29.02.2008 Detailed

6! Trend Micro OfficeScan multiple security vulnerabilities   Buffer overflow and DoS conditions.   Beehive/SendFile.NET - Secure File Transfer Appliance hardcoded credentials   There is hardcoded FTP account sfoutbox/sfoutbox.   Apple Mac OS X Loginwindow.app information leakage   Username and password can be found in process memory.

am-utils unauthorized access

lighthttpd DoS   DoS on large number of connections.

VideoLAN VLC media player memory corruption   Memory corruption on .MOV MP4 files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

dbus-daemon protection bypass   User can bypass security access policy for some methods.

Canon Multi Function Devices FTP bounce attack   Device can be used for network attacks bouncing.

27.02.2008 Detailed

8! Mozilla Thunderbird buffer overflow   Buffer overflow on external-body MIME type parsing. 6! Symantec antiviral engine API multiple security vulnerabilities   Multiple DoS conditions and buffer overflow on RAR archives parsing.   Cups multiple security vulnerabilities   Code execution on URI handling, multiple DoS conditions.

Nortel IP Phone DoS   Large fragmented ICMP packet causes device to crash.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Mozilla Firefox / Opera information leak updated since 16.02.2008   Error on BMP files displaying allows to read content of heap memory.

Ghostscript buffer overflow

SurgeFTP FTP server DoS   Administration web interface Content-Length memory consumption.

26.02.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   BEA WebLogic Server account locking bypass   It's possible to bruteforce username/password of locked account.

24.02.2008 Detailed

6! Double-Take / HP StorageWorks Storage Mirroring disaster recovery software multiple security vulnerabilities   Multiple DoS conditions and information leakage.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Scuttle: multiple XSS.

23.02.2008 Detailed

Mozilla Firefox information leak updated since 23.02.2007   It's possible for script to check if given web page was visited by user.

22.02.2008 Detailed

6! ZyXel Prestige routers multiple security vulnerabilities   Crossite scripting, crossite request spoofing, privilege escalation, unauthorized SNMP access, information leak.   splitvt privilege escalation   Group privileges are not dropped on external application execution.   Sybase MobiLink buffer overflows   Multiple buffer overflows during authentication.

EMC Replistor multiple security vulnerabilities   Multiple security vulnerabilities on TCP/7144 and TCP/7145 traffic parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.

20.02.2008 Detailed

6! NowSMS SMS/MMS gateway multiple security vulnerabilities   Buffer overflows on authentication and on SMPP packets parsing.   webcamXP information leak   Memory content leakage.   Foxit Remote Access Server (WAC Server) multiple security vulnerabilities   Buffer overflow with telnet options, buffer overflow on oversized SSH packet.

FreeSSHd DoS   NULL pointer dereference on SSH2_MSG_NEWKEYS message.

Lyris list manager multiple security vulnerabilities   Privilege escalation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.

19.02.2008 Detailed

Apple iPhoto DPAP server DoS   Malformed request causes server to crash.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.

18.02.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 18.02.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.

16.02.2008 Detailed

7! FreeBSD IPSec DoS   NULL pointer dereference on IPSec packet parsing. 6! Cisco Unified IP Phones multiple SIP security vulnerabilities   Buffer overflows, DoS. 6! Cisco Unified Communications Manager / Cisco CallManager SQL injection   Multiple SQL injections in user and admin pages.

OpenDAL DoS

Mailman crossite scripting

Sami FTP Server multiple security vulnerabilities   Multiple DoS conditions and buffer overflows.

UniversalFtp Server multiple security vulnerabilities   Buffer overflows and DoS conditions.

IP Diva VPN SSL multiple security vulnerabilities   Unlimited number of passwords attempts, CSS.

FreeBSD sendfile() privilege escalation   Syscall allows read access to write-only files.

Mplayer / Xine multiple security vulnerabilities updated since 05.02.2008   Buffer overflow on FLAC data parsing, uninitilized pointer dereference on MOV parsing.

SOPHOS Email Security Appliance crossite scripting   Administration interface crossite scripting.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.02.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ultraseek: Cross-Site Scripting, Directory Traversal и Local File Inclusion уязвимостях, Verity Ultraseek

13.02.2008 Detailed

8! Microsoft Internet Explorer multiple security vulnerabilities updated since 12.02.2008   Multiple memory corruptions. 7! Apple QuickTime ActiveX buffer overflow   Multiple buffer overflows in different methods and properties. 7! Apple Mac OS X multiple security vulnerabilities   Service Location Protocol buffer overflow, Safari code execution, Time Machine code execution, Mail file:// URI code execution, Parental Control information leakage, Terminal URI code execution,Open Directory weak authentication, NFS client and server DoS.

6! Adobe Flash Media Server multiple security vulnerabilities   Integer overflows and memory corruptions on parsing TCP/1935 and TCP/19350 RTMP messages.

6! ClamAV antivirus integer overflow   Integer overflow on PE files parsing.

6! Microsoft Office memory corruption   Memory corruption on malformed embedded objects.

6! Microsoft Publisher multiple security vulnerabilities   Uninitialized memory reference and DoS conditions on .pub files processing.

6! Microsoft Works / Microsoft Office multiple security vulnerabilities   Multiple buffer overflows and integer overflows on .wps files parsing.

Fortinet Forticlient privilege escalation

Gnumeric buffer overflow   Buffer overflow on .XLS files parsing.

Intermate WinIPDS multiple security vulnerabilities   DoS, directory traversal.

Brooksnet Remote Print Manager buffer overflow   Buffer overflow on oversized filename.

Novell Netware Client buffer overflow   NWSPOOL.DLL EnumPrinters buffer overflow.

HP Mercury SiteScope multiple security vulnerabilities

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 13.02.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.02.2008 Detailed

8! Adobe Acrobat / Reader multiple security vulnerabilities updated since 10.02.2008   Multiple buffer overflows and integer overflows, unsafe methods, unsafe dynamic library loading. 7! Microsoft Windows OLE buffer overflow   Heap buffer overflow 7! Microsoft Windows Web Client service buffer overflow   Buffer overflow on WebDAV server response parsing.

7! Linux kernel multiple security vulnerabilities updated since 11.02.2008   Kernel memory access with vmsplice syscall, access between virtual machines with /proc

6! Microsoft Word memory corruption   Memory corruption on .doc file parsing.

6! Microsoft Internet Information Services privilege escalation   Privilege escalation through file change notification. ASP files processing privilege escalation.

6! Microsoft Windows Active Directory DoS   Crash on LDAP request handling.

6! Apache mod_jk2 multiple security vulnerabilities   Multiple buffer overflows, including oversized Host: header.

Larson Software Technology Network Print Server multiple security vulnerabilities   Format string vulnerability and buffer overflow.

Cyansoftware Opium OPI Server / cyanPrintIP multiple security vulnerabilities   Format string vulnerability, DoS conditions.

Grouplogic EztremeZ-IP file and print server multiple security vulnerabilities   DoS conditions, directory traversal.

WML symbolic links vulnerability   Symbolic links problem on temporary files creation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting, information leakage.

Microsoft Windows Vista DoS   Crash on DHCP server response parsing.

11.02.2008 Detailed

9! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities updated since 10.02.2008   Multiple memory corruptions, input focus stealing, code execution, stored information corruption, directory traversal, information leaks, dialog spoffing.

10.02.2008 Detailed

6! Tk library buffer overflow   Buffer overflow in ReamImage function on GIF parsing.   IBM DB2 database server multiple security vulnerabilities   TCP/523 remote administration service memory corruption. Dynamic livrary loading by relative path.   jetAudio buffer overflow   Buffer overflow on oversized ASX file URI.

Sony Imagestation ActiveX buffer overflow   Buffer overflow in SetLogging method.

Ipswitch Instant Messaging multiple security vulnerabilities   Format string vulnerability, multiple DoS conditions.

CheckPoint SecuRemote / Secure Client weak permissions   Cached logon credentials are stored in registry key accessed by everyone group.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS SiteEdit: crossite scripting.

Apache Tomcat multiple security vulnerabilities updated since 21.01.2008   Crossite scripting, information disclosure.

IEA multiple network applications DoS   Integrated web administration server multiple security vulnerabilities.

Netpbm buffer overflow   giftopnm utility GIF parsing buffer overflow.

07.02.2008 Detailed

7! Symantec Backup Exec System Recovery Manager unauthorized access   It's possible to upload files with TCP/8080 Web server. 6! IPSwitch WS_FTP Server Manager / Whats Up unauthorized access   It's possible to access script files with localhostnull account without password. Scripts source code leak.   TinTin++ MUD client multiple security vulnerabilities

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP OpenView Network Node Manager DoS updated since 06.02.2008   DoS against Topology Manager Service (TCP/2532)

HP Select Identity unauthorized access updated since 15.10.2007

06.02.2008 Detailed

6! dBpowerAMP Audio Player buffer overflow   Buffer overflow on m3u files parsing. 6! HP Virtual Rooms unauthorized access   Unauthorized access is possible via ActiveX component under Windows. 6! HP Storage Essentials SRM unauthorized access

6! Nero Media Player buffer overflow   Buffer overflow on M3U files parsing.

Yahoo JukeBox ActiveX buffer overflow   Buffer overflow in AddBitmap() method.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

IBM Informix Dynamic Server multiple security vulnerabilities   SQLIDEBUG and onedcu operators allow to access arbitrary files.

WinCom LPD Server multiple security vulnerabilities   LPD buffer overflow with oversized filename, unauthorized web admin interface access, buffer and integer overflows.

SAPlpd LPD server multiple security vulnerabilities   Multiple buffer overflows and DoS conditions on lpd commands.

IPSwitch FTP Log Server DoS   Few large packets to UDP/5151 port cause server to stop normal operations.

Weak initial sequence number generation updated since 03.05.2001   Weak initial sequence number generation allows to spoof TCP connection.

05.02.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Anon Proxy Server buffer overflow   Buffer overflow on oversized username with double quote characters.

03.02.2008 Detailed

6! IpSwitch WS_FTP Server SFTP server buffer overflow   Buffer overflow on oversized CWD.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Titan FTP Server buffer overflow updated since 01.09.2004   Buffer overflow on oversized commands.

01.02.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.