[SECURITY] [DSA 2045-1] New libtheora packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2045-1 secur...@debian.org http://www.debian.org/security/ Sébastien Delafond May 11, 2010

[CORE-2010-0405] Adobe Director Invalid Read

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Adobe Director DIRAPI.DLL Invalid Read Vulnerability 1. *Advisory Information* Title: Adobe Director DIRAPI.DLL Invalid Read Vulnerability Advisory I

Vulnerability in widget Cumulus for BlogEngine.NET

Hello Bugtraq! I want to warn you about security vulnerability in widget Cumulus for BlogEngine.NET. - Advisory: Vulnerability in widget Cumulus for BlogEngine.NET - URL: http://websecurity.com.ua/4184/ - Affecte

Multiple memory corruption vulnerabilities in Ghostscript

=== Ghostscript, multiple arbitrary code execution vulnerabilities May 11, 2010 CVE-2010-1869 === ==Description== Ghostscript (www.ghostscript.com), an interpreter for the Po

ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability

ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-081 May 11, 2010 -- CVE ID: CVE-2010-1550 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network

CFP for ekoparty 0x10 is now open! [ Buenos Aires, Argentina ]

[*] ekoparty Security Conference and Trainings - 6th edition [*] www.ekoparty.org Trainings: September 13-15 / Conference: September 16-17, 2010 Buenos Aires City, Argentina [*] CALL FOR PAPERS is now Open! ekoparty is a one-of-a-kind event in South America; an annual security conferenc

ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability

ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-082 May 11, 2010 -- CVE ID: CVE-2010-1551 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manager -- Tippi

ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability

ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-083 May 11, 2010 -- CVE ID: CVE-2010-1552 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Mana

ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability

ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-089 May 11, 2010 -- CVE ID: CVE-2010-1292 -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- TippingPoint(TM) IPS Customer Protection:

ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability

ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-084 May 11, 2010 -- CVE ID: CVE-2010-1553 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manager

ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability

ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-085 May 11, 2010 -- CVE ID: CVE-2010-1554 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manager

ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability

ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-086 May 11, 2010 -- CVE ID: CVE-2010-1555 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manag

ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability

ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-087 May 11, 2010 -- CVE ID: CVE-2010-1281 -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- Vulnerability Details: This v

ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability

ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-088 May 11, 2010 -- CVE ID: CVE-2010-1283 -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- TippingPoint(TM) IPS Customer Protection: Tipping

[CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability

[CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability Affected Products = 11.5.2.602 ,11.5.6.606 and prior CVE ID: CVE-2010-1282 CAL ID: CAL-20100204-1 Vulnerability Details = Code Audit Labs http://www.vulnhun

[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability

[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability Affected Products = 11.5.2.602 ,11.5.6.606 and prior CVE ID: CVE-2010-0129 CAL ID: CAL-20100204-2 Vulnerability Details = Code Audit Labs http://www.vulnhunt.com has

[CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite

[CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite Affected Products = 11.5.2.602 ,11.5.6.606 and prior CVE ID: CVE-2010-1280 CAL ID: CAL-20100204-3 Vulnerability Details = Code Audit Labs http://www.vulnhunt.com has disc

Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)

Class: Cross-Site Scripting (XSS) Vulnerability CVE:CVE-2010-0475 Remote: Yes Local: Yes Published: May 11, 2010 08:30AM Timeline:Submission to MITRE: 1/18/2010 Vendor Contact: 2/18/2010 Vendor Response: 2/18/2010 Patch Available: 5/2010 Patched in maintenance releases (3

iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability

iDefense Security Advisory 05.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ May 11, 2010 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browser

Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption

== Secunia Research 12/05/2010 - Adobe Shockwave Player 3D Parsing Memory Corruption - == Table of Contents Affected Software...

Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability

== Secunia Research 12/05/2010 - Adobe Shockwave Player Signedness Error Vulnerability - == Table of Contents Affected Software...

Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability

== Secunia Research 12/05/2010 - Adobe Shockwave Player Array Indexing Vulnerability - == Table of Contents Affected Software.

Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability

== Secunia Research 12/05/2010 - Adobe Shockwave Player Integer Overflow Vulnerability - == Table of Contents Affected Software...

PolyPager 1.0rc10 (fckeditor) File Upload Security Issue

PolyPager 1.0rc10 (fckeditor) Remote Arbitrary File Upload Vulnerability Impact Security Bypass Where From remote Software PolyPager 1.0rc10 Description A security issue has been discovered in PolyPager, which can be exploited by malicious people to bypass certain security restrictions

Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability

== Secunia Research 12/05/2010 - Adobe Shockwave Player Asset Entry Parsing Vulnerability - == Table of Contents Affected Software..

Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow

== Secunia Research 12/05/2010 - Adobe Shockwave Player Font Processing Buffer Overflow - == Table of Contents Affected Software..

VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129)

VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129) http://www.vupen.com/english/research.php I. BACKGROUND - "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access

[ MDVSA-2010:094 ] tetex

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:094 http://www.mandriva.com/security/

VUPEN Security Research - Adobe Shockwave 3D Two Remote Code Execution Vulnerabilities (CVE-2010-1284)

VUPEN Security Research - Adobe Shockwave 3D Two Code Execution Vulnerabilities (CVE-2010-1284) http://www.vupen.com/english/research.php I. BACKGROUND - "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some

VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280)

VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280) http://www.vupen.com/english/research.php I. BACKGROUND - "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have acces

VUPEN Security Research - Adobe Shockwave 3D Blocks Field Code Execution Vulnerability (CVE-2010-1283)

VUPEN Security Research - Adobe Shockwave 0xFF49 3D Block Code Execution Vulnerability (CVE-2010-1283) http://www.vupen.com/english/research.php I. BACKGROUND - "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have acc

[security bulletin] HPSBMA02522 SSRT100086 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02114879 Version: 1 HPSBMA02522 SSRT100086 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should b

[security bulletin] HPSBMA02520 SSRT100071 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access to Data

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02085876 Version: 1 HPSBMA02520 SSRT100071 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access to Data NOTICE: The information in this Security B

Secunia Research: TomatoCMS Script Insertion Vulnerabilities

== Secunia Research 10/05/2010 - TomatoCMS Script Insertion Vulnerabilities - == Table of Contents Affected Software...

Secunia Research: TomatoCMS "q" SQL Injection Vulnerability

== Secunia Research 10/05/2010 - TomatoCMS "q" SQL Injection Vulnerability - == Table of Contents Affected Software

Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability

== Secunia Research 12/05/2010 - IrfanView PSD Image Parsing Sign-Extension Vulnerability - == Table of Contents Affected Software.

Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow

== Secunia Research 12/05/2010 - IrfanView PSD RLE Decompression Buffer Overflow - == Table of Contents Affected Software.

Cisco Security Advisory: Multiple vulnerabilities in Cisco PGW Softswitch

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple vulnerabilities in Cisco PGW Softswitch Document ID: 111870 Advisory ID: cisco-sa-20100512-pgw http://www.cisco.com/warp/public/707/cisco-sa-20100512-pgw.shtml Revision 1.0 For Public Release 2010 May 12 1600 UTC (GMT