30.01.2012 Detailed

10! MIT / FreeBSD / Cisco telnetd buffer overflow updated since 28.12.2011   Buffer overflow in BSD telnetd / MIT krb5 telnetd is actively exploited in-the-wild. 9! Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities   Quarterly CPU fixes nearly 80 different vulnerabilities 7! Symantec PCAnywhere multiple security vulnerabilities   Code execution, privilege escalation.

Barracuda Spam/Virus WAF 600 multiple security vulnerabilities   Different Web interface vulnerabilities

logsurfer double free vulnerability   prepare_exec() double free vulnerability

21.01.2012 Detailed

7! Microsoft Windows multiple security vulnerabilities updated since 11.01.2012   SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage.

6! Linux kernel multiple security vulnerabilities   DoS conditions, information leaks, privilege escalation.   PHP DoS   NULL pointer dereference because on unchecked zend_strndup return value.

Suhoshin buffer overflow   Buffer overflow in the transparent cookis encryption code.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.01.2012   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Business Availability Center / Business Service Management information leakage

NTR ActiveX security vulnerabilities   Buffer overflow, unsafe method.

GreenBrowser double free   Double free on iframe tag

HP StorageWorks P2000 security vulnerabilities updated since 16.01.2012   Default account, directory traversal.

EMC SourceOne information leakage   Information leakage via log files.

20.01.2012 Detailed

7! OpenSSL library multiple security vulnerabilities   Double free(), protection bypass, information leakages, DoS conditions. 6! Apache Tomcat security vulnerabilities   DoS, information disclosure. 6! Cisco TelePresence System Integrator / Cisco IP Video Phone E20 default account vulnereability updated since 21.11.2011   Default root account is enabled.

perl security vulnerabilities   It's possible to inject eval expression into digest module constructor. Off-by-one overflow in decode_xs.

Microsoft AntiXSS library crossite scripting updated since 11.01.2012   Crossite scripting during HTML parsing.

Xpra memory disclosure   It's possible to access uninitialized memory chunks.

Cisco Digital Media Manager privilege escalation   It's possible to access administration pages by URLs.

16.01.2012 Detailed

6! HP Easy Printer Care Software ActiveX unauthorized access updated since 12.08.2011   Files write access is possible.   McAfee SaaS ActiveX code execution   MyCioScan.Scan.ShowReport() method code execution.   HP Diagnostics Server buffer overflow   Buffer overflow on TCP/23472 request parsing

MailEnable crossite scripting   Crossite scripting in ForgottonPassword.aspx

t1lib / xpdf library multiple security vulnerabilities updated since 29.03.2011   Multiple memory corruptions.

11.01.2012 Detailed

6! Citrix Provisioning Services memory corruptions   Multiple memory corruptions. 6! PowerDNS response loop   Resolver reponds to response, allowing DoS attacks. 6! Apache mod_proxy unauthorized internal network access updated since 12.10.2011   Invalid processing for URI with preceeding @ sign.

Apache privilege escalation   Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers.

HP LaserJet P3015 printer unauthorized access updated since 09.01.2012   Web server directory traversal

Novell Netware security vulnerabilities updated since 09.01.2012   TCP/32778, UDP/32778, UDP/2039, UDP/32779 RPC-based services buffer overflow.

09.01.2012 Detailed

7! OpenSWAN use-after-free   Use-after-free in crypto helper 7! Apple QuickTime multiple security vulnerabilities updated since 31.10.2011   Multiple memory corruption on different multimedia formats parsing, crossite scripting. 6! HP Database Archiving Software code execution

6! ffmpeg library multiple security vulnerabilities   Multiple memory corruptions on QDM2, VP5, VP6, VMD and SVQ1 files parsing.

6! HP Managed Printing Administration multiple security vulnerabilities updated since 26.12.2011   Buffer overflows, unauthorized files access, directory raversal.

ipmitool weak permissions   Weak permissions on pid file creation.

Google Chrome https address spoofing   Few different address spoofing techniques.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

'super' script execution buffer overflow   Buffer overflow during logging.

HServer webserver directory traversal   Directory traversal with HTML-encoded requests.

IpTools security vulnerabilities   rcmd buffer overflow, Web server directory traversal.

HP OpenView Network Node Manager code execution updated since 06.11.2011

Oracle GlassFish Server authentication bypass updated since 12.05.2011   Unauthenticated administration console access via HTTP TRACE requests.

02.01.2012 Detailed

9! Microsoft .Net multiple security vulnerabilities   DoS, multiple vulnerabilities in forms authentication. 8! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Memory corruptions, protection bypass, integer overflows, DoS conditions. 7! FreeBSD multiple security vulnerabilities   Invalid nsdispatch() implementation for chroot'ed environment, multiple PAM vulnerabilities.

6! ICU library memory corruption   Memory corruption on locale processing.

squid proxy server buffer overflow   Crash on DNS response parsing.

lighthttpd security vulnerabilities updated since 26.12.2011   DoS on base64 parsing.