Artiphp CMS version 5.5.0 suffers from multiple POST cross site scripting vulnerabilities.

A review of the code in filter/source/msfilter msdffimp.cxx in OpenOffice.org versions 3.3 and 3.4 Beta revealed some unchecked memory allocations, which could be exploited via malformed Powerpoint graphics records ("escher") to cause bad_alloc exceptions. From this vulnerability a denial of service attack is possible.

Drupal Zen third party module version 6.x suffers from a cross site scripting vulnerability.

SiliSoftware backupDB() version 1.2.7a suffers from a cross site scripting vulnerability.

OpenOffice.org versions 3.3 and 3.4 Beta suffer from a memory overwrite vulnerability.

Debian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.

SiliSoftware phpThumb() version 1.7.11 suffers from a cross site scripting vulnerability.

FlashPeak SlimBrowser version 6.0.1.38 suffers from a denial of service vulnerability.

Drupal Aberdeen third party module version 6.x suffers from a cross site scripting vulnerability.

Drupal Hostmaster third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.

Drupal Post Affiliate Pro third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.

A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c).

The SEC-T 2012 Call For Papers has been announced. It will be held from September 13th through the 14th in Stockholm, Sweden.

Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.

Unijimpe Captcha suffers from a cross site scripting vulnerability.

Drupal Smart Breadcrumb third party module version 6.x suffers from a cross site scripting vulnerability.

Drupal Advertisement third party module version 6.x suffers from cross site scripting and information disclosure vulnerabilities.

Drupal Ubercart Product Keys third party module version 6.x suffers from an access bypass vulnerability.

Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.

Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.

Gentoo Linux Security Advisory 201205-2 - Multiple vulnerabilities have been found in ConnMan, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0-r1 are affected.

Axous version 1.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.