RSS MAD

QuickTime: workaround

QuickTime: command execution via chrome

An attacker can create a malicious multimedia document, leading to code execution when it is opened in QuickTime.

NETASQ: new version 7.0.1

Windows Vista: vulnerabilities of Gadget

Three vulnerabilities affect Feed, Contacts and Weather Gadgets.

NetBSD: denial of service via vga_allocattr

A local attacker can use an ioctl with negative parameters in order to force the vga_allocattr() function to read at invalid memory addresses.

NetBSD: patch for vga_allocattr

NetBSD: patch pour Bind

NetBSD: patch for IPv6 Type 0 Routing Header

Mandriva Corporate: new quagga packages

Mandriva: new qt3/qt4 packages

MPlayer, mympc, KMPlayer: vulnerabilities of AVI

An attacker can use several vulnerabilities of AVI players in order to generate a denial of service or to execute code.

Fedora 7: new wordpress packages

Qt: patch for QUtf8Decoder

Qt: buffer overflow of QUtf8Decoder

An attacker can create an overflow when UTF-8 data are decoded by an application linked to Qt.

Red Hat Enterprise Linux: new qt packages

Red Hat Enterprise Linux 5: new kernel packages

IE: workaround for ActiveX of September 2007

Fedora 7: new lighttpd packages

Lighttpd: new version 1.4.18

Lighttpd: data corruption of mod_fastcgi

An attacker can use a long HTTP header in order to force mod_fastcgi module of Lighttpd to corrupt its data.

Apache httpd: Cross Site Scripting of mod_autoindex

When mod_autoindex is activated, an attacker can generate a Cross Site Scripting attack.

Cisco IOS: workaround for regexp

Cisco IOS: denial of service via regexp

An attacker allowed to run "show ip bgp regexp" can reboot the router.

Mandriva: new librpcsecgss packages

Mandriva: new id3lib packages

Quagga: denial of service of bgpd

A peer can send a malicious OPEN or COMMUNITY message in order to stop bgpd daemon.

Fedora 7: new samba packages

Slackware: new openssh packages

Slackware: new php packages

IE: vulnerabilities of several ActiveX of September 2007

Several ActiveX permit a remote attacker to generate a denial of service or to execute code.

PHP: bypassing open_basedir via mysql

An attacker can bypass restrictions imposed by open_basedir using the mysql extension.

Windows: code execution via MSN Messenger

An attacker can execute code on computer of victim accepting a video invitation via MSN Messenger or Windows Live Messenger.

Windows: privilege elevation via SFU

A local attacker can run a program with the suid bit in order to elevate his privileges.

Visual Studio: buffer overflow de Crystal Reports

An attacker can create a malicious RPT file in order to generate an overflow when it is opened by Microsoft Visual Studio or Business Objects Crystal Reports.

Microsoft Agent: buffer overflow via an url

An attacker can use a malicious url leading to code execution in Microsoft Agent.

Samba: privilege elevation via winbind nss info

When "winbind nss info" is configured, a primary group of zero is assigned to user.

Virus Pykspa

Virus Skipi

PHP: several vulnerabilities

An attacker can use several vulnerabilities of PHP in order to conduct a denial of service or to execute code.

QGit: file corruption

A local attacker can create a symbolic link in order to create or alter a file with rigths of QGit users.

WebSphere AS 6.1.0: several vulnerabilities

Several vulnerabilities of WebSphere AS permit an attacker to obtain information, to create denial of service or to attack the service.

X.Org X Server: buffer overflow of Composite extension

A local attacker can elevate his privileges by generating an overflow in the Composite extension of X.Org X Server.

Virus Nuwar

Virus Traxg

Worm Forbot

Virus Zhelati, Zhelatin

Virus Whybo

Virus Sohanad

Worm Nugache

Worm Rbot

Worm Fubalca

Virus Hairy

Virus Warezov

Virus Alman, Almanahe

Virus PoeBot

Virus Pahatia

Virus Fujacks

Virus Stration

Virus Looked