It was discovered that sympa, a modern mailing list manager, would crash when processing certain types of malformed messages.

Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation.

It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.

Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). The Common Vulnerabilities and Exposures project identifies the following three problems:

Several remote vulnerabilities have been discovered in the TYPO3 content management framework.

Several local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems:

Stefan Cornelius discovered two buffer overflows in Imlib's - a powerful image loading and rendering library - image loaders for PNM and XPM images, which may result in the execution of arbitrary code.

It was discovered that the Host Manager web application performed insufficient input sanitising, which could lead to cross-site scripting.

Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:

Several local (remote) vulnerabilities have been discovered in libvorbis, a library for the Vorbis general-purpose compressed audio codec. The Common Vulnerabilities and Exposures project identifies the following problems:

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.

"unsticky" discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting.

Stefan Cornelius discovered a vulnerability in the Radiance High Dynamic Range (HDR) image parser in Blender, a 3D modelling application. The weakness could enable a stack-based buffer overflow and the execution of arbitrary code if a maliciously-crafted HDR file is opened, or if a directory containing such a file is browsed via Blender's image-open dialog.

Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive.

Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

Several remote vulnerabilities have been discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems:

Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service.

It was discovered that crashes in the JavaScript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code.

Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host.

"The-0utl4w" discovered that the Kronolith, calendar component for the Horde Framework, didn't properly sanitise URL input, leading to a cross-site scripting vulnerability in the add event screen.