31.01.2006 Detailed

git content tracker buffer overflow   Buffer overflow on oversized symbolic link name.   perl Mail::Audit library symbolic links problem   Insecure creation of log file.   bzip2 bzgrep and gzip zgrep shell characters problem   Unfiltered characters in filename allow code execution.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

unalz archiver buffer overflow updated since 28.11.2005   Buffer overflow on oversized archived file name.

NetDSL-1000 DSL router telnet server DoS   Request flood causes telnet service to hang

30.01.2006 Detailed

Pioneers game server DoS   Oversized chat message causes game server to crash.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Cross Site Cooking attack   There are few possibilities to set cookie for different site.

29.01.2006 Detailed

6! Multiple PHP vulnerabilities updated since 31.10.2005   phpinfo() crossite scripting, parse_str() register_globals activisation possibility, $GLOBALS variable modification witrh HTTP POST form 'fileupload' field. It's also possible to modify any variable with GLOBALS[variable].   Mozilla CSS crossite scripting   -moz-binding: CSS allows to bind XBL with element and XBL may contains scripts. It may lead to crossite sripting within e.g. webmail.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

28.01.2006 Detailed

Shareaza peeer-to-peer network client multiple integer overflows   Multiple integer overflows in different functions.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   libAST buffer overflow updated since 26.01.2006   conf_find_file() buffer overflow

27.01.2006 Detailed

net-snmp SNMP package fixproc utility symbolic link problem   Symbolic links problem on temporary files creation.   Weak Net::SSLeay perl module encryption   /tmp/entropy file is used for entropy gathering if no entropy source is specified with EGD_PATH envoronment variable. Attacker can fille file with known data.   Microsoft Windows MS-DOS applications uninitilized memory access information leak   Memory is not initialized then allocated for MS-DOS virtual machine. It allows to read data from physical memory.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

26.01.2006 Detailed

6! nfs-server NFS rpc.mountd buffer overflow   realpath() function buffer overflow. Kernel-level nfs-utils package is not vulnerable. 6! FreeBSD ipfw /pf IP firewall packet filter DoS updated since 11.01.2006   Problem with fragmented packets handling.   exiv2 IPTC library DoS   sscanf() is used for data wich is not NULL-terminated.

Sun StorEdge Enterprise Backup / Solstice Backup privilege escalation

Cisco routers IOS TCL privilege escalation   User can execute any command by switching to TCL (Tool Command Language) mode.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FreeBSD ioctl kernal memory access updated since 25.01.2006   Two vulnerabilities allow to read kernel memory.

Crossite browsing tracing attacks updated since 23.01.2003   Multiple browsing components allow to trace user browsing and to gather different information about user.

25.01.2006 Detailed

7! Red Hat Certificate Server / Directory server buffer overflow       6! Multiple E-Post Mail Servers vulnerabilities   SMTP authentication buffer overflow, POP3 APOP authentication buffer overflow, LDAP buffer overflow, IMAP directory traversal and multiple DoS conditions. 6! Kerio WinRoute FireWall multiple DoS conditions updated since 19.01.2006   DoS on HTML documents parsing and on oversized Active Directory server reply.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

SquirrelMail Web mail Change Passwd plugin buffer overflow   Buffer overflow on parsing command line arguments.

24.01.2006 Detailed

6! BEA Weblogic application server multiple vulnerabilities   Database passwords are stored unencrypted in cleartext, log files access, unauthorized MBean access, cleartext password logged on password change, etc.   OpenSSH scp client unfiltered shell characters   Unsafe argument (filename) usage in system() call.   Sun Grid Engine rsh client privilege escalation

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FetchMail mail processor DoS updated since 23.01.2006   Error on bounce message generation cause uninitialized memory reference.

23.01.2006 Detailed

lsh SSH server file descriptor leak   Random generator's seed file is not closed before executing command processor.   libTIFF TIFF library NULL pointer dereference   tif_dir.c NULL pointer dereference.   tor hidden services information disclosure   It's possible to discover location of hidden service by setting up malicious tor server, accessing hidden service repeatedly and tracking who builds circuits.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

22.01.2006 Detailed

6! KDE libraries / Konqueror buffer overflow updated since 20.01.2006   Buffer overflow on Unicode URL parsing within JavaScript processor.   Hitachi NetInsight II DoS         Hitachi HITSENSER Data Mart Server SQL injection

FileCOPA FTP Server directory traversal   Directory traversal with Store and Retr commands.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

MySQL information_schema view information leak   User can discover request used for view regardless of permissions with SELECT * FROM information_schema.views.

20.01.2006 Detailed

7! FreeBSD IEEE 802.11 wireless network buffer overflow updated since 19.01.2006   Buffer overflow on parsing IEEE 802.11 control frames. 6! Unauthorized ecartis mailing lists manager access   Attachment sent to -request address is saved to web accessible folder, allowing to put files on the Web server.   Multiple RockLife MailSite mail server vulnerabilities   Crossite scripting and DoS.

tftpd32 TFTP server format string vulnerability   SEND and GET TFTP commands format string bug.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.01.2006 Detailed

6! TippingPoint IPS intrusion prevention system DoS   Large CPU consumption on HTML documents parsing. 6! F-Secure Antivirus buffer overflow   Buffer overflow on ZIP archives parsing. 6! Multiple Cisco Call Manager vulnerabilites   DoS by creating multiple TCP/2000, TCP/2001, TCP/2002, TCP/7727 connections. Administrative Web interface privilege escalation.

MyDNS DNS server DoS

Dual DHCP DNS Server buffer overflow   Oversized DHCP option buffer overflow.

BitCoet peer-to-peer client buffer overflow   Oversized .torrent file URI buffer overflow.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco IOS Stack Group Bidding Protocol (SGBP) DoS   Invalid SGBP (UDP/9900) packet can cause router to hang if sgbp group is defined

Cerberus FTP Server DoS updated since 23.11.2005   Request flood causes server to crash.

18.01.2006 Detailed

Linux kernel multiple vulnerabilities   TwinHan DST Frontend/Card DVB driver buffer overflow, dm-crypt module doesn't clear memory.   Cisco IOS CDP protocol crossite scripting   Crossite scripting is possible with CDP status.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Legato Networker multiple vulnerabilities updated since 18.08.2005   Security bypass, DoS, information leak, code execution.

17.01.2006 Detailed

7! CMU SNMP snmptrapd format string vulnerability   Format string vulnerability in snmp_input() function.   AntiWord symbolic links problem   Word to Postscript document convertation insecure temporary file creation.   AOL buffer overflow   Buffer overflow in You've Got Pictures ActiveX Control.

ZyXel P2000W wireless VoIP phone information leak   Undocumented TCP/9090 leaks information on phone configuration.

MPM HP-180W wireless VoIP phone information leak   Undocumented TCP/9090 leaks information on phone configuration.

Clipcomm CPW-100E wireless VoIP phone backdoor   Undocumented TCP/60023 shell access allows remote unauthorized phone control, including calls.

Senao SI-7800H wireless VoIP phone multiple vulnerabilities   VxWorks debugger (TCP/17185) access.

ACT P202S wireless VoIP phone multiple vulnerabilities   VxWorks debugger (TCP/17185) access, rlogin access.

CounterPath eyeBeam software SIP IP Phone DoS   Buffer overflow on oversized SIP packet header name.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Mozilla Thunderbird attachment spoofing   Filename can be spoofed by using large number of spaces, display icon - with Content-Type header.

16.01.2006 Detailed

6! Linux kernel multiple DoS conditions   Local DoS with netlink_rcv_skb(), few DoS conditions with PPTP NAT. 6! Cisco IP Phones DoS   Syn-flood causes phone to reload. 6! Perl integer overflow

Sun Solaris lpsched privilege escalation

Multiple Windows wireless adapters WEP protection bypass   Atacker can force client to downgradte to unencrypted cleartext mode operations.

Tuxpaint paint program for children symbolic links problem   Symbolic links problem on temporary files creation (bad guy can overwrite your child's files).

Linksys VPN routers DoS   IP packet with invalid IP options causes router to crash.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

mailman mailing lists processor DoS updated since 14.11.2005   Scrubber.py fails to process attachment with UTF-8 character in the name and messages with large numbers in dates.

15.01.2006 Detailed

6! Novell SUSE Linux Enterprise Server Remote Manager buffer overflow   Integer overflow on negative HTTP POST Content-Length: paramters leads to 4-bytes heap overflow.   AmbiCom bluetooth stack / module buffer overflow   Buffer overflow on oversized filename in PUSH oparation.   HomeFTP FTP server DoS

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

13.01.2006 Detailed

7! ClamAV antivirus multiple vulnerabilities updated since 04.11.2005   Buffer overflow on handling FSG and UPX packed files, endless loops on CAB and TNEF files parsing.   BEA Weblogic application server information leak   It's possible to retrieve MBean configuration anonymously with JNDI interface.   Toshiba Bluetooth stack directory traversal   Directory traversal with filename allows to upload file to any location.

Multiple PHP extensions vulnerabilities   mysqli extension format string vulnerability, session extension session id HTTP response splitting.

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.01.2006 Detailed

7! Multiple Cisco Security Monitoring, Analysis and Response System (CS-MARS) backdoors   Undocumented account 'pnadmin' with standard password allows remote access to device. Undocumented 'expert' command allow unprivileged user to gain 'root' privileges. 6! PostgreSQL database DoS   Large number of connections at same time causes fatal error.   Cisco Aironet wireless access points DoS   arp-requests flood from wireless interface leads to memory exhaustion.

Multiple Sun Solaris vulnerabilities   Different bugs lead to system crash and privilege escalation.

slsnif serial line sniffer buffer overflow   Buffer overflow on parsing HOME environment variable.

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.01.2006 Detailed

10! Microsoft Exchange Server and Microsoft Outlook TNEF messages format buffer overflow updated since 10.01.2006   Buffer overflow on parsing TNEF format. 8! Microsoft Windows embedded web fonts memory corruption updated since 10.01.2006   Memory corruption on parsing web fonts embedded to HTML page. May be used to install trojans, backdoors or another malware to client computer.   BlackBerry Enterprise Server PNG files DoS

IronWall webserver directory traversal   Directory traversal with Обратный путь в каталогах через /.../.

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Xmame Multiple Arcade Machine Emulator buffer overflow updated since 03.06.2003   Buffer overflow on different command line options parsing.

10.01.2006 Detailed

6! Apache auth_ldap authentication module format string vulnerabilities   Format string vulnerability on error logging. 6! Apache mod-auth-pgsql authorization module format string vulnerabilities updated since 09.01.2006   Several format string bugs in error logging. 6! pound reverse proxy / load balancer / HTTPS front-end buffer overflow updated since 01.05.2005   Buffer overflow on oversized hostname.

Sun Solaris uustat buffer overflow   Buffer overflow in -S option parsing allows privilege escalation to euid uucp.

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

BSD systems securelevel protection bypass updated since 09.01.2006   By mounting different filesystem it's possible to mask file flagged 'immutable'. It's possible to rollback system tiime by setting it to maximum value.

09.01.2006 Detailed

bogofilter SPAM filter buffer overflows   Buffer overflows on oversized words and on character sets conversion.   Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   sudo privilege escalation updated since 16.11.2004   few envoronment vaqriables used by bash perl and python are not cleaned.

SMSTools format string vulnerabilities updated since 12.03.2002   Многочисленные ошибки форматной строки.

07.01.2006 Detailed

6! Lotus Domino multiple vulnerabilities   Multiple vulnerabilities, including few buffer overflows. 6! HylaFax enterprise fax system multiple vulnerabilities   Unauthorized access and privilege escalation are possible. 6! Blue Coat WinProxy proxy server multiple vulnerabilities   HTTP proxy buffer overflow and DoS, telnet proxy DoS.

rxvt-unicode weak permissions   Insecure permissions for few tty devices.

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP-UX xterm privilege escalation updated since 15.11.2005

Apple Airport Express / Apple Airport Extreme DoS updated since 13.01.2005   Inivalid data to UDP/161 cause device to crash.

05.01.2006 Detailed

6! OpenBSD file reopening privilege escalation       6! Linux kernel multiple vulnerabilities   TwinHan DST Frontend/Card buffer overflow,kernel/sysctl.c off-by-one, fib_lookup netlink message memory corruption, set_mempolicy() DoS.   Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Windows PHP buffer overflow   mysql_connect() buffer overflow.

04.01.2006 Detailed

Multiple Rockliffe Mailsite mail server vulnerabilities   IMAP server user enumaration and directory traversal.   Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   tkdiff diff graphical frontend symbolic links vulnerability updated since 27.12.2005   Insecure temporary files creation.

03.01.2006 Detailed

6! Multiple AIX multiple vulnerabilities updated since 16.12.2005   Buffer overflow in heap debugging, buffer overflows in muxatmd, slocal, file access privilege escalation in getShell and getCommand.   eFileGo directory traversal   Directory traversal in TCP/608 Web server.   File::ExtAttr perl library buffer overflow   Off-by-one overflow on extended attributes reading.

Dopewars format string vulnerability   FOrmat string bug on file logging.

pinentry PIN entering dialogs application privilege escalation   sgid wheel is incorrectly set for application.

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

NView / XNView multimedia viewer / browser privilege escalation updated since 30.12.2005   Dynamic libraries from current directory are loaded on startup.