Azureus is a powerful, full-featured, cross-platform Java BitTorrent client.This release contains new features, improvements and fixes, such as reduced memory footprint and faster startup times. This is primarily a bugfix release.Please see http://azureus.sourceforge.net/whatsnew.php and http://azureus.sourceforge.net/changelog.php for details.This release may be downloaded from:http://sourceforge.net/project/showfiles.php?group_id=84122 Technorati : azureus, bittorrent, java, windows Del.icio.us : azureus, bittorrent, java, windows Ice Rocket : azureus, bittorrent, java, windows
Document ID: CTX111686 Created: Jan 23, 2007 Updated: Jan 23, 2007 Products: Citrix Presentation Server 4.0 for Microsoft Windows 2003, Citrix Presentation Server 4.0 for Microsoft Windows 2000, Citrix Presentation Server 4.0 x64 Edition, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003, Citrix MetaFrame XP 1.0 for Microsoft Windows 2000, Citrix MetaFrame XP 1.0 for Microsoft Windows 2003 Severity: High Description of Problem The Citrix print provider is used by Citrix Presentation Server to allow users to print to their local printer from published applications. A buffer overflow vulnerability has been reported in this component, this can be exploited by either: • A local API call • An unauthenticated RPC request This overflow could be used to execute arbitrary code in the context of the Local System account. This vulnerability is present in all versions of Citrix MetaFrame XP and Presentation Server up to and including 4.0. Mitigating Factors Access to the RPC interface would be needed to remotely exploit this issue. In typical deployments of Citrix Presentation Server this interface would not be externally accessible. What Customers Should Do A hotfix has been released to address both of these issues. Citrix recommends that affected customers install the hotfix which can be downloaded from the following locations: MetaFrame XP 1.0 for Windows 2000 Server: EN - http://support.citrix.com/article/CTX111648 FR - http://support.citrix.com/article/CTX111650 GE - http://support.citrix.com/article/CTX111651 JA - http://support.citrix.com/article/CTX111655 ES - http://support.citrix.com/article/CTX111653 MetaFrame XP 1.0 for Windows Server 2003: EN - http://support.citrix.com/article/CTX111657 FR - http://support.citrix.com/article/CTX111658 GE - http://support.citrix.com/article/CTX111659 JA - http://support.citrix.com/article/CTX111661 ES - http://support.citrix.com/articl
SeverityMedium Remote Yes Local No Authentication Required Yes Exploit publicly available No OverviewA Cross Site Scripting Vulnerability and a denial of service vulnerability have been discovered in the Symantec Web Security (SWS) products. Product(s) Affected Product Version Build Platform Symantec Web Security 6.0 All version prior to 3.0.1.85 3.0.1.85 DetailsThe SWS product fails to properly check and parse for URLs that may be embedded in HTML tags within error or blocked page messages returned to the client.An attacker could potentially embed malicious scripts commands into certain specific URLs, which the client browser would execute in the context specified in the malicious command. The vulnerable HTML pages occur with SWS error and blocked pages. Cross-site scripting vulnerabilities are Web-based attacks that target execution via the browser used to connect to the Web server. The SWS Web-based management console failed to properly check and parse its own HTML tags within error and blocked page messages that are returned to the requesting client.This type of attack requires additional input into the data stream by a malicious input, such as a Trojan horse which could issue commands or a URL may be generated that is outside the bounds of management. For example, it may specify unavailable links or be incorrectly formatted. The security gateway will reject this URL, but in so doing will return the offending URL to the browser without proper validation. The client browser, depending on configuration, may then act on the malicious content embedded in the URL. A denial of service vulnerability has also been identified. An unauthorized user can use the license registering interface and submit a very large file to Symantec Web Security. If the unauthorized user attempted to upload an extremely large file, the subsequent processing could slow the system creating a denial of service. Symantec ResponseSymantec has corrected this issue in Symantec
Multiple vulnerabilities were found in Hitachi Web Server (HWS). Malicious remote users can exploit the following vulnerabilities: Vulnerability #1: Protocol-version rollback vulnerability in OpenSSLWhen a client attempts to connect to a Web server by using the SSL 3.0 or TLS 1.0 protocol, an attacker might replace the connection with SSL 2.0 protocol.Please note that this vulnerability does not affect an encrypted SSL 2.0 protocol connection.Vulnerability #2: Cross-site scripting vulnerability with image mapsAn attacker might make a malicious script in another web site, insert the script into the contents automatically created by HWS, and then execute the script on the client.Vulnerability #3: Cross-site scripting vulnerability using an Expect headerAn attacker might send a message with an Expect header containing a malicious script to HWS, insert the script into the error contents automatically created by HWS, and then execute the script on the client. The affected products are listed below. Please upgrade the version of HWS in your system to the appropriate version.Please note that these vulnerabilities also affect Cosminexus products that bundle HWS. For details on the affected versions, see the information on Cosminexus products. [Affected models, versions, and fixed versions]Hitachi Web Server products Product name Model Version Platform Vulnerabilities(*1) Fixed version Release time Last update #1 #2 #3 Hitachi Web Server P-2441-E174 03-00 Windows No Yes Yes 03-00-01 December 15, 2006 January 24, 2007 P-2441-E151 02-00 -02-04-/B Yes Yes Yes 02-04-/C December 15, 2006 January 24, 2007 P-2841-E151 02-03 -02-04-/A Windows(IPF) No Yes Yes Being scheduled January 24, 2007 P-1B41-E151 02-00 -02-04-/A HP-UX Yes Yes Yes 02-04-/B December 15, 2006 January 24, 2007 E-1B41-E121 01-00 -01-02-/D Yes Yes Yes (*2) January 24, 2007 P-1B41-E111 01-00 -01-02-/D Yes Yes Yes (*2) January 24, 2007 E-1B41-E121B1 01-00 -01-02-/D Yes Yes Yes (*2) January 24, 20
Changelog for 3.08: Added experimental duplicate article grouping (autoduplicatediscovery=1 and maxdistance=?? if fine tuning is needed) Inline article tagging (press "t" while article is active). There's also possibility to tag multiple selected articles at the same time Now it's possible to copy multiple selected articles to clipboard. Save them to document or send to a friend at once. Starring/flagging article can be done from webview. Localized news packages available New "Database information" feature that shows you: Database size Enclosures folder size Article count Unread article count Starred article count List of inactive feeds List of problematic feeds "Open link automatically" can be set globally Bug fixes related to Internet Explorer 7 Download Feedreader from here. Technorati : ATOM, RSS, feed, windows Del.icio.us : ATOM, RSS, feed, windows Ice Rocket : ATOM, RSS, feed, windows