the vulnerabilities. Please Note: it is useful to notify Mambo whenever any risk is identified. Mambo is NOT at mamboserver.com. The project home is .

CFP - ekoparty 4th edition

 ( 632 days ago)

ekoparty 4th edition - www.ekoparty.com.ar Information Security/Insecurity Conference. October 2 and 3, 2008 Argentina - Ciudad Autonoma de Buenos Aires Ekoparty 4th edition is recruiting everyone who is interested in showing their researches and/or develops in the field of Information Security/Insecurity. ...

iDefense Security Advisory 02.26.08: Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability

 ( 632 days ago)

iDefense Security Advisory 02.26.08 Feb 26, 2008 I. BACKGROUND Mozilla Thunderbird is an open source electronic mail client and news reader. Multipurpose Internet Message Extensions (MIME) is a standard that defines how non-text attachments and other data are handled in ...

[SECURITY] [DSA 1510-1] New ghostscript packages fix arbitrary code execution

 ( 632 days ago)

- Debian Security Advisory DSA-1510-1 securityatdebian.org Thijs Kinkhorst February 27, 2008 - Package : gs-esp / gs-gpl Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0411 Chris Evans discovered a buffer overflow in the color space handling ...

iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability

 ( 632 days ago)

iDefense Security Advisory 02.26.08 Feb 26, 2008 I. BACKGROUND Symantec Scan Engine is a standalone Anti-Virus Engine that exposes a scanning Application Programming Interface (API) directly to developers who wish to integrate protection into their own custom applications. ...

iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability

 ( 632 days ago)

iDefense Security Advisory 02.26.08 Feb 26, 2008 I. BACKGROUND Symantec Scan Engine is a standalone Anti-Virus Engine that exposes a scanning Application Programming Interface (API) directly to developers who wish to integrate protection into their own custom applications. ...

Debian: New ghostscript packages fix arbitrary code execution

 ( 632 days 6 hours ago)

LinuxSecurity.com: Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file.

Gentoo: xine-lib User-assisted execution of arbitrary code

 ( 632 days 6 hours ago)

LinuxSecurity.com: xine-lib is vulnerable to multiple buffer overflows when processing FLAC and ASF streams.

Mandriva: Updated cups packages fix vulnerabilities

 ( 632 days 6 hours ago)

LinuxSecurity.com: A flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash. The updated packages have been patched to correct these issues.

Mandriva: Updated cups packages fix multiple vulnerabilities

 ( 632 days 6 hours ago)

LinuxSecurity.com: Dave Camp at Critical Path Software discovered a buffer overflow in CUPS 1.1.23 and earlier could allow local admin users to execute arbitrary code via a crafted URI to the CUPS service (CVE-2007-5848). The Red Hat Security Team also found two flaws in CUPS 1.1.x where a malicious user on the local subnet could send a set of carefully crafted IPP packets to the UDP port in such a way as to cause CUPS to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash (CVE-2008-0596).