28.02.2004 Detailed

Multiple Mac OS X AFP client bugs   Cryptographic weakness allows interception of users credential via connection proxying.   FreeBSD jail_attach jail protection bypass   Process from one jail may enter into different jail via jail_attach.   xboing buffer overflow

27.02.2004 Detailed

6! ISS multiple products SMB parsing buffer overflow   Remote buffer overflow during SMB parsing leads to system account compromise.

Calife buffer overflow   Heap overflow on oversized password.

WinZIP mail format buffer overflow   Heap overflow on parsing different mail formats.

Internet Explorer crossdomain keystrokes leak   Script from one site can access keystrokes send do another site.

Extremail password weakness   It's psosible to access without passwords if password begins with digit.

Symantec Gateway Security crossite scripting   Crossite scripting in web managment.

26.02.2004 Detailed

Dell TrueMobile privilege escalation   it's possible to obtain local system privileges through help subsystem.   Dell OpenManage buffer overflow   Heap overflow on oversized Application variable in POST request.   FreeCHAT DoS

libxml buffer overflo   Buffer overflow during file downloadgin on oversized URL.

Mozilla crossite scripting   It's possible to access document content befor page downloaded completely.

25.02.2004 Detailed

10! Multiple Windows ASN.1 bugs updated since 11.02.2004   Heap corruptions, heap buffer overflows open possibilities for attack via different protocols and applications.   mformat privilege escalation   It's possible to access any file for reading and create world-writable root-owned files.   Alcatel Omniswitch 7000 ÂùÛ

FlexWATCH unauthorized access   Authentication can be bypassed.

Gigabyte Broadband Router unauthorized access   It's possible to bypass authentication.

24.02.2004 Detailed

6! Windows XP EMF buffer overflow   Heap overflow on image preview. 6! QuickTime/Darwin Streaming Server multiple bugs updated since 26.02.2003   Multiple bugs including uncommented shell characters, buffer overflows, etc.   TypSoft FTP Server DoS   DoS on UNC filename.

MacOS X ppd format string bug   It's possible to read process memory.

Load Sharing Facility multiple bugs   Code execution, DoS.

Confirm shell character problem   shell characters problem on e-mail address parsing.

CGI bugs

TeamFactor integer overflow   Integer overflow on signed/unsigned conversion.

nCipher HSM information leak   Under special conditions it's possible access private application data, including keys.

Avirt buffer overflow   Buffer overflow in web interface on oversized GET request.

23.02.2004 Detailed

Proofpoint protection server unauthorized access   User root with empty password can access mySQL.   Gatekeeper Pro buffer overflow   Buffer overflow on oversized GET request.   synaesthesia privilege escalation   It's possible to write any file with root privileges.

lbreakout2 buffer overflow   Buffer overflow on environment parsing.

hsftp format string bug   filename format string bug

PSOProxy buffer overflow   Buffer overflow on oversized GET request.

20.02.2004 Detailed

ZoneAlarm buffer overflow updated since 19.02.2004   Buffer overflow on oversized RCPT TO: in SMTP.   CGI bugs updated since 16.02.2004         Multiple bugs in Cisco ONS updated since 01.11.2002   DoS and unauthorized access via TFTP, FTP, SNMP, telnet.

19.02.2004 Detailed

smallftpd buffer overflow   Buffer overflow on large number of / in the path.   metamail format string bugs updated since 18.02.2004   Few format string bugs.

18.02.2004 Detailed

6! Ipswitch IMail buffer overflow   Buffer overflow in LDAP service.   SNMP information leak in Linksys   It's possible to retrieve all community strings.   CesarFTP DoS updated since 23.12.2003   Server hangs on CWD ......... command.

17.02.2004 Detailed

APC AP9606 backdoor account   Universal password is TENmanUFactOryPOWER   Vizer Web Server multiple bugs   No input validation.   Robot FTP Server buffer overflow   Buffer overflow on oversized USER command. LIST command before authorization causes server to crash.

Sami HTTP Server buffer overflow   Buffer overflow on oversized HTTP GET request.

16.02.2004 Detailed

Purge Jihad buffer overflow   Buffer overflow on parsing server reply.   SignatureDB buffer overflow   Buffer overflow in sdbscan.   Symantec AntiVirus Scan Engine for Red Hat Linux symbolic links problem   Symbolic links problem during LiveUpdate logging.

Sami FTP Server DoS   Multiple conditions leading to server crash.

mailmgr symbolic links problem   Symlink problem during temporary files creation.

Multiple XLite FTP bugs updated since 18.12.2003   Directory traversal, DoS.

12.02.2004 Detailed

monkeyd DoS   Malformed HTTP request causes server to crash.   CGI bugs updated since 09.02.2004

11.02.2004 Detailed

8! XFree font.alias buffer overflow   buffer overflow on oversized font name. 6! WINS buffer overflow   Buffer overflow on network packet parsing.   Virtual PC for the Macintosh symbolic links problem   Insecure temporary files creation.

10.02.2004 Detailed

6! Multiple Internet Explorer bugs updated since 03.02.2004   Crossite scripting in Travel Log, URL spoofing.   smbmnt privilege escalation   Few distributions have smbmnt installed suid root. It allows user to mount external drive and run any application as suid.   Real player directory traversal   Directory traversal in .rjs files allows to place file in any directory.

InnoculateIT weak file permissions   Weak directory permissions, symbolic links problems.

Multiple RED-M RedAlert bugs   Multiple bugs with user authentication.

EvolutionX buffer overflow   Buffer overflow on ftp and telnet protocols.

eggdrop unauthorized access   It;s possble to obtain share.mod access.

09.02.2004 Detailed

6! clamav integer overflow   Integer overflow on UUENCODE parsing.   TrackMania DoS   random data to TCP/2350 causes program to crash.   php.ini PHP protection bypass   It's possible tyo bypass protection (register_globals = on for example) of virtual host by requestin host without protection in same HTTP keep-alive connection before.

ApacheSSL protection bypass   In basic authentication emulation mode it's possible to access server without certificate.

vserver virtual machine protection bypass   it's possible to escape virtual root Catalog regardless of permission.

DreamFTP formatstring bug   Format string bug in username.

Palace buffer overflow   Buffer overflow on parsing palace:// URL

06.02.2004 Detailed

9! Multiple bugs in Orcale updated since 17.02.2003   Multiple bugs including remote buffer overflow in authentication process. 6! Multiple RealPlayer/RealOne buffer overflows   Buffer overflows on parsing different file types. 6! BSD smat privilege escalation   It's possible to access unallocated page of phisical memory.

Multiple IBM cloudscape bugs   Code injection, DoS, information leakage

CGI bugs updated since 03.02.2004

05.02.2004 Detailed

8! Checkpoint VPN-1/SecureClient buffer overflow   Buffer overflow on ISAKMP processing. 7! Checkpoint Firewall-1 format string bugs   Format string bugs in HTTP Application Intelligence component.   GNU Radius DoS   NULL reference on empty Acct-Session-Id attribute.

04.02.2004 Detailed

TypSoft FTP DoS updated since 04.02.2004   DoS on empty username.   OpenBSD IPv6 DoS   Kernel crashes on TCP connection request received after small MTU requested with ICMPV6_PKT_TOOBIG.   Chaser DoS   DoS on network packet parsing.

WebCrossing DoS   DoS on negative Content-Length in HTTP POST request.

03.02.2004 Detailed

Cisco link level frames DoS   Link level frame with size mismatched to network leyer size can cause device to crash or hang.   UnrealIRCd format string bug   If NO_IDENT_CHECKING is defined during compilation format string bug is possible in username.   chatterbox DoS   Crash on unrecognized request.

CrobFTP multiple bugs   Directory traversal, DoS.

OverKill multiple bugs   Multiple buffer overflow.

GNU libtool simbolic links problem   Symbolic links problem during compilation.

apache local protection bypass   It's possible to bypass few security settings with ErrorDocument.

Windows XP/2003 server service memory leak   Memory leak on directory cration/deletion.

01.02.2004 Detailed

Web Froums Server crossite scripting   Input filtering is missed in few forms procesing.