25.02.2010 Detailed

8! Novell NetStorage buffer overflow   Heap buffer overflow on file request processing. 8! Symantec multiple antiviral applications buffer overflow   Buffer overflow on content parsing. Buffer overflow in ActiveX. 8! Adobe multiple server application information leak   It's possible to access loca files by AMFX request with XML External Entities.

8! Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities updated since 19.02.2010   Multiple memory corruptions, use-after-free, crossite scripting.

6! EMC HomeBase Server directory traversal   Directory traversal via SSL services.

Kojoney DoS   Insufficient URL filtering in curl and wget emulation allows access to local files and devices, causing memory exhaustion.

Easy FTP Server buffer overflow   Buffer overflow on oversized CWD command.

Avast! antiviral applications memory corruption   Memory corruption on IOCTL processing in aavmker4.sys.

CA eHealth Performance Manager crossite scripting

Xerox WorkCentre printers backdoor   Multiple administration pages are available without authentication.

Linux kernel privilege escalation   Privilege escalation with wake_futex_pi function.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

squid proxy server DoS   Crash on HTCP packets processing.

Apache Tomcat crossite scripting updated since 04.06.2008   host-manager username crossite scripting.

Bournal information leak   Command line paramters including encryption key are visible in processes list. Insecure temporary files creation.

22.02.2010 Detailed

6! Cisco Security Agent multiple security vulnerabilities   Directpry traversal, SQL injection, DoS. 6! Cisco ASA multiple security vulnerabilities   NTLM authentication bypass, multiple DoS conditions.   polipo proxy server DoS   Crash on processing HTTP request and response headers.

Asterisk dialplan modification   Atacker can control dialplan if ${EXTEN} macro is used.

Cisco Firewall Services Module DoS   DoS on Module Skinny Client Control Protocol (SCCP) inspection.

IBM Cognos Server backdoor   Undocumented Apache Tomcat account for TCP/19300 administration server.

Portwise SSL VPN crossite scripting   Crossite scripting on login page.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

SAP Web AS multiple security vulnerabilities updated since 21.01.2010   Code execution with Internet Communication Framework, information leak, crossite scripting, directory traversal.

19.02.2010 Detailed

Pidgin / Adium messenger multiple security vulnerabilities   Memory corruption on SLP (MSN) messages parsing. Multiple DoS conditions.

17.02.2010 Detailed

7! Microsoft Windows code execution updated since 10.02.2010   URL code injection. 6! OpenOffice buffer overflow   Buffer overflow on Microsoft Word documents parsing.   Enomaly ECP code execution   VMCasting payload signing is not implemented during software update process.

MIT Kerberos 5 DoS   KDC crash on request processing.

Huawei HG510 crossite request forgery   Crossite request forgery allows to reboot device.

16.02.2010 Detailed

9! Linux kernel multiple security vulnerabilities   DoS conditions, privilege escalations, kernel memory access, weak permissions. 8! Oracle quarterly security update updated since 16.07.2009   Approximately 30 vulnerabilities in different applications are fixed. 6! Cisco IronPort Encryption Appliance multiple security vulnerabilities   Multiple vulnerabilities in HTTPS interface.

6! HP Operations Agent unauthorized access

Hyleos ChemviewX ActiveX buffer overflows   Stack based buffer overflows (stack overruns) in SaveasMolFile and ReadMolFile methods.

HP Network Node Manager code execution

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Facebook for iPhone multiple security vulnerabilities updated since 05.01.2010   Crosste scripting via notes page, session hijacking.

fetchmail buffer overflow   Buffer overflow in verbose mode on SSL certificate paramters printing.

Google Chrome information leak   Password manager allows username/password from external source to be automatically filled.

Motorolla Milestone DoS   Browser crash on Javascript.

12.02.2010 Detailed

7! Microsoft Office applications multiple security vulnerabilities updated since 10.02.2010   Buffer overflow on Microsoft office files parsing, multiple memory corruptions on Microsoft PowerPoint fiels parsing.   HP ProLiant Support Pack multiple security vulnerabilities   Code execution, information leak.   HP DreamScreen information leak

Opera DoS   Large number of nested tags leads to buffer overflow.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

10.02.2010 Detailed

9! Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities updated since 09.02.2010   Multiple memory corruptions in ICMPv6, IPSec, TCP implementations. 8! SSL data injection updated since 09.11.2009   Data injection possibility connected with SSL in-session renegotiation. 7! Microsoft Windows SMB server multiple security vulnerabilities   Memory corruptions, buffer overflow, DoS conditions, cryptography weakness.

7! Microsoft Data Analyzer ActiveX Control memory corruption

6! Microsoft Windows kernel privilege escalation   Double free() vulnerability, exception handler vulnerability.

6! Microsoft DirectShow buffer overflow   Buffer overflow on AVI parsing.

6! Microsoft Windows Client/Server Run-time Subsystem   Invalid process termination on user's logout.

6! Microsoft SMB client multiple security vulnerabilities   Memory corruptions, race conditions.

Microsoft Windows Kerberos DoS   NULL pointer dereference on TGT renewal request processing.

Microsoft Hyper-V DoS   Insufficient instruction set validation in virtual machine.

Microsoft Paint integer overflow   Integer overflow on JPEG parsing.

09.02.2010 Detailed

7! Multiple Web servers information leak   It's possible to access script sources and/or bypass access restrictions by using Windows 8.3 filenames and space characters. 6! JDownloader download manager code execution   TCP/9666 port HTTP interface used for application management is vulnerable to form redirection attacks.   TVUPlayer ActiveX code execution   Insecure method allows local files access.

Clearweb GeFest Web HomeServer directory traversal   It's possible to access files behind web root.

08.02.2010 Detailed

Ipswitch IMail multiple security vulnerabilities   Weak permissions for registry and installation folder. Passwords are stored in readable location with reversible encryption.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 08.02.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   libmikmod multiple buffer overflows   Multiple overflows on Impulse Tracker and Ultratracker format parsing.

Gnome Nautilus code execution   HTML script is executed in local machine context on HTML prveiew.

06.02.2010 Detailed

7! Samba directory traversal   It's possible to access any directories in the sysmte by symbolic links.

05.02.2010 Detailed

chrony multiple security vulnerabilities   Traffic amplification, resources exhaustion.   Apple Safari DoS   Memory corruption on Javascript processing.

04.02.2010 Detailed

8! Microsoft Internet Explorer information leak   It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag. 6! squid proxy server DoS   Crash on authentication, crash on DNS reply parsing. 6! maildrop privilege escalation

6! jBCrypt library cryptographic vulnerability   non-ASCII characters are converted to '?' befor hash calculation.

Samba race conditions   Race conditions in mount.cifs utility.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Apple iPhone cryptographic weakness   Certificate key usage is not checked during validation of .mobileconfig wireless autoconfiguration file.

Cisco Secure Desktop crossite scripting   Crossite scripting via POST request to https://{IP}//+CSCOT+/translation?textdomain=csd&prefix=trans&lang=en-us

Linux kernel multiple security vulnerabilities updated since 04.02.2010   Buffer overflow on ISDN HDLC packet, gdth driver IOCTL privilege escalation, devtmpfs weak permissions.

HP OpenVMS Record Management Services privilege escalation

Asterisk integer overflow   Integer overflow on T.38 over SIP FaxMaxDatagram field parsing.

AOL buffer overflow   Buffer overflow on vCard (.vcf) files parsing.

HP StorageWorks Tape Autoloader privilege escalation   Web interface allows non-privileged user to obtain administrative privileges.

Corel Paint Shop Pro buffer overflow   Heap buffer overflow on FPX format parsing.

HP System Management Homepage crossite scripting updated since 21.05.2009

Xerox Workcenter 4150 DoS   assert() on PJL parsing

02.02.2010 Detailed

6! lighttpd DoS   Memory exhaustion on HTTP request reading. 6! RealNetworks RealPlayer multiple security vulnerabilities updated since 21.01.2010   Memory corruptions, buffer overflows on different codecs and media formats. 6! IBM AIX rpc.cmsd buffer overflow updated since 09.10.2009   Buffer overflow on RPC request parsing.

HP Enterprise Cluster Master Toolkit privilege escalation

Qihoo 360 Security Guard privilege escalation   IOCTL privilege escalation.

Oracle (Sun) Solaris DoS   UCODE_GET_VERSION IOCTL NULL pointer dereference.