31.01.2007 Detailed

6! libgd graphics library code execution   JIS fonts parsing problem in gdImageStringFTEx() function.   Sun Solaris kcms_calibrate privilege escalation         Sami HTTP Server DoS   Crash on large number of requests to non-existent files.

30.01.2007 Detailed

7! Microsoft Agent memory corruption updated since 14.11.2006   Memory corruption on parsing .ACF files.

6! Multiple Oracle security vulnerabilities... again   Multiple privilege escalations. Virtual private database protection bypass.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco Catalyst switches VTP DoS updated since 28.01.2007   Switch crashes on malformed VTP (VLAN Trunking Protocol) Subset-Advert message.

29.01.2007 Detailed

6! Apple Mac OS X Software Update / Apple Installer format string security vulnerability   Format string vulnerability on parsing filename of application/x-apple.sucatalog+xml files (.sucatalog и .swutmp). Format string vulnerability in .pkg file name.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 29.01.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Mac OS X crashdump symbolic links security vulnerability   Symbolic links problem on creating dump file in user's home. Allows admin group user to escalate privileges to root.

Telestream Flip4Mac format string vulnerabilities   Momory corruption on malformed WMV file ASF_File_Properties_Object size field.

Mac OS X CFNetwork library DoS   NULL pointer dereference on HTTP server response parsing.

28.01.2007 Detailed

7! Yahoo Messanger crossaplication scripting   Chat sign in / sign out messages are shown with Internet Explorer allowing scripting in local computer zone. 6! PHP Safe Mod protection bypass   It's possible to traverse working directory protection by using writing mode (srpath://../ file prefix for fopen()). 6! Multiple QNX security vulnerabilites   Unprivileged user can debug suid applications. Clipboard is world accessible.

6! IPSwitch WS_FTP unfilterd shell characters security vulnerability   Shell charCters problem on SCP files parsing.

6! ulogd buffer overflow

6! chmlib library memory corruption   Value from file is used directly in alloca() function call.

6! PGP Desktop code execution   PGPServ.exe/PGPsdkServ.exe Service doesn't validate data received through named pipe \pipe\pgpserv or \pipe\pgpsdkser.

bind named DoS   2 errors (use-after-free and type ANY response parsing) on response parsing of DNSSEC request.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Trend Micro VirusWall for Linux buffer overflow   Buffer overflow in libvsapi.so library used by vscan suid root application.

25.01.2007 Detailed

7! Citrix Metaframe Presentation Server / Javvin DiskAccess printer provider buffer overflow   Buffer overflow in cpprov.dll EnumPrintersW() and OpenPrinter() functions. 6! CA personal firewall multiple privilege escalations   Multiple vulnerabilities in HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys)drivers.   gtk library DoS   Crash on GIF files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Earthlink TotalAccess AtciveX protection bypass   It's possible to manage sender and domain whitelists.

24.01.2007 Detailed

10! Cisco routers and code execution with IP options DoS   ICMP, UDP or TCP packets with some IP options set can cause device reload and potentially code execution. 6! Apple QuickDraw libraries memory corruption   Memory corruption on maleformed PICT image ARGB record. 6! Apple Mac OS X UserNotificationCenter privilege escalation   Application doesn't droup wheel group privileges.

6! Cisco routers IPv6 DoS   Router crash on parsing IPv6 packet RH (routing header).

6! Cisco routers memory leak DoS   Memory leak on incoming TCP packets.

Sun Ray Server password information leak   /cgi-bin/mail scripts records utadmin administrator's password is recorded into log file.

OpenBSD IPv6 ICMPv6 DoS   Infinite loop on ICMPv6 packet parsing.

pam unauthorized access   Any password is accepted if password hash contains some set of characters.

Sun Solaris tip privilege escalation   Privilege escalation to 'uucp' user.

Sienzo Digital Music Mentor ActiveX buffer overflow   Buffer overflow in NCTAudioFile2.AudioFile SetFormatLikeSample() method.

Multiple IP Phones unauthorized access   After administrative login it's possible to access administration interface from any IP without password validation.

xine-ui format string vulnerability   Format string vulnerability in errors_create_window() on media files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 24.01.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

OpenLDAP installation symbolic links vulnerability   gencert.sh installation script insecure tempoary files creation.

Multiple mobile phones bluetooth DoS   Flood with ussp-push messages causes user interface blocking by multiple download prompt messages.

Microsoft Visual Studio buffer overflow   Buffer overflows on oversized filename in different paramters.

Apple Safari / Konqueror SCRIPT tag filtering bypass   Brower follows <script> tags within HTML comment. It violates HTML standard.

23.01.2007 Detailed

8! Sun Java memory corruption updated since 18.01.2007   Memory corruption on GIF files parsing with 0 width block. Can be used for hidden malware installation.

22.01.2007 Detailed

7! Mac OS X writeconfig privilege escalation   launchctl utility is executed by relative path from suid application.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.01.2007 Detailed

8! Apple QuickTime HREFTrack crossite scripting   Script can refer to local resources. Vulnerability is used in-the-wild for malware code installation. 7! Intel Centrino ipw2200 wireless drivers buffer overflow   Buffer overflow on oversized SSID 7! Mac OS X SLP daemon buffer overflow   Buffer overflow on parsing arguments list of SLP request.

6! Apple iChat format string vulnerability   Format string vulnerability on aim:// URI parsing.

6! Apple Mac OS X transmit.app buffer overflow   Buffer overflow on ftps:// URI parsing.

6! Rumpus FTP server multiple security vulnerabilities   Shell characters problems, buffer overflows, weaklpermissions.

6! Colloquy IRC client multiple format string vulnerabilities   Multiple format string vulnerabilities, e.g. invite IRC command.

Unsanity Application Enhancer privilege escalation   Multiple privilege escalation issues.

netrik shell characters problems   Shell characters problem on temporary files creation.

AVM IGD CTRL Service directory traversal   HTTP directory traversal with TCP/49001 (UPNP) port.

WzdFTPD FTP server DoS   NULL pointer dereference on FTP commands parsing.

T-Com Speedport ADSL router unauthorized access   Constant Cookie value is set for Web access verification.

Multiple PDF library PDF parsing DoS updated since 18.01.2007   Infinite loop on page model tree parsing.

VLC Media Player buffer overflow updated since 03.01.2007   Buffer overflow on oversized udp:// URI during M3U file parsing.

20.01.2007 Detailed

7! grsecurity privilege escalation updated since 12.01.2007   Privilege escalation with expand_stack(). 6! Cisco CS MARS and Cisco ADSM TLS, SSL, SSH certificates validation problem   On connecting to managed device, device certificate is not validated. 6! HP-UX ipfilter DoS   System crash on malcrafted packet.

AVM Fritz!Box VoIP router DoS   Crash on empty UDP packet to UDP/5060 (SIP) port.

Mac OS X syscall DoS   Arguments of shared_region_map_file_np() syscall are not checking, making it's possible to exhaust all available memory.

BitDefender client format string vulnerability   Format string vulnerability on scan settings logging.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Help Workshop buffer overflow updated since 18.01.2007   Buffer overflow on .cnt / .hpj files parsing.

18.01.2007 Detailed

8! Unzuthorized file access via file stdio decriptors in multiple Unix systems updated since 22.04.2002   By exhausting all file descriptors and closing stderr it's possible to causesituation called application will open new file with descriptor 2 and all stderr output will be redirected to file. In few systems it's enougth to close standard descriptor.   MBSE BBS for Unix buffer overflow   Buffer overflows in multiple suid utilities on environment variables parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.01.2007 Detailed

6! Multiple Squid cache proxy security vulnerability   external_acl queue infinite loop, FTP client code DoS on parsing FTP server listing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   wget FTP client code DoS   Multiple blank 220 FTP responses on FTP SYST command cause application crash.

16.01.2007 Detailed

7! Multiple Mac OS X security privilege escalation   Few suid application binaries are user-writable. 6! Mac OS X AppleTalk protocol buffer overflow   Heap buffer overflow. 6! libgtop buffer overflow   Buffer overflow on /proc FS parsing.

6! Mac OS X / Apple Finder multiple file system parsing vulnerabilities updated since 11.01.2007   Buffer overflow on oversized DMG volume label in Apple Finder. Integer overflows on UFS DMG image parsing. DoS on processing UFS and HFS+ volumes.

6! Kaspersky Antivirus privilege escalation updated since 21.10.2006   Privilege escalation with KLIN and KLICK system drivers IOCTL.

Ooutpost self-protection bypass   It's possible to bypass self-protection by using NTFS hard links.

15.01.2007 Detailed

6! Multiple GnuPG potential vulnerabilities   Multiple potential buffer overflow and integer overflow with unknonwn exploitability.   BMC Remedy Action Request System user enumeration vulnerability   Messages for invalid password and invalid user name are different.   WFTPD Pro FTP server DoS   Incomplete SITE ADMIN command causes server to crash.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

libneon array index overflow   Index overflow on URI parsing with non-ASCII characters in 64-bit systems.

libsoup library DoS   DoS on parsing HTTP headers.

13.01.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.01.2007 Detailed

6! Multiple F5 FirePass security vulnerabilities   URL restrictions bypass, crossite scripting. Restrictions bypass with dotless IP address. Acounts enumeration. 6! Sun Solaris rpcbind DoS         IBM AIX ftpd DoS

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP Open View Network Node Manager multiple vulnerabilities   Remote file access and code execution is possible.

FreeBSD jail rc.d symbolic links problem   Multiple conditions allow to write files begind jailed environment, as an example symbolic link /var/log/console.log.

snort integer overflow   Signed integer type overflow on GRE protocol parsing.

11.01.2007 Detailed

7! TIS Internet Firewall Toolkit buffer overflow   Buffer overflow on FTP proxy oversized user name. 6! Multiple Microsoft Outlook security vulnerabilities updated since 09.01.2007   DoS. Buffer overflow on .iCal and .oss files parsing.   Microsoft Windows WMF invalid pointer dereference   Invalid pointer dereference in GDI on CreateBrushIndirect function.

EIQ Networks Network Security Analyzer DoS   Crash on malformed command to TCP/10618 port.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco IOS Data-link Switching DoS   Device reload on malformed DLSw message parsing.

Securekit Steganography / Camouflage protection bypass updated since 09.01.2007   File with hidden information has strong signature, password protection is implemented in interface only.

10.01.2007 Detailed

7! Adobe Reader buffer overflow   Heap buffer overflow on PDF parsing. 6! Adobe Macromedia ColdFusion source code leak   Adding twice encoded NULL byte to path allows .CFM file content disclosure. 6! X.org / XFree68 multiple integer overflows updated since 09.01.2007   Integer overflow in DBE and Renderer extensions.

Cisco UCC / IPCC JTapi DoS   Service restart on invalid data received through TCP port.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.01.2007 Detailed

9! RPC library / MIT Kerberos kadmind uninitialized function pointer   Function call by uninitialized pointer in RPC server code allows code execution. 8! GSS-API library / MIT Kerberos kadmind (uninitialized pointer free)   free() of unallocated memory pointer in mechglue GSS API layer. 8! Microsoft VML buffer overflow   Buffer overflow and integer overflows on Vector Markup Language parsing. May be used for hidden malware installation.

7! Hewlett Packard multiple printers privilege escalation   Local user have full access to printer service "PML Driver HPZ12" thorugh service manager, making it possible to configure any executable to be run with local system privileges.

7! Opera browser multiple security vulnerabilities updated since 06.01.2007   Memory corruption on JPEG parsing, function call via user-controlled pointer.

7! Multiple Cisco Clean Access vulnerabilities updated since 04.01.2007   Shared secret for client access is same for all devices and can not be changed. Location of database backup (snapshot) can be bruteforced and downloaded without authentication.

Microsoft Office 2003 grammar checking memory corruption   Memory corruption on Brazilian and Portuguese grammar checking.

Sina UC instant messenger ActiveX buffer overflow   Buffer overflow in SendChatRoomOpt() method.

Packeteer PacketShaper multiple buffer overflow   Buffer overflow in Web and command line interfaces.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Avahi DNS response DoS   Malcrafted DNS response causes endless loop.

ksirc client DoS   NULL pointer dereference on malformed server reply.

08.01.2007 Detailed

7! OpenBSD vga privilege escalation updated since 05.01.2007   vga_ioctl() syscall allows code execution in kernel. 6! Apple OmniWeb Format string vulnerability   Format string vulnerability in javascript alert() function.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Novell Netware client restriction bypass   Problem with profile handling under terminal session.

CenterICQ buffer overflow   Buffer overflow in LiveJournal support module.

07.01.2007 Detailed

8! Apple QuickTime buffer overflow updated since 03.01.2007   Buffer overflow on oversized rtsp:// URLs. 6! Cisco Secure ACS multiple security vulnerabilities   Buffer overflow and DoS on malformed RADIUS packet parsing, buffer overflow on malformed HTTP request.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Fetchmail multiple security vulnerabilities   Multiple password leak problems on inability to establish secured authentication, DoS.

06.01.2007 Detailed

6! Eudora WorldMail buffer overflow   Buffer overflow in remote management interface (TCP/106). 6! Kaspersky Antivirus DoS   Endless loop on invalid NumberOfRvaAndSizes field value of PE file.   OpenVMS multiple security vulnerabilities   HP DecNet-Plus undisclosured vulnerability, cleartext password in log files.

Apple Mac Os X DiskManagement.framework privilege escalation   File integrity for file with original permissions database is not checked during permissions restoration.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

05.01.2007 Detailed

6! Multiple browsers race conditions updated since 18.08.2006   There are different race condition with threading synchronization on different concurrent events.   Perforce client insecure design   Server has full control under client.   Business Objects Crystal Reports buffer overflow   Buffer overflow on parsing .RPT files.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Power Archiver buffer overflow   Buffer overflow on parsing .ISO files.

Multiple security vulnerabilities in Bluetooth protocol and Bluetooth stacks implementations   Buffer overflows, weak authentication algorithm, weak pseudo-random number generators, directory traversals, etc.

04.01.2007 Detailed

7! Adobe reader plugin PDF files universal crossite scripting updated since 03.01.2007   1. By using URIs like http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where document is stored. There are also more bugs exploitable thorugh a web page. 6! OpenOffice buffer overflow   Integer overflow leads to heap buffer overflow on EMF/WMF files parsing.   DWR protection bypass   Protection againsts functions access is implemented in client side.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.01.2007 Detailed

6! WinZip ActiveX buffer overflow updated since 15.11.2006   Buffer overflow in WZFILEVIEW.FileViewCtrl.61 element.   ICONICS Dialog Wrapper Module ActiveX control buffer overflow   Buffer overflow in DoModal() method.   Miredo authentication bypass   HMAC-MD5-64 authentication can be bypassed.

QK SMTP server buffer overflow   Buffer overflow on oversized RCPT TO: SMTP command argument.

MoviePlay buffer overflow   Buffer overflow on .lst files parsing.

Linux ATMEL wireless drivers buffer overflow   Buffer overflow in Get_Wep() function.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.