The default Java security properties configuration did not restrict access

to certain com.sun.org.glassfish packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this moduleis not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected.

This update adds the correct CVE number.

Format String vulnerability in OVF Tool when parsing crafted OVF files.

Buffer Overflow when handling an attribute of "text3GTrack" elements can be exploited when Quick Player handles a specially crafted TeXML file.

This update adds the correct CVE information.

Buffer Overflow when handling an attribute of style elements can be exploited when Quick Player handles a specially crafted TeXML file.

This update corrects CVE.

This module exploits a command injection vulnerability in WebCalendar prior to 1.2.4 in order to install an agent.

A Buffer Overflow exist in DAQFactory service who listens on the UDP port 20034 when logs the informations of the incoming NETB packets.

This module exploits a heap overflow vulnerability in Samba Server by sending a crafted request packet via DCERPC call.



This update adds support to Debian 5 (32 bits and 64 bits).

Invision Power Board is vulnerable to a remote code execution due to the use of the unserialize method on user input passed through cookies without a proper sanitization.

The vulnerability is caused due to an indexing error in the ShowPropertiesDialog()method inside the ChartFX.ClientServer.Core.dll ActiveX Control. This can be exploited to write a single byte value to an arbitrary memory location via the pageNumber parameter.