28.02.2007 Detailed

6! Cisco Catalist Network Analysis Module unauthorized SNMP access   It's possible to get full access to device via spoofed SNMP packets. 6! McAfee Virex Virus Scan for Mac OS X symbolic links problem and protection bypass   Weak permissions and symbolic links problem on /Library/Application/Sypport/Virex/VShieldExecute.txt file creation. 6! Multiple browsers OnUnload event handler different vulnerabilities updated since 23.02.2007   Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible.

NetProxy protection bypass   If URL in proxy request is used withouth http:// prefix, URL access restrictions are not applied and access is not logged.

plan9 internal kernel structures overwrite   OTRUNC/pwrite resource allows to overwrite internal kernel structures.

Cisco Catalist MPLS vulnerability

Quicksilver Social Bookmark information leak   User login and pasword are logged to Console.log file.

Computer Associates eTrust IDS DoS   DoS through administrations interface TCP/9191.

Nullsoft Shoutcast Server crossite scripting   Crossite scripting with web administration log.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Norman SandBox Analyzer detection   Malware code can detect sandbox presence and change it's behaviour.

27.02.2007 Detailed

8! Mozilla Firefox cross domain access updated since 15.02.2007   By using location.hostname='evil.com\x00foo.example.com' in javascript it's possible to make request for foo.example.com domain to be sent to evil.com. It makes it possible cross-domain access. Vulnerability can be used for hidden malware installation. 6! Mozilla libnss multiple security vulnerabilities updated since 25.02.2007   Buffer overflows and integer overflows in SSL2 client and server code implementation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Kiwi CatTools TFTO directory traversal updated since 09.02.2007   Built-in TFTP server directory traversal.

26.02.2007 Detailed

6! Debian Linux apache privilege escalation   User can inject shell command into shell from where apache was started by using TIOCSTI ioctl on the ctty socket in CGI script.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Microsoft Windows Explorer DoS updated since 25.02.2007   Application (explorer.exe) crashes on browsing folder with corrupted WMF file (no need to click file itself).

25.02.2007 Detailed

6! Supportsoft ActiveX used in Symantec's products buffer overflow   Stack overrun (stack buffer overflow).   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Multiple browsers inherited charset crossite scripting   If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7 charset.

23.02.2007 Detailed

6! Mac OS X ImageIO integer overflow   Integer overflow on GIF images parsing. 6! Verisign multiple products ActiveX element buffer overflow   Buffer overflow in ConfigChk element. 6! IBM DB2 database multiple security vulnerabilities   Multiple privilege escalations, file creation.

Mercur Messaging 2005 multiple security vulnerabilities   Multiple DoS conditions and buffer overflows.

Distributed Checksum Clearinghouse unauthorized management

Nortel NetDirect client for Linux weak permissions   Weak permissions on temporary folder during installation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

JBoss insecure defaults updated since 22.02.2007   Web console and management instruments are available without authentication.

22.02.2007 Detailed

6! Linux SCSI devices unauthorized access   pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly. 6! Microsoft Windows ReadDirectoryChangesW information leak   ReadDirectoryChangesW() API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files.   FTP Voyager buffer overflow   Stack buffer overflow (stack overrun) on server reply parsing.

Multiple Newsrover / Newsbin / Newsreactor / Grabbit / News Files Grabber security vulnerabilities   Vulnerabilities on different XML-format files parsing.

TurboFTP multiple security vulnerabilities   Multiple heap overflows.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Trend Micro Server Protect unauthorized access   Unauthorized TCP/14942 Web interface access.

Linux NFS/ACL DoS   Memory corruption on nfsacl verison 2 'ACCESS' request parsing.

IBM DB2 database symboli links   Symboli links problem on temporary files creation.

Linux ftpd ls privilege escalation   ls command is executed with effective gid 0.

FTP Explorer DoS   Infinite loop on oversized server response.

21.02.2007 Detailed

7! Cisco IP Phones unauthorized access   It's possible to access web interface without password. There is built-in hardcoded user account with SSH access. 6! TrendMicro OfficeScan ActiveX buffer overflow   Buffer overflow in SetupINICtrl ActiveX. 6! gnomemeeting / ekiga format string vulnerability   Format string vulnerability on certain messages logging.

6! Qwickmail Qwik-smtpd format string vulnerability   Format string vulnerability through HELO and hostname during logging to file.

6! TrendMicro ServerProtect multiple security vulnerabilities updated since 21.02.2007   Few stack overruns (stack-based buffer overflows) in RPC-based services (TCP/5168).

Multiple Simbin games DoS   Empty UDP packet to UDP/48942 or UDP/34297 ports causes all player to be disconnected from server.

Cisco 802.1X Supplicant multiple security vulnerabilities   Multiple privilege escalation vulnerabilities. Password information leak through log files.

gnucash symbolic links vulnerability   Symbolic links problem on temporary files creation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.02.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

20.02.2007 Detailed

7! snort IDS buffer overflow   Buffer overflow on DCE/RPC protocol parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   VMWare guest system weak permissions   Unprivileged user of guest system with VMWare tools installed can perform some privileged operations, such enabling/disabling network interface.

IrfanView DoS   Program hangs on corrupted WMF files open.

19.02.2007 Detailed

VicFTPS FTP server buffer overflow   Buffer overflow in CWD command.   libevent library DoS   Endless loop on DNS reply parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 19.02.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ProFTPD xontrols module buffer overflow   Buffer overflows in controls module.

Apple iTunes DoS   NULL pointer crash on xml parsing.

18.02.2007 Detailed

6! SpamAssassin DoS   Oversized URLs in messages lead to DoS conditions. 6! HP ServiceGuard for Linux unauthorized accesss         IBM AIX buffer overflow

Axigen format string vulnerability   Format string vulnerability on syslog() call.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Linux kernel privilege escalation updated since 11.11.2004   Invalid exception conditions handling leads to multiple reace conditions with privileged memory access.

Oracle authentication downgrade   It's possible for man-in-the-middle to force client and server to use weaker authentication protocol.

16.02.2007 Detailed

6! Microsoft Word 2000 / XP 0-day vulnerability   Vulnerability is used in-the-wild for malware trojan installation.   EasyMail ActiveX buffer overflow   Buffer overflow in IMAP4 object's Connect method.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.02.2007 Detailed

8! ClamAV antivirus directory traversal   MIME part id is used to form local filename without checking for ../. In addition, there is a DoS on CAB files parsing. 6! Multiple PHP vulnerabilities   Multiple buffer overflows, DoS conditions, information leaks, etc. 6! Sun Solaris TCP packets processing race conditions   DoS against system is possible.

6! HP-UX SLSd unauthorized access   It's possible to create any file with attacker-supplied data.

ejabberd roster ODBC module vulnerability

iTinySoft Studio Total Video Player buffer overflow   Buffer overflow on .m3U files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Lizardtech DjVu plugin multiple security vulnerabilities   Multiple buffer overflows in different methods.

Cisco PIX / ASA / FWSM multiple security vulnerabilities   Multiple DoS conditions on HTTP, SIP, TCP traffic parsing.

Comodo firewall protection bypass   CRC32 control checksum is used for files protection making in trivial to bypass it.

PalmOS Treo smartphones protection bypass   Find feature allows access to locked device.

14.02.2007 Detailed

7! Microsoft Internet Explorer multiple security vulnerabilities   Memory corruptions on COM objects instantiation and FTP server response parsing can be used for hidden malware installation. 6! Multiple Microsoft Office vulnerabilities updated since 13.02.2007   Multiple vulnerabilities with different object types handling.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple Cisco IOS IPS security vulnerabilities   Protection bypass with fragmented IP packets. DoS if regular expressions are used.

Microsoft Step-by-Step Interactive Training buffer overflow updated since 13.02.2007   Buffer overflow on bokmarks files handling (.cbl, .cbm, .cbo).

Microsoft Excel DoS   NULL pointer dereference on corrupted XML/XLS files.

13.02.2007 Detailed

8! Microsoft Malware Protection integer overflow   Integer overflow on PDF files parsing. 7! Microsoft Windows RiñhEdit control memory corruption   Memory corruption in RF-enbedded OLE object can be used for hidden malware installation. 7! Microsoft Windows OLE dialog memory corruption   Memory corruption on RTF-embedded OLE object. Can be used for hideen malware installation.

7! Microsoft Windows HTML Help ActiveX code execution   It's possible to access unsafe functions from web page. Vulnerability can be used for hidden malware installation.

6! Microsoft Windows Image Acquisition Service buffer overflow

6! Microsoft Windows Shell Hardware Detection privilege escalation   Parameter of function executed during hardware detection is not validated.

Tiny FTPd buffer overflow   Buffer overflow in User command

MIMEDefung buffer overflow

Aruba Mobility Controller multiple security vulnerabilities   Unauthorized access to management interface thorugh wireless network. Buffer overflow

PHP str_ireplace DoS   $Data = str_ireplace("\n", "<br>", $Data); can cause PHP engine to crash Because of off-by-one overflow.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Visual Studio 64-bit time functions DoS   Invalid use of assert()-style macro causes application termination for time_t values behind _MAX__TIME64_T (January, 1 3000).

Miniwebsvr web server directory traversal   It's possible to retrieve parent directory listing with /..%00 request.

12.02.2007 Detailed

6! µTorrent buffer overflow   Buffer overflow on .torrent file announce section parsing.   Microsoft Internet Explorer / Mozilla Firefox user input hijacking   It's possible to hijack input focus by using OnKeyDown / OnKeyPress events.   IP3 NetAccess directory traversal   Directory traversal in Web administration interface.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.02.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Trend Micro Antivirus multiple security vulnerabilities updated since 08.02.2007   Buffer overflow on UPX-packed executables parsing. Privilege escalation through \\.\TmComm DOS-device.   ImageMagick buffer overflow updated since 15.08.2006   SGI, PALM, DCM graphics format parsing buffer overflows.

Windows Mobile Internet Explorer DoS   Vulnerability during WML parsing. Hard reset is required to resume operations.

09.02.2007 Detailed

6! SAP Web Application Server multiple security vulnerabilities   Directory traversal, local privilege escalation, DoS. 6! HP Mercury LoadRunner Agent buffer overflow   magentproc.exe (TCP/54345) stack buffer overrun on oversized server_ip_name paramter.   HP OpenView Storage Data Protector privilege escalation

08.02.2007 Detailed

pam_ssh allow_blank_passphrase protection bypass   The allow_blank_passphrase option was defeatable by entering a random but non-blank passphrase.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Axigen Mail Server DoS   Off-by-one overflow in POP3 CRAM-MD5 authentication, NULL pointer dereference in IMAP APPEND command.

3proxy user account locking   It's possible to lock user's account if user's password is stored as NT-hash via HTTP proxy. Service restart or configuration reload is required to restore account in working state. In addition, Basic authentication is offered as first authentication protocol, it can lead to shoosing weak (cleartext) authentication protocol even if stronger one (NTLM) supported. Vulnerability is fixed in 0.5.3 version.

WinRAR / unrar buffer overflow   Buffer overflow on password protected archives parsing.

07.02.2007 Detailed

6! Linux kernel keyctl DoS   Race condition during unique key generation cause NULL pointer dereference on multiprocessor box.   SGI propack information leak   Content of last session's frame buffer is shown after reboot.   HP Network Node Manager remote console weak files permissions   Weak permissions for C:\Program Files\HP OpenView allows executable files and system service file spoofing.

FreeProxy DoS   Request to it's own address and port causes proxy to hang.

Alibaba Alipay ActiveX memory corruption   Memory free() by controlled address in Remove() function.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 07.02.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

06.02.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   OSF/1 ps information leak   ps show environment variables for all processes.   Firefox / Opera phishing protection bypass   It's possible to bypass phishing protection by adding "." character to hostname or additional "/" after hostname.

05.02.2007 Detailed

6! WinProxy buffer overflow   Buffer overflow on parsing HTTP CONNECT proxy request. 6! PostgreSQL multiple security vulnerabilities   Server internal memory regions reading because of invalid datatype handling in SQL functions and with ALTER COLUMN TYPE during request execution. 6! Samba file server multiple security vulnerabilities updated since 05.02.2007   Solaris nss_winbind.so.1 gethostbyname() and nss_winbind.so.1 functions buffer overflow. Remote DoS in smbd with infinite loop. Format string vulnerability in VFS afsacl.so plugin.

ColdFusion crossite scripting   User-Agent field from HTTP request is used unfiltered in error message text. It's possible to manipulate client's User-Agent field through Flash.

Jetty web server weak pseudo-random number generator   Weak PRNG generator is used for session cookie making it's possible to spoof the session id.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Mozilla Firefox weak PRNG generator   Weak PRNG generator is used to generate temporary files names for XMLHttpRequest. It may be used to access content of local files by creating temporary HTML file with predictable name.

Multiple VMWare clipboard problem   Content removed from clepboard may reapper during switching between host and guest systems.

04.02.2007 Detailed

6! Microsoft Windows XMLHTTP proxy problem   Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser.   WebRoot SpySweeper protection bypass   Content is blocked only by filename. Multiple archive formats are not supported.   CheckPoint FireWall-1 information leak   It's possible to retrieve certificate revocation least from internal CA (port TCP/18246).

X-Kryptor Secure Client privilege escalation   Privilege esclation thorugh device driver.

Multiple RSS applications crosssite scripting   It's possible to embed scripts in RSS content.

Smb4K multiple privilege escalations   Multiple vulnerabilities lead to privilege escalations.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Gom Player buffer overflow   Buffer oveflow on oversized ref href URI in ASX file.

03.02.2007 Detailed

7! Microsoft Excel 0-day vulnerability   Unknown vulnerability is used for hidden malware installation. 7! Microsoft Word 0-day vulnerabilities updated since 31.01.2007   Few unknown vulnerabilities are ussed for hidden malware installation.   Ingate Firewall / SIParator weak authentication   Authentication mechanism is vulnerable to replay attacks.

Dazuke antivirus module DoS   Multiple memory leaks create DoS conditions.

Sun Solaris Loopback Filesystem protection bypass   Users can rename and delete files in read-only file system.

IBM   Buffer overflow in bos.rte.libc library.

Microsoft Internet Explorer and Pictures and Videos for Windows Mobile buffer overflow   Buffer overflow on JPEG files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Nexuiz game unauthorized access   gamedir command allows file system access.

Apple WebKit library ROWSPAN DoS   NULL pointer dereference on large rowspan number in HTTP parsing code.

mpg123 audio player DoS   Ebdless loop in HTTP client code if HTTP server closes connection before file ctransferred completely.

Microsoft Internet Explorer multiple ActiveX different paramters DoS   NULL pointer dereference.

makeindex buffer overflows   Buffer overflow on oversized filename.

02.02.2007 Detailed

6! BEA WebLogic / AquaLogic multiple security vulnerabilities       6! Hitachi products multiple security vulnerabilities         Intel Enterprise Southbridge 2 Baseboard Management Controller unauthorized access   It's possible to connect to server mothreboard control module and execute IPMI command without authentication.

rPath Linux rMake multiple security vulneraiblities

Mini Web Server multiple buffer overflows

Multiple Symantec Web Security vulnerabilities   CPU exhaustion on large file submission. Crossite scripting.

Multiple Linux kernel vulnerabilities   Multiple DoS conditions in syscalls processing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

NoMachine NX Server privilege escalation   nxconfigure.sh doesn't check invoking user, allowing configuration file modification.

01.02.2007 Detailed

9! Multiple Orcale security vulnerabilities.... again... updated since 18.01.2007   Released security update fixes 17 security vulnerabilities for Oracle Database, 9 vulnerabilities in Oracle HTTP Server, 12 security vulnerabilities for Oracle Application Server, 7 vulnerabilities for Oracle E-Business Suite, 6 security bugs in Oracle Enterprise Manager, 3 bugs in Oracle PeopleSoft Enterprise PeopleTools. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment. 7! Apple multiple applications format string vulnerabilities   Format string vulnerabilities in multiple client applications. 7! Multiple Microsoft Excel buffer oveflows updated since 09.01.2007   Heap buffer overflow on oversized value of BIFF8 type column. Heap buffer overflow on oversized palette value for BIFF8 type column.

6! IBM AIX POP3 and IMAP daemons authentication problem

6! Cisco IP telephony routers DoS   SIP packet (UDP/5060) to device with vois over IP support, but not configured for SIP causes device to crash.

inotify weak permissions