20 November 2009

• XOOPS Multiple Unspecified Vulnerabilities
• Drupal Link Module "Link Title" HTML Injection
• CUPS "kerberos" Parameter Cross-Site Scripting
• GNU GRUB Local Authentication Bypass
• Asterisk SIP Response Username Enumeration Remote Information Disclosure
• Sun Virtual Desktop Infrastructure Authentication Mechanism Unauthorized Access
• Linux Kernel "nfs4_proc_lock()" Local Denial of Service
• Apple Mac OS X Kernel Multiple Vulnerabilities
• Apple Mac OS X FTP Server CWD Command Buffer Overflow
• Apple Mac OS X Event Monitor Log Parsing Denial of Service
• Apple Mac OS X Apple Type Services Multiple Memory Corruption Vulnerabilities
• SafeNet SoftRemote Policy File Handling Remote Buffer Overflow Vulnerabilities
• Microsoft Excel "SxView" Memory Corruption Remote Code Execution
• Microsoft Excel Formula Parsing Remote Code Execution

19 November 2009

• Citrix NetScaler and Access Gateway Denial of Service
• Drupal NGP COO/CWP Integration Module Security Bypass and HTML Injection Vulnerabilities
• Prototype JavaScript Framework Cross-Site Ajax Request
• PDFLib "open_basedir" Restriction Bypass
• IBM Tivoli Storage Manager Multiple Remote Vulnerabilities
• Sun Solaris XScreenSaver Popup Windows Security Bypass
• Apple Mac OS X QuickLook Remote Code Execution
• Apple Mac OS X International Components for Unicode Buffer Overflow
• Apple Mac OS X CDF File Multiple Buffer Overflow Vulnerabilities
• Apple Mac OS X Screen Sharing Client Multiple Remote Code Execution Vulnerabilities
• Apple Mac OS X "ptrace" Mutex Handling Local Denial of Service
• Microsoft Active Directory LDAP Request Stack Exhaustion Denial of Service
• Microsoft Excel Cache Memory Corruption Remote Code Execution
• Microsoft Windows Kernel GDI Data Validation Local Privilege Escalation

18 November 2009

• HP NonStop Server Unauthorized Data Access
• HP Power Manager Unspecified Remote Code Execution
• Drupal Smartqueue OG Confirmation Message Security Bypass
• Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities
• Adobe Shockwave Player Multiple Remote Code Execution and Denial of Service Vulnerabilities
• Sun Solaris Sockets Direct Protocol (SDP) Driver "sdp(7D)" Remote Denial of Service
• Apple Mac OS X Launch Services Remote Security Bypass
• Apple Mac OS X IOKit Keyboard Firmware Local Unauthorized Access
• Apple Mac OS X Disk Images FAT Filesystem Heap Buffer Overflow
• Apple Mac OS X Adaptive Firewall Security Bypass
• XM Easy Personal FTP Server
• Microsoft Word Record Parsing Remote Code Execution
• Microsoft Excel Field Parsing Remote Code Execution
• Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation

17 November 2009

• IBM BladeCenter Advanced Management Module Multiple Unspecified Security Vulnerabilities
• eNdonesia "mod" Parameter Local File Include
• Xerox Fiery Webtools "summary.php" SQL Injection
• Drupal User Protect Cross-Site Request Forgery
• RoundCube Webmail Multiple Cross-Site Request Forgery Vulnerabilities
• Blender ".blend" file Remote Command Execution
• IBM PowerHA Cluster Management Unauthorized Access
• FreeBSD "fifo_vnops.c" Resource Leak Local Denial of Service
• Apple Mac OS X QuickDraw Manager Remote Code Execution
• Apple Mac OS X Dictionary Arbitrary Script Injection
• Apple Mac OS X DirectoryService Memory Corruption
• Apple Mac OS X CoreGraphics Multiple Heap Overflow Vulnerabilities
• Apache Tomcat Windows Installer Insecure Password
• Microsoft Excel Malformed BIFF Record Remote Code Execution
• Microsoft Excel Document Parsing Remote Code Execution
• Microsoft Windows License Logging Server Remote Heap Buffer Overflow

16 November 2009

• Hitachi Cosminexus XML Processor Denial of Service
• Drupal Zoomify Module "node title" HTML Injection
• Apple Mac OS X Apache HTTP TRACE Cross-Site Scripting
• Poppler "ABWOutputDev.cc" Remote Buffer Overflow
• Multiple Vendor TLS Protocol Session Renegotiation Security
• Sun Solaris SCTP "sctp(7P)" and SDP "sdp(7D)" Sockets Local Denial of Service
• Linux Kernel "fput()" NULL Pointer Dereference Local Denial of Service
• Apple Mac OS X Login Window Race Condition
• Apple Mac OS X Help Viewer Spoofed HTTP Response Remote Code Execution
• Apple Mac OS X Spotlight Insecure Temporary File Handling
• Apple Mac OS X AFP Client Multiple Remote Code Execution Vulnerabilities
• Pablo Software Solutions Baby Web Server Multiple Request Remote Denial of Service
• Microsoft Excel "Featheader" Record Remote Code Execution
• Microsoft Excel Index Parsing Remote Code Execution
• Microsoft Windows Web Services on Devices API Remote Code Execution