28.02.2005 Detailed

Mitel 3300 ICP IP PBX VOIP device Web session hijack   Predictable session id allos to hijack Web administration session.   NX Server / FreeNX X Server protection bypass         report bug bug reporting application weak permissions   Per-user configuration file is world readable and may contain sensitive information, such as SMTP server password.

Mozilla and Firefox browsers buffer overflow   Heap based buffer overflow in text processing functions.

kppp KDE dialer file descriptors leak   File descriptors are leaked for /etc/hosts and /etc/resolv.conf.

WebMod Half-Life dedicated server plugin integer overflow   Integer overflow with Content-Length: POST request.

gaim instant messanger DoS updated since 25.02.2005   Application crashes on receiving file with with parenthesis in the name and during HTML parsing.

Insecure GFI Languard Network Security Scanner password storage   Password is stored in memory in cleartext.

27.02.2005 Detailed

Novell Ximan Evolution gropware e-mail client DoS   Large number of text attachments leads to resource exhaustion.   Badblue Web server ext.dll buffer overflow   Buffer overflow on oversized ext.dll mfcisapicommand parameter.   cmd5checkpw CRAM-MD5 mail authentication program privilege escalation   Elevated privileges are not dropped then user-supplied program is launched.

Knet web server buffer overflow   Buffer overflow on oversized GET request.

PHP, ASP, CGI web applications security vulnerabilities updated since 21.02.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

25.02.2005 Detailed

6! Trend Micro AntiVirus library ARJ archives buffer overflow   Heap overflow during ARJ parsing.   PeerFTP FTP Server weak encryption   User passwords are stored in the world readable file.   IBM HMC (Hardware Management Console) privilege escalation

Sun Solaris stfontserverd symboli links problem

CIS WebServer directory traversal

bsmtpd batched SMTP mailer shell characters problem   Shell characters problem during address parsing.

Multipl Cisco ACNS (Application and Content Networking System) vulnerabilities   Default administration account, DoS.

HP-UX ftpd FTP server multiple vulnerabilities updated since 22.12.2004   Buffer overflow in debug mode, unauthorized files access.

24.02.2005 Detailed

7! Cyrus IMAP mail server multiple bugs updated since 24.11.2004   Multiple buffer overflows, memory corruptions. 6! Knox Arkeia Network Backup multiple vulnerabilities updated since 13.01.2005   Database files and password file have weak security premossions by default. Default root password is empty. Buffer overflow.   fallback-reboot DoS

Argosoft FTP server SITE COPY .lnk files directory traversal   With SITE COPY command it's possible to place .lnk file pointing outside FTP root directory.

Sun Solaris kcms_configure (Kodak Color Management System) symbolic links problem   Symbolic links problem then accessing current directory KCS_ClogFile file with elevated privileges.

22.02.2005 Detailed

Apache Batik Squiggle SVG browser protection bypass         SD Server HTTP server directory traversal         Multiple Gigafast EE400-R router vulnerabilities   DoS, configuration access (including administration password in cleartext).

cURL file download agent and library authentication buffer overflow   Buffer overflow during NTLM and Kerberos authentication.

PuTTY SSH client integer overflow updated since 21.02.2005   Integer overflow in SFTP (SSH File Transfer Protocol) implementation.

Tarantella Secure Global Desktop user enumeration   If RSA SecurID is used for authentication error messages differes for invalid username.

21.02.2005 Detailed

6! Knox Arkeya backup agent unauthorized access   It's possible to access remote filesystem with Arkeia backup agent installed.

20.02.2005 Detailed

Multiple Thomson TCW690 security vulnerabilities.   It's possible to access web interface without username and password. Denial of Service.   webfsd web server integer overflow   Integer overflow on directory listing.   gFTP FTP client directory traversal   Directory traversal during downloading file from server.

glFTPD FTP server plugin directory traversal   Обратный путь в каталогах в плагинах sitenfo.sh, sitezipchk.sh, siteziplist.sh.

Multiple TrackerCam webcam http server vulnerabilities   Buffer overflow, directory traversal, information disclosure, crossite scripting, DoS.

gProFTPD ProFTPD FTP server monitoring tool format tring bug   Format string bug during server log file parsing.

Yahoo messenger multiple security vulnerabilities   Filename spoofing, local privilege escalation with Audio Setup Wizard.

PHP/ASP/CGI web applications security bugs updated since 14.02.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, spam sending, etc.

WinFTP FTP Server buffer overflows updated since 12.02.2005   Buffer overflows in different FTP commands.

Bidwatcher eBay watching and bidding tool format string bug   Format string bug on server reply processing.

18.02.2005 Detailed

6! Microsoft .Net Framework ASP.NET crossite scripting   By using Unicode characters 0xff-0xff60 it's possible to bypass special charactesr filtering in ASP.NET application.

17.02.2005 Detailed

8! SHA family hash functions cryptographic weakness   Cryptographic weakness found making real strength against coliisions: collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length. Collisions in SHA-0 in 2**39 operations. Collisions in 58-round SHA-1 in 2**33 operations. 6! Multiple HP/Compaq products Web interface buffer overflow       6! Multiple Linux kernel security vulnerabilities   Arbitrary process memory control, race conditions, buffer overflow, DoS, IP filtering bypass.

Sami HTTP Server multipel vulnerabilities   Directory traversal, DoS.

Sun Solaris FTP server system wide DoS   By issuing PASV command it's possible to consume all available TCP ports.

Sun Solaris arp flood DoS   ARP flood causes system to hang.

MacOS X with HFS+ filesystem multiple web servers information disclosure   By accessing named file streams it's possible to access protected file data.

lighttpd script source code leak   It's possible to retrieve CGI script source code.

wpa_supplicant (WPA/WPA2 IEEE 802.11i support) buffer overflow   Buffer overflow on EAPOL-Key frames parsing.

KDE fliccd (INDI support) buffer overflows   Setuid root application buffer overflows.

typespeed keyboard touch-typist trainer format string bug   Format string bug in setgid games application.

15.02.2005 Detailed

MacOS X AFS (Apple File Server) AFP (Apple Filing Protocol) FPLoginExt DoS         synaesthesia sound visualisation symbolic links problem   Symbolic links problem due to access to user's file with elevated privileges.   Debian Toolchain symbolic links problem   Symbolic links problem in tpkg-* scripts.

VMWare virtual machine privilege escalation   Dynamic libraries are searched in world writable directory.

14.02.2005 Detailed

6! BrightStor ARCserve Backup buffer overflow updated since 10.02.2005   Discovery serice (UDP/41524) buffer overflow.   IBM WebSphere Java Server Pages (JSP) source code leak         ht://Dig HTTP indexing and searching system crossite scripting   Crossite scripting vulnerability during error message generation.

12.02.2005 Detailed

rwhod (remote who daemon) DoS         sympa mailling list manager buffer overflow   Buffer overflow in setuid sympa script.   KDE desktop manager dcopidlng script symbolic links problem   Unsafe temporary files handling.

Unauthorized Barracuda Spam Firewall message relaying   If there is a whitelisted domain any mail originated from this domain is relayed.

PHP/ASP/CGI web applications security bugs updated since 08.02.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

xpcd PhotoCD viewer buffer overflow updated since 10.08.2003   Buffer overflow in xpcd-svga on oversized HOME environment variable.

ZoneAlarm personal firewall DoS   NtConnectPort() API hook allows invalid pointer dereference.

11.02.2005 Detailed

6! Multiple F-Secure antiviral programs ARJ archives buffer overflow   Buffer overflow on ARH files handling.   Multiple IBM AIX utilities bugs   Buffer overflow, privilege escalation: ipl_varyon, lspath, netpmon.   Computer Associates BrightStor ARCserve Backup backdoor account   There is backdoor account Username: \x02root\x03 Password: \x02<%j8U]`~+Ri\x03

xview buffer overflow   xv_parse_one() buffer overflow.

10.02.2005 Detailed

8! Multiple IBM DB2 bugs updated since 02.09.2004   Multiple bugs including buffer overflows.   Frox transparent FTP proxy protection bypass   Deny ACLs may not work properly.   Emdro annotated text database engine memory leak   MQL parser memory leak.

emacs movemail buffer overflow   Buffer overflow on POP3 server reply parsing in setgid mail application.

Mailman mailing lists manager directory traversal   It's possible to bypass filtering with URL like .../..../// and retrieve any file from from the system.

09.02.2005 Detailed

9! Microsoft Internet Explorer DHTML Edit and Help ActiveX crossite scripting updated since 15.12.2004   DHTML ActiveX and Help allows code injection into context of different server. By combining this vulnerability it's psosible to execute code in local machine zone. This vulnerability can potentially be used for silent spyware/adware installation. 7! Microsoft Windows Hyperlink Object Library buffer overflow       7! Microsoft Windows COM/OLE multiple bugs   Privilege escalation during parsing files with COM structure (e.g. MS Office), buffer overflow on OLE objects, including MS Exchange MS-TNEF data format.

7! Multiple Microsoft applications PNG images buffer overflows   Buffer overflow during processing of different PNG image parameters.

7! Microsoft Windows Drag-and-Drop vulnerability   It's possible to trick user to drag-n-drop malicious file into special (for example autostart) folder.

6! Microsoft Office XP document URL buffer overflow   During attempt to opend document located on long URL buffer overflow occures.

6! Microsoft ASP.NET directory traversal   It's possible to traverse directory.

Avaya Call Management System DoS

SafeNet SoftRemote VPN client weak password encryption   Password is stored in registry in reversable encryption and in memory in cleartext.

IBM AIX auditselect format string bug   Buffer overflow on parsing command line argument.

Microsoft SharePoint Services crossite scripting   Multiple possibilities for crossite scripting and data spoofing.

08.02.2005 Detailed

AIX chdev format string bug   Format string bug in first command argument.   SquirrelMail WebMail S/MIME Plugin unfiltered shell characters problem   Data from user's certificate is used to invoke external application without filtering.   3COM 3CServer FTP Server multiple buffer overflows   Buffer overflows in multiple FTP commands.

05.02.2005 Detailed

7! perl PERLIO_DEBUG privilege escalation   By using PERLIO_DEBUG variable it's possible to redirect debug output of suid application to any file. Oversized PERLIO_DEBUG causes buffer overflow. 6! Eudora mail reader multiple vulnerabilities   Multiple vulnerabilities lead to ability of code execution with specially crafted e-mail message of mailbox file.   PowerDNS DNS server DoS   Random sequence of deta causes server to hang.

D-BUS message bus system session hijack   Malicious local user can connect to another user's session bus.

Postfix mail server IPv6 configuration unauthorized mail relaying   In specific configurations, for example if ran in chroot environment on IPv6 network, message relaying is not limited allowing relay to be used for SPAM sending.

Linksys PSUS4 print server DoS   Invalid Web interface POST requests processing causes device to crash.

LanChat Pro local area network chat program DoS   Program crashes on malformed UDP packet.

PHP/ASP/CGI web applications security bugs updated since 24.01.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

04.02.2005 Detailed

6! ngIRCd Internet Relay Chat daemon format string bug   Format string bug in logging feature.   Python SimpleXMLRPCServer.py library unauthorized access   It's possible to access internal objects.   DeskNow Mail and Collaboration Server Directory Traversal   WebMail interface directory traversal.

02.02.2005 Detailed

6! PostgreSQL Database Server privilege escalation   By using LOAD command it's possible to load dynamic library with server process privileges. Buffer overflow on large cursor's arguments number. Protection bypass on functions execution. 6! HP VirtualVault multiple bugs updated since 01.02.2005   TGA Daemon DoS, multiple bugs in proxy and web servers (HP WebProxy, Apache). 6! Multiple bugs in Savant Web Server updated since 11.09.2002   Buffer overflow on long URL, directory traversal, buffer overflows in CGI, etc.

RitLabs TinyWeb Web Server DoS   Invalid NULL character handling in path leads to server crash.

Eternal Lines Web Server DoS   Concurrent connections number is limited and timeout is not implemented.

NewsPost/NewsFetch news reader buffer overflow   Buffer overflow on parsing news server reply.

Squid HTTP cache proxy oversized reply headers DoS

Cisco IP/VC Videoconferencing System default SNMP community unauthorized access   There are hardcoded SNMP communities for device management.

01.02.2005 Detailed

ClamAV antivirus protection bypass   Inline HTML images and ZIP files with special headers are not scanned.