27.02.2009 Detailed

POP Peeper mail notifier buffer overflow   Buffer overflow UIDL server reply parsing.

26.02.2009 Detailed

7! Cisco ACE multiple security vulneraiblities   Privilege escalation, default accounts, DoS. 7! Cisco Unified MeetingPlace Web Conferencing multiple security vulnerabilities   Authentication bypass, crossite scripting. 6! BitDefender crossaplication scripting   Filename is displayed without filtering during scanning.

6! Apache Tomcat information leak   Under some conditions it's possible to retrieve data from previous POST request.

Shoutcast server buffer overflow   Buffer overflow in DNAS Relay service on master server reply parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Orbit Downloader buffer overflow   Buffer overflow on oversized URL.

HP Virtual Rooms ActiveX code execution

Huawei HSDPA routers SMS crossite scripting   SMS text is shown unfiltered.

OpenSG / EasyHDR Pro / ksquirrel-libs buffer overflow updated since 20.01.2009   Buffer overflow on Radiance RGBE (*.hdr) images parsing.

25.02.2009 Detailed

9! Adobe Flash Player code execution   Invalid processing of virtual functions. 6! libpng multiple security vulnerabilities   Few vulnerabilities potentially allow code execution on PNG parsing.   PyCrypto python module DoS   DoS on ARC2 key processing

23.02.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Drupal: Crossite scripting. E107: crossite scripting.

21.02.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 20.02.2009   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Drupal: Crossite scripting

18.02.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: HTTP response splitting, SQL injection, directory traversal.   fglrx code execution   Usafe shared libraries search path.

17.02.2009 Detailed

9! FreeBSD telnetd privilege escalation updated since 16.02.2009   LD_xxx environment variable are not cleared on 'login' execution, makeing it's possible to execute code witi root privileges. For remote exploitation it's required to have ability to upload the file to remote system (via FTP, Web, etc).   Enomaly ECP / Enomalism symbolic links vulnerability updated since 01.02.2009   Insecure temporary files creation.

16.02.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   cryptsetup functionality problem   It's impossible to delete keyslot while using key from same keyslot.

12.02.2009 Detailed

7! ProFTPd SQL injection   SQL injections in database modules.   Swann DVR4 video monitoring digital video recorder information leakage   Unauthenticated access to configuration files is possible.   Nokia Phoenix Service Software ActiveX buffer overflow   SelectDevice method buffer overflow

Geovision Digital Video Surveillance System directory traversal

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 12.02.2009   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

pam_kerberos multiple security vulnerabilities   Privilege escalation, DoS.

Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS updated since 30.09.2008   Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval.

Mozilla DoS   Server reply with 206 code causes application to hang.

11.02.2009 Detailed

8! Microsoft Exchange multiple security vulnerabilities   Memory corruption on TNEF (Exchange format) messages parsing, DoS. 6! Microsoft Internet Explorer multiple security vulnerabilities   Few memory corruptions.   Microsoft Visio multiple security vulnerabilities   Multiple memory corruptions.

Microsoft SQL Server memory corruption   sp_replwritetovarbin stored procedure memory overwrite.

10.02.2009 Detailed

7! OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities updated since 09.01.2009   Multiple vulnerabilities in SSL/TLS DSA/ECDSA certificate chain validations. 6! Trend Micro InterScan Web Security Appliance / Trend Micro InterScan Web Security Suite information leak   Proxy-Authorization header is not removed from client request, leaking proxy username/password.   Netgear SSL312 VPN router DoS   DoS thorugh Web interface.

ZeroShell unauthorized access   Command executionthorugh web interface.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

OpenCore / Android memory corruption   Memory corruption on MP3 parsing.

3COM OfficeConnect routers unauthroized access   Authentication bypass for web pages with sensitive information and device configuration.

Nokia N95 / Nokia E90 DoS   Device crashes on malformed JPEG parsing.

07.02.2009 Detailed

6! RealPlayer multiple security vulnerabilities updated since 07.02.2009   Multiple vulnerabilities on IVR format parsing. 6! HP OpenView Network Node Manager code execution   Information leakage, command injection. 6! HP OpenView Network Node Manager multiple security vulnerabilities updated since 10.01.2009   Multiple vulnerabilities in CGI interface.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP-UX DoS   DoS against NFS.

HP multiple printers unauthorized access

05.02.2009 Detailed

8! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Memory corruption, crossite scripting, local files access, HTTP-only cookie leakage, caching for no-cache files. 7! UltraVNC / TightVnc multiple integer overflows       7! HP-UX IPv6 multiple security vulnerabilities   Unauthorized access, Denial of Service.

7! Novell Netware GWIA buffer overflow   Off-by-one on oversized SMTP RCPT TO: command.

7! Mozilla / Firefox / Firebird / Netscape array overflow updated since 31.05.2006   Array ovrflow on high marquee tag recursion level.

6! AREVA T&D e-terrahabitat multiple security vulnerabilities

6! QiP DoS   Crash on RTF message parsing.

6! Cisco Wireless LAN Controller multiple security vulnerabilities   Multiple DoS conditions, privilege escalation.

6! NaviCopa HTTP Server buffer overflow updated since 28.03.2007   Stack buffer overflow (stack overrun) on oversized request to cgi-bin directory. Script content leak with "." added to path.

FeedDemon buffer overflow   Buffer overflow on OPML files parsing.

Nokia Multimedia Player buffer overflow   Heap buffer overflow on .pls parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco IOS crossite scripting updated since 16.01.2009   Crossite scripting in different scripts.

LCPlayer buffer overflow   Buffer overflow on .qt files parsing.

Euphonics Audio Player buffer overflow   Buffer overflow on .pls files parsing.

04.02.2009 Detailed

6! Squid cache proxy server DoS   Denial of Service on invalid HTTP protocol version.

02.02.2009 Detailed

6! Free Download Manager multiple security vulnerability   Buffer overflow in remote control HTTP server, buffer overflow on torrent stream parsing.   Multiple Kaspersky Lab applications privilege escalation   Access to kernel memory regions from usermode on IOCTL processing.

01.02.2009 Detailed

6! sudo privilege escalation updated since 01.02.2009   It's possible to elevate privileges to root even if configured to run under different account.   HP Select Access crossite scripting         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 28.01.2009   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-Upload Manager 1.0: SQL injection, crossite scripting.

netatalk shell characters vulnerabilities updated since 18.01.2009   Shell characters vulnerability on PostScript print jobs processing.

EleCard MPEG PLAYER buffer overflow   Buffer overflow on .m3u playlists parsing.

MediaMonkey buffer overflow   Buffer overflow on .m3u files parsing.