30.01.2003 Detailed

7! Buffer overflow in Microsoft Windows NT/2000/XP Locator service updated since 23.01.2003   Buffer overflow during packet parsing on Domain Controllers.   plpnfsd format string bug   Format string bug on syslog() call.

28.01.2003 Detailed

8! Sun Solaris at unauthorized file removing   Directory traversal in at -r paramter.   ProxyView unauthorized access   Account Administrator:Administrator allows full access.

noffle problems

Hypermail buffer overflow   Buffer iverflow on oversized attachment name.

CGI bugs

25.01.2003 Detailed

CGI bugs updated since 20.01.2003

24.01.2003 Detailed

Spamassassin buffer overflow   Off-by-one buffer overflow in BSMTP (-B).   Efficient Networks xDSL DoS (syn flood) updated since 11.01.2003   SYN-scan causes router to crash.   Group policy DoS in Windows NT/2000 updated since 05.12.2001   By putting exclusive lock on group policy file it's possible to stop group policy from applying domainwide.

23.01.2003 Detailed

9! CVS double free bug   Double free() bug on processing directory request. 6! Sun Solaris Kodak Color Management System directory traversal)   Directory traversal in KCS_OPEN_PROFILE may be exploited via ToolTalk.   Microsoft Outlook 2000 V1 Exchange server certificates flaw   Message may be sent unecrypted.

Multiple bugs in Apache for Windows   Multiple bugs during URL parsing.

WinRAR buffer overflow   Stack overflow on oversized file extention during extraction.

Windows 2000 SMB signing protection bypass updated since 14.12.2002   During connectio nsetup it's possible to switch off SMB signing regardless of policy setting.

Microsoft Content Management Server crossite scripting updated since 09.10.2002   Crossite scripting in ManualLogin.asp.

22.01.2003 Detailed

7! Trend Micro multiple bugs   Full unauthorized access via web-interface, including access to system passwords.

20.01.2003 Detailed

Norton Internet Security DoS   Large ICMP echo-request packet causes system to crash.

16.01.2003 Detailed

9! Buffer overflows in ISC DHCPD   Multiple buffer overflows were fixed during project audit.

15.01.2003 Detailed

Stunnel signal handling problem   Unsafe SIGCHLD handling.   CGI bugs updated since 13.01.2003

13.01.2003 Detailed

6! StatsMe format string bug   Format string bug in sm_playerstats. 6! Adminmod format string bug   Formatstring bug in multiple command.   BitKeeper command execution   Uncommented shell characters.

middleman buffer overflow   Multiple off-by-one overflows.

11.01.2003 Detailed

6! Half Life clanmod format string bug   Formst string bug in cm_log command (requires rcon access).   HLTV DoS   Packet with empty command causes server to crash.   CGI bugs updated since 08.01.2003

10.01.2003 Detailed

WebIntelligence session hijacking   Weak cookie generation mechanism allows session hijacking.

09.01.2003 Detailed

6! IMP SQL modification   SQL query can be modifyed via username.

08.01.2003 Detailed

10! Buffer overflow in OpenSSH Challenge-response updated since 25.06.2002   Integer overflow during challenge-response processing. Buffer overflow on large number of responses. 6! Communigate Pro directory traversal   Web interface directory traversal.   KaZaA crossite access   All advirtizing is executed in local zone.

Unauthorized Longshine AP TFTP access   TFTP access from WLAN interface allowed.

Symbolik link problem in S-Plus   Multiple modules create temporary files with predictable names.

HSphere WebShell buffer overflow   Buffer overflow in MIME boundary.

Tanne formatstring bug   syslog() format string bug.

Multiple cgihtml bugs   Temporary files problem, Content-Length DoS, buffer overflows.

Buffer overflow in http fetcher   Buffer overfliw in many functions.

ipfilter DoS   TCP/ACK packet with invalid checksum causes connection to be treated as established.

06.01.2003 Detailed

7! FreeBSD kernel integer overflow updated since 06.01.2003   fhold() integer overflow in addition to missed fdrop() call in fpathcount() allow code execution in kernel space.

05.01.2003 Detailed

6! WinAmp XML parser buffer overflow updated since 01.10.2002   Buffer overflow on .WAL files parsing.   EServ DoS   Sending huge amount of data causes program to hang.   CGI bugs updated since 03.01.2003

04.01.2003 Detailed

6! Multiple libmcrypt bugs   Multiple bugs including buffer overflows.   Community Vizard Board SQL injection   SQL injection into login protmpt.   Integrity Protection Driver protection bypass   Drivers protection may be bypassed via subst link to drivers directory (or NtCreateSymbolicLinkObject API).

Multiple iCal bugs   DoS, physical path disclosure.

Solaris wall message spoofing   It's possible to spoof message from any remote user.

03.01.2003 Detailed

6! Shell metacharacters code execution in dhcpcd   Shell metacharacters are uncommented during external program call.   Transport level checksum firewall detection attack   By sendgin packets with invfalid level 4 (transport) chacksum it's possible to detect packet filters.