28.02.2006 Detailed

6! Multiple ArGoSoft Mail Server Pro security vulnerabilities updated since 24.02.2006   Information leak with POP3 _DUMP command, directory traversal with IMAP RENAME command, directory traversal and crossite scripting with Web interface.   Microsoft Internet Explorer IsComponentInstalled buffer overflow   Problem is fixed in Windows 2000 SP4 / Windows XP SP1.   Sun Solaris GSFS file system privilege escalation

Thomson SpeedTouch ADSL modems crossite scripting

Mail Transport System Professional open mail relay   Mail relayed without IP address verification if smart host (ISP relay) is configured.

NuFW transparent firewall DoS updated since 29.11.2005   Service crash on packet parsing, hangs on TLS traffic flood.

27.02.2006 Detailed

Compex Wiriless Access Points DoS   DoS on UConfig agent packet parsing (UDP/7778).

26.02.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   ArgoSoft FTP Server buffer overflow updated since 09.03.2005   DELE FTP command heap buffer overflow.

25.02.2006 Detailed

7! WinAmp player buffer overflow updated since 30.01.2006   Buffer overflow on oversized computer name in UNC path of .pls on .m3u file entry. Buffer overflow on oversized WMA playlist file entry. Vulnerability can be exploited for hidden trojan installation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   SCO Unixware ptrace privilege escalation updated since 22.02.2006   ptrace can be attached to suid application.

24.02.2006 Detailed

6! Perl Crypt::CBC module weak cryptography   Invalid Initialization vector generation algorithm for block cyphers with blocks different from 8 bytes (Rijndael). 6! Adobe Macromedia Shockwave ActiveX element buffer overflow   Buffer overflow in ActiveX element. 6! The Bat mail agent buffer overflow   Buffer overflow on oversied Subject field.

6! Metamail mail processor buffer overflow   Buffer overflow on message parsing.

MUTE file sharing peering networks server spoofing   By spoofing mWebCache it's possible to make client to connect to specified IP address.

POPFile mail classification tool DoS   Service crash on e-mail headers parsing.

WinAce archiver ARJ archives buffer overflow   Buffer overflow on oversized ARJ header.

Visnetic AntiVirus Plug-in for MailServer privilege escalation   External application choosen by user is invoked with Local System privileges.

Mozilla Thunderbird code execution   IFRAME SRC attribute allows javascript execution.

IPSwitch WhatsUp network managment application DoS   Malformed requests to Web interface lead to CPU exhaustion.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

22.02.2006 Detailed

8! Multiple Microsoft Windows Media Player vulnerabilities updated since 15.02.2006   Buffer overflow on BMP files playing. Buffer overflow on oversized SRC for HTML page with EMBED'ded WMP. May be used for client machine trojaning. 6! Novell Common Authentication Service Adapter buffer overflow   pam_micasa pre-authentication buffer overflow. 6! MacOS X ZIP archives code execution   It's possible to set files associations with __MACOSX folder.

Hauri Virobot antivirus privilege esalation   Local user can obtain unrestricted access with suid CGI executable.

Tar tape archiver buffer overflow   Buffer overflow on extended PAX headers parsing.

TrueNorth IA eMailserver IMAP server buffer overflow   Buffer overflow in oversized SEARCH command.

Multiple Bugzilla bug tracking system security vulnerabilities   SQL injection cross site scripting.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

PnuPG gpgv / gpg invalid return code updated since 16.02.2006   Utility returns 0 status code if no signature found.

21.02.2006 Detailed

Safe'n'Sec host intrusion prevention system privilege escalation   Unsafe CreateProcess() call allows to spoof application.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

20.02.2006 Detailed

tin news reader buffer overflow   Off-by-one buffer overflow.   Multiple Fedora Directory Server security vulnerabilities   Administration password is exposed through HTML page, DoS with LDAP.   EmuLinker NetPlay emulation DoS   Crash on malformed packet.

Multiple Xerox WorkCentre vulnerabilities   Unauthorized access, DoS, crossite scripting, protection bypass.

NJStar text processor buffer overflow   Buffer overflow on oversized font name.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.02.2006 Detailed

6! Mozilla Thunderbird buffer overflow   Buffer overflow on oversized LDIF file entry.   Macallan Mail Solution directory traversal   Directory traversal in IMAP server.   libapreq library DoS   Incorrect functions "apreq_parse_headers()" and "apreq_parse_urlencoded()" implementation.

Multiple PatchLink Update Server patch management solution vulnerabilities updated since 18.02.2006

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

snort IDS intrusion detection bypass   Invalid IP packets reassembly allows signatures bypass.

17.02.2006 Detailed

Blue Coat ProxyAV buffer overflow   Oversized Host: header buffer overflow.   PunkBuster anti-cheat server format string vulnerability   Format string bug with "reason" parameter if used with Soldier of Fortune II game.   D-Link DWL-G700AP wireless access point DoS   Device crashes on HTTP "GET \n\n" request via web interface.

BomberClone BomberMan clon game buffer overflow   Buffer overflow on oversized error message.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.02.2006 Detailed

6! SSH SFTP client / server format string vulnerability   Format string bug on filename logging. 6! PostgreSQL privilege escalation   With SET ROLE or SET SESSION AUTHORIZATION it's possible to elevate privileges to any database acccount, including superuser or cause database engine crash.   Sun Solaris in.rexecd privilege escalation

Kadu instant messaging client DoS   Large number of image send requests causes client to crash and server not to accept any messages from this client.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple SAP Business Connector B2B software vulnerabilities   Directory traversal, content spoofing.

Cisco Guard / Cisco Traffic Anomaly Detector authentication bypass   Users can access device without authentication if TACACS+ is used to authenticate users and no tacacs-server host configured.

Microsoft Windows Korean IME privilege escalation updated since 15.02.2006   Help subsystem is executed with LocalSystem privileges.

Multiple bluetooth devices and applications DoS (Sony Ericsson, Nokia, etc) updated since 07.02.2006   Multiple vulnerabilities discovered with Bluetooth Stack Smasher utility.

Multiple Stalker Communigate Pro / IBM Lotus Domino / Sun directory server / IBM Tivoli vulnerabilities updated since 28.01.2006   Multiple LDAP server vulnerabilities.

honeyd honeypot detection   Invalid IP packet reassembly allows system identification.

ICQ filename spoofing   A part of filename may be spoofed if file is sent as a part of directory.

15.02.2006 Detailed

6! Microsoft Windows WebClient service buffer overflow   Buffer overflow on RPC based service allows code execution with LocalSystem privileges. 6! Internet Explorer for Windows 2000 WMF files memory corruption   Memory corruption on Windows MetaFiles parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Power Point Temporary Internet Files folder access   Script within HTML can access Temporary Internet Files folder directly.

14.02.2006 Detailed

6! eStara Softphone SIP VoIP phone buffer overflow updated since 12.01.2006   Buffer overflow on oversized SIP packet attribute field. Integer overflows and format string bugs.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Microsoft Internet Explorer Drag-and-Drop code execution updated since 13.02.2006   By spoofing target window in race period it's possible to install malware in special folder. Vulnerability may be exploited for trojaning user's machine, but requires interaction.

Microsoft HTML Help Workshop buffer overflow updated since 06.02.2006   Buffer overflow on .hhp files parsing.

13.02.2006 Detailed

6! D-Link / US Robotics multiple wireless access points DoS   Fragmented sequential UDP packets causes device to reboot.   Multiple pam_mysql security vulnerabilities   DoS and double free() bug.   HP Systems Insight Manager directory traversal   Multiple vulnerabilities allow to obtain any file from server.

FortiGate application level firewall protection bypass   URL filtering may be bypassed. FTP traffic is not virus checked.

BlackBerry Enterprise Server buffer overflow   Buffer overflow on corrupted MS Word attachments.

SUSE Linux privilege escalation   Multiple packages are erroneously compiled in a way dynamic libraries are loaded from current directory.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple Hitachi Business Logic vulnerabilities updated since 27.12.2005   SQL injection, crossite scripting, etc.

noweb symbolic links problem updated since 21.06.2003   Symbolic links problem on temporary files creation.

11.02.2006 Detailed

6! Lotus Notes multiple vulnerabilities updated since 10.02.2006   Multiple buffer overflows and directory traversal on handling differnt archives: zip, uue, tar and HTML attachments.

10.02.2006 Detailed

Lotus Domino iNotes client crossite scripting   Crossite scripting on attached HTML files opening.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.02.2006 Detailed

Adzapper advertisement zapper Squid plugin DoS   It's possible to create DoS conditions with hugh CPU consumption.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

08.02.2006 Detailed

8! Multiple Mozilla / Firefox / Thinderbird vulnerabilities updated since 03.02.2006   Javascript code execution, heap memory corruption with styles, memory corruption with QueryInterface, code execution with XULDocument.persist(), multiple integer overflows, information leak from nsExpatDriver::ParseBuffer(). Silen trojan code installation is potentially possible. 7! Sun Java sandbox protection bypass   It's possible to bypass sandbox with "reflection" API. This vulnerability can be used for silent trojan installation. 6! Linux kernel ICMP DoS   record-route or timestamp IP options handling vulnerability.

6! Multiple QNX Neutrino real-time OS vulnerabilities   libph buffer overflow. phfont race conditions. phgrafx buffer overflow. su buffer overflow. Local DoS. rc.local is world writable. passwd buffer overflow. crttrap relative libraries path. fontsleuth format string bug. libAp buffer overflow.

6! Multiple Lexmark printers software security vulnerabilities   Remote unauthorized access and local privilege escalation with different printer software components.

6! Counter Strike (Half Life) game servers DoS   Incomplete client request leads to endless loop.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

crypt_blowfish cryptographic problem   Salt generation algorithm has high probability of salt duplication.

07.02.2006 Detailed

Peoplesoft People Tools PSCipher() function weak encryption   Weak DES block cypher without feedback is used.   Heimdal rshd privilege escalation         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Borland C BCB6 compiler / tiny c compiler Invalid sizeof() calculation updated since 06.02.2006   Invalid sizeof() calculation for integer during 64-bit code compilation leads to different problems.

06.02.2006 Detailed

The Bat! mail agent headers spoofing   message/partial format alows to spoof message headers completely, making it impossible to track sender by Received or Message-ID headers.

05.02.2006 Detailed

6! Microsoft Internet Explorer 7 beta version buffer overflow   urlmon.dll <bgsound> tag oversized SRC filename paramter buffer overflow.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

04.02.2006 Detailed

IBM Tivoli Access Manager directory traversal   Web server plugin directory traversal.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.02.2006 Detailed

6! Symantec Sygate Secure SQL injection   SQL injection in administration console.   Multiple Adobe applications weak file permissions         Powersave privilege escalation

IronMail Synflood DoS

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

eXchangepop3 POP3 gateway for Microsoft Eschange buffer overflow   RCPT TO: command stack overflow.

NetBSD kernfs kernel memory information leak updated since 10.01.2006   It's possible to lseek behind file boundary to read arbitrary memory.

02.02.2006 Detailed

7! Multiple Computer Associates (CA) products vulnerabilities updated since 19.01.2006   DM Primer and CA Unicenter buffer overflows, multiple DM Deployment DoS conditions. iGateway buffer overflow. CA Message Queuing DoS conditions. 6! FreeBSD TCP selective acknowledgment DoS   Bug in TCP SACK (Selective Acknowledgment) implementation leads to infinit root inside kernel. 6! Using timing attacks to bypass intrusion detection   It's possible to use difference in timing, for example packet reasembly timeouts, of target system and IDS to bypass detection. As workaround, timing parameters of IDS should be configured to match timing parameters of protected system.

01.02.2006 Detailed

7! Multiple PDF parsing library security vulnerabilities updated since 22.10.2004   Multiple vulnerabilities including heap corruption, buffer overflows. 6! libpng PNG processing library buffer overflow   Alpha-channels processing buffer overflow in png_set_strip_alpha().   Blue Coat ProxySG proxy server protection bypass   It's possible to bypass target port limitations with HTTP CONNECT method.

fcron convert-fcrontab buffer overflow   Heap based buffer overflow on oversized command line.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.