28.02.2011 Detailed

7! Cisco Telepresence multiple security vulnerabilities   Unauthorized access, commands injection, information leakage, code execution. 6! Cisco FWSM / ASA DoS   SCCP DoS, packets flood DoS. 6! Altigen VoIP Phone Systems buffer overflow   Heap buffer overflow on SIP/TLS (TCP/5061) network packet parsing.

6! pam-pgsql buffer overflow   Buffer overflow via IP address.

6! CA Internet Security / CA Host-Based Intrusion Prevention System code execution updated since 24.02.2011   SetXml and Save methods of HIPSEngine component allows to save file to any location.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco Linksys Wag120n crossite request forgery   Web interface crossite request forgery.

HP Web Jetadmin unauthorized access

26.02.2011 Detailed

9! Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities updated since 26.01.2011   Quarterly security update closes nearly 70 different vulnerabilities in all applications. 6! Asterisk buffer overflows   Multiple buffer overflows on UDPTL parsing.   Linux pertiotions handling multiple security vulnerabilities   Memory corruptions, information leaks, DoS.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

tomboy code execution   Shared library is loaded from the current directory.

24.02.2011 Detailed

7! Novell Netware integer overflow   Integer overflow on XNFS (UDP/1234) processing. 6! Cisco Secure Desktop ActiveX multiple security vulnerabilities   Few code execution possibilities. 6! Microsoft Windows application policy bypass   It's possible to bypass application restriction policy by directly loading code into suspended process' memory via e.g. Microsoft Word macro.

bin IXFR DoS   Resources exhaustion on IXFR processing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 24.02.2011   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Avahi DNS server DoS updated since 05.08.2010   Crash on malformed DNS packet parsing.

22.02.2011 Detailed

7! Google Chrome multiple security vulonerabilities   Memory corruptions, crossite scripting, DoS conditions. 6! Novell iPrint LPD daemon buffer overflow   Buffer overflow on TCP/515 traffic parsing. 6! telepathy-gabble stream hijacking   It's possible to hijack media stream with google:jingleinfo packet.

6! Cisco Security Agent code execution   Code execution via Web management interface.

IBM Lotus Domino Sametime crossite scripting   stconf.nsf crossite scripting

Novell ZenWorks TFTP Server buffer overflow   Buffer overflow on TFTP request parsing.

PHP grapheme_extract DoS   NULL pointer dereference

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.02.2011 Detailed

Kaspersky Antivirus protection bypass   User can bypass application protection by activating inactive interface elements with EnableWindow().

18.02.2011 Detailed

passwd / shadow vulnerabilities updated since 17.02.2011   It's possible to inject newlines into /etc/passwd

17.02.2011 Detailed

8! Oracle Java multiple security vulnerabilities / OpenJDK   Over 20 of different vulnerabilities.   Tembria Server Monitor security vulnerability   Weak cryptography, crossite scripting.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.02.2011 Detailed

6! Accellion File Transfer Appliance multiple security vulnerabilities   Backdoor keys, accounts and firewall rules, code execution, unauthorized access. 6! IBM Informix buffer overflow   Buffer overflow in USELASTCOMMITTED option is not fixed for > 2 years. 6! Check Point Endpoint Security Server / Integrity Server information leaks   Sensitive information, including private keys and passwords is accessible from Web interface.

6! OpenSSL DoS   Uninitialized memory reference on ClientHello request parsing.

IBM Lotus Notes code execution   Code injection via cai: URI is not fixed for more than year.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

14.02.2011 Detailed

9! Adobe Reader / Acrobat multiple security vulnerabilities updated since 11.02.2011   Code execution, multiple memory corruptions. 9! Adobe Flash Player multiple security vulnerabilities updated since 11.02.2011   Integer overflows, memory corruptions. 9! Adobe Shockwave Player multiple security vulnerabilities updated since 11.02.2011   Multiple memory corruptions.

8! Microsoft Windows multiple security vulnerabilities updated since 08.02.2011   Buffer overflow in shell on thumbnail parsing, memory corruption on OpenType Compact Font Format parsing, privilege escalation via CSRSS, LSA, kernel and different drivers, Kerberos server spoofing, JScript/VBScript memory content leak.

8! Microsoft Internet Explorer multiple security vulnerabilities updated since 08.02.2011   Multiple memory corruptions, unsafe DLL loading.

7! SCO OpenServer IMAP server buffer overflow   Buffer overflow in IMAP service is not fixed in > 180 days.

6! CA ETrust Secure Content Manager integer overflow   Integer overflow in TCP/1882 service is not fixed in > 180 days.

HP StorageWorks X9000 unauthorized access

DESLock+ privilege escalation   Privilege escalation via IOCTL.

Novell eDirectory DoS   Hand on NCP (TCP/524) requests parsing.

HP Power Manager crossite request forgery

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

VLC media player memory corruption   Memory corruption on Matroska/WebM сontainers parsing.

Overland Storage SnapServer unauthenticated access   It's possible to access backup data via Web interface.

11.02.2011 Detailed

10! IBM Lotus Domino multiple security vulnerabilities   Multiple security vulnerabilities are unputched for > 180 days. 8! RealNetworks RealPlayer code execution   It's possible to save and execute file. 7! Microsoft Office multiple security vulnerabilities   Multiple vulnerabilities in Excel and Powerpoint are unpatched during > 180 days.

6! Microsoft Visio multiple security vulnerabilities   Multiple memory corruptions.

MIT Kerberos 5 security vulnerabilities   kpropd and KDC DoS.

Linksys WAP610N unauthorized access   Console access without authentication to TCP/1111 port.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

08.02.2011 Detailed

9! Microsoft IIS FTP Server buffer overflow   Heap buffer overflow. 6! Apache Tomcat multiple security vulnerabilities   Privilege escalation, DoS, crossite scripting.   Microsoft Active Directory DoS   Crash on SPN processing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Comcast / SMC DOCSIS 3.0 Business Gateway - SMCD3G-CCR routers vulnerability   Crossite request forgery, default account.

HTC Peep information leak   Application send twitter credentials in clear text.

04.02.2011 Detailed

7! IBM DB2 security vulnerabilities   Buffer overflow and integer overflow in db2dasrrm (TCP/524) 7! HP OpenView Performance Insight Server backdoor   Hidden undocumented user account is implemented in com.trinagy.security.XMLUserManager class 6! BMC PATROL Agent integer overflow   Integer overflow on TCP/6768 traffic parsing.

PostgreSQL buffer overflow   Buffer overflow in intarray on large numbers parsing.

pango / libpango buffer overflow   Buffer overflow in pango_ft2_font_render_box_glyph()

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.02.2011 Detailed

9! Exim memory corruption and remote code execution updated since 12.12.2010       6! Aruba Mobility Controller security vulnerabilities   DoS and authentication bypass.   Cisco Tandberg C Series default account   Device is shipped via empty root password.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

02.02.2011 Detailed

7! Linux kernel multiple security vulnerabilities   DoS via sendmsg, mprotect, setsockopt, Hypervisor/KVM etc, information leaks, privilege escalation.   Nvidia CUDA drivers for Linux information leak   Information leak from kernel to user space via cudaHostAlloc/cuMemHostAlloc calls.   IcedTea for Java OpenJDK protection bypass   Protection bypass in JNLP SecurityManage, JAR files digital signature spoofing.

Cisco WebEx Recording Format Player multiple security vulnerabilities updated since 16.12.2009   Multiple vulnerabilities on .wrf / .arf files parsing.

01.02.2011 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.