30.01.2004 Detailed

6! MacOS X TruBlueEnvironment buffer overflow   Buffer overflow on environment variables parsing. 6! Multiple Informix IDS bugs   Multiple bugs in different utilities.   BRS Webweaver crossite scripting   ISAPISkeleton.dll Crossite scripting

CGI bugs updated since 26.01.2004

27.01.2004 Detailed

Multiple bugs in ProxyNow!   Multiple buffer overflow

26.01.2004 Detailed

7! Multiple game bugs   Multiple buffer overflows on parsing different protocols.   Windows XP .folder files code execution   It's possible to create .folder file launching executable fail on open.   BremsServer multiple bugs   Directory traversal, crossite scripting.

Finjan SurfinGate unauthorized access   By using proxy server it's possible to obtain access to administration.

Novell Netware Enterprise Web Server multiple bugs   Crossite scripting, directory listing, etc.

mod_plsql crossite scripting   Crossite scripting in isqlplus.

Multiple Tinyserver bugs   Directory traversal, buffer overflows, etc.

IBM Net.Data crossite scripting   Crossite scripting in error messages.

23.01.2004 Detailed

CGI bugs updated since 19.01.2004         freesco crossite scripting   Crossite scripting in example CGI application.

22.01.2004 Detailed

Mephistoles Httpd crossite scripting         OwnServer directory travesal         2Wire web interface multiple bugs   Crossite scripting, directory traversal.

Apache mod_php and mod_perl file decriptor leak updated since 27.12.2003   Descriptor leakage allowws to spoof https session in child process.

20.01.2004 Detailed

6! Agnitum Outpost privilege escalation   It's possible to obtain local system privileges with help or adding new filter.   GetWare DoS   Problem with Content-Length: processing in POST request.   GoAhead DoS   Invalid Content-Length processing in POST request.

Networker symlink problem   Symlink problem in shutdown script.

GoAhead script source leak updated since 18.12.2003   It's possible to obtain content of .asp or cgi-bin file by adding special characters to filename.

J2EE code execution updated since 17.12.2003   It's possible to execute external application in SQL request to pointbase database.

19.01.2004 Detailed

UltraVNC privilege escalation   For online help Internet Explorer is launched with system privileges.   Pablo FTP file existance information leak   It's possible to check file existance with DEL command.   Symbolic links problem in NetPBM   Symlink problem during temporary files creation.

17.01.2004 Detailed

Midnight Commander buffer overflow   Buffer overflow on archives processing.   OpenCA certificate spoofing   A flaw could cause OpenCA to accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. This means that a certificate from another PKI can authorize operations on the used PKI if the chain of the used signature certifcate can establish a trust relationship to the actually used PKI.   CGI bugs updated since 12.01.2004

16.01.2004 Detailed

6! qmail integer overflow   Inger overflow on the message with line over 2Gb.   PayShield protection bypass   Once in 3 minutes it's possible to get positive answer to any request.   WWW File Share Pro multiple bugs   DoS, directory traversal for both reading and writing.

KDE VCF files buffer overflow   Buffer overflow on file parsing in kdepim.

RapidCache multiple bugs   Buffer overflow, directory traversal.

The Bat! memory corruption updated since 16.01.2004   Memory corruption on parsing multipart PGP messages.

14.01.2004 Detailed

7! Multiple bugs in H.323 implementations       6! MDAC buffer overflow updated since 22.08.2003   Buffer overflow during bilding list of SQL servers available on network.   Microsoft Exchange 2003 OWA NTLM wrong mailbox access   If NTLM authentication is used with front-end server it possible random access to wrong mailbox.

13.01.2004 Detailed

mod-auth-shadow password expiration weakness   Account expiration status is not checked during authorization.

12.01.2004 Detailed

CGI bugs updated since 29.12.2003         HTML help privilege escalation updated since 24.10.2003   HtmlHelp() call doesn't drop system privileges.

11.01.2004 Detailed

6! Multiple antivirus bzip2 DoS   Huge complressed bzip2 file causes application to crash.   Accipiter Direct Server directory traversal   HTTP directory traversal.   FreeProxy/FreeWeb multiple bugs   Directory traversal, DoS.

09.01.2004 Detailed

7! inn buffer overflow   Buffer overflow on control messages handling. 6! Yahoo Instant Messenger buffer overflow   Buffer overflow on oversized filename. 6! Lotus Domino weak permissions updated since 09.01.2004   Few configuration files are world writable.

vbox3 privilege escalation   Elevated privileges are not dropped on external executable call.

Cisco personal assistant protection bypass   It's possible to bypass password protection.

EDIMAX AR-6004 crossite scripting

Jabber SSL DoS   SSL connection handling DoS.

HD Soft Windows FTP Server format string bug   Format string bug during authentication.

ZyXEL10 Crossite scripting

Multiple fsp bugs   Buffer overflow, directory traversal.

SnapStream PVS crossite scripting

06.01.2004 Detailed

7! AIX enq format string bug   Format string bug during arguments parsing.   screen integer overflow         Multiple nd bugs   Multiple bugs including buffer overflow on server reply parsing.

Webcam Watchdog buffer overflow   Stack overflow on oversized HTTP GET request.

KpyM telnet server DoS   Connection flood causes server to crash.

03.01.2004 Detailed

6! CHM files execution in Internet Explorer updated since 19.05.2000   CHM file (HTML-help) may contain unsafe ActiveX elements and could lead to code execution. CHM execution may be triggered by calling CHM file as a HTML or via ActiveX elements.   GoodTech Telnet Server buffer overflow   Buffer overflow on oversized line.   New local NT attack - TOCTOU (Time-Of-Check-to-Time-Of-Use race conditions)   If service hooks are used for argument filtering, race conditions are possible between argument check and actual sytem call.

SwitchOff Multiple bugs   Infinite loop on oversized string to TCP/8000, stack overflow.