A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.

A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header.

SSLtelnet contains a format string vulnerability that could allow remote code execution.

Remote exploitation of an input validation error in the uudecoding feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to execute arbitrary code.

In some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locations. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (Denial of Service).

KDE's DCOPServer creates temporary files in an insecure manner. Since the temporary files are used for authentication related purposes this can potentially allow a local attacker to compromise the account of any user which runs a KDE application.

The Konqueror webbrowser allows websites to load webpages into a frame of any other frame-based webpage that the user may have open.

Evgeny Demidov discovered that the Samba server has a buffer overflow in the Samba Web Administration Tool (SWAT) on decoding Base64 data during HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are affected.

Another buffer overflow bug has been found in the code used to support the "mangling method = hash" smb.conf option. The default setting for this parameter is "mangling method = hash2" and therefore not vulnerable. Versions between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected.

A buffer overflow exists in the logging functionality of the DHCP daemon which could lead to Denial of Service attacks and has the potential to allow attackers to execute arbitrary code.

Steve Grubb reports a buffer read overrun in libpng's png_format_buffer function. A specially constructed PNG image processed by an application using libpng may trigger the buffer read overrun and possibly result in an application crash.

By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed.

Issues have been discovered in multiple protocol dissectors.

Issues have been discovered in multiple protocol dissectors.

Stefan Esser has reported two vulnerabilities in PHP, which can be exploited by malicious people to bypass security functionality or compromise a vulnerable system. An error within PHP's memory_limit request termination allows remote code execution on PHP servers with activated memory_limit. A binary safety problem within PHP's strip_tags() function may allow injection of arbitrary tags in Internet Explorer and Safari browsers.

A vulnerability has been reported in Mozilla and Firefox, allowing malicious websites to spoof the user interface.

Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).

Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification.

Glenn Randers-Pehrson has contributed a fix for the png vulnerabilities discovered by Chris Evans.

Furthermore, Marcus Meissner has discovered and patched a buffer overrun associated with decoding runlength-encoded BMP images.

CVStrac contains a flaw that may allow a remote attacker to execute arbitrary commands.

Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim.

Remote authenticated users can execute arbitrary code by passing a malicious string containing format specifiers.

Rubys CGI session management store session information insecurely, which can be exploited by a local attacker to take over a session.

Chris Evans has discovered flaws in th handling of various bitmap formats, allowing the execution of arbitrary code or causing a DoS.

Unspecified malformed messages can be used to cause a DoS (Denial of Service).

Inter7 vpopmail (vchkpw) versions 5.4.2 and earlier contain buffer overflows and format string vulnerabilities in the file vsybase.c

The buffer overflows are not fixed in versions 5.4.6/5.5.0, but are believed to be very hard to exploit, and only by administrators able to add users.

Stefan Esser reports multiple remote exploitable vulnerabilites in the cvs code base.

Additionaly there exists an undocumented switch to the history command allows an attacker to determine whether arbitrary files exist and whether the CVS process can access them.

Multiple vulnerabilities have been found in the LHA code by Lukasz Wojtow and Thomas Biege.

Successful exploitation may allow execution of arbitrary code.

Max Vozeler found a flaw in in cdrecord allowing a local root exploit