31.03.2007 Detailed

6! PHP printf() integer overflow   Integer overflow on 64-bit systems. 6! PHP zip_entry_read() function integer overflow updated since 29.03.2007   Integer overflow leads to heap memory buffer overflow. 6! dproxy DNS proxy buffer overflow updated since 23.03.2007   Buffer overflow on oversized DNS request UDP packet (UDP/53).

PHP iptcembed() function information leak   Uninitialized memory region is returned on invalid function termination.

PHP session.save_path open_basedir protection bypass   It's possible to create file in any directory by using environment variables.

America Online SuperBuddy ActiveX memory corruption   One of methods allows execute some actions under controllable address.

30.03.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   IBM Lotus Sametime code execution   LoadLibrary function is available through ActiveX element.   AOL software DoS

AIX lsmcode privilege escalation updated since 30.05.2006   User's environment variable is used to launch external application.

29.03.2007 Detailed

6! Microsoft Vista ATI drivers vulnerability   Blue Screen of Death whiel displaying images. 6! Avant Browser buffer overflow   Buffer overflow on oversized Content-Type: header. 6! PHP read_file safe_mode protection bypass   It's possible to bypass protection by using php://../../ prefix to filename.

DataDomain Web interface unfiltered shell characters   Unfiltered shell characters vulnerability in multiple Web interface commands.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FastStone Viewer buffer overflow   Stack memory overflow on JPEG parsing.

Inkscape multiple security vulnerabilities   Format string vulnerability in URIs displaying, security problems with Jabber protocol.

FTPDMIN special DOS device access   Access to special devices (like //A:) causes DoS against application.

MyServer privilege escalation   suid() is called before sgid() for CGI applications.

Linux IPv6 socket double memory free vulnerability   Double memory free in ipv6_fl_socklist.

ZZIPlib / zzcat buffer overflow   Stack buffer overflow (stack overrun) on oversized filename.

B21Soft BASP21 SMTP lines injections   Invalid handling of "." character allows to inject SMTP commands into message.

Linux pam_console privilege escalation   Invalid device permissions handling if few users are logged in.

PHP mail() function invalid characters processing   Unfiltered \r\n and \0 characters allows strings injection and header truncation.

FreeBSD eject buffer overflow   Buffer overflow in -t option.

ReactOS multiple security vulnerabilities

28.03.2007 Detailed

6! Cisco Unified CallManager / Unified Presence Server multiple security vulnerabilities   Denial of service with Skinny / SCCP protocol (TCP/2000, TCP/2443), ICMP echo requiests flood, IPSec (UDP/8500) parsing. 6! Lotus Domino multiple security vulnerabilities   LDAP Server heap overflow, Web access crossite scripting. Buffer overflow in IMAP CRAM-MD5 authentication. 6! HP JetDirect and HP printers buffer overflow updated since 19.12.2006   Buffer overflow in LIST, NLIST and RETR command of built-in FTP server.

HP OpvenView Network Node Manager uauthroized access

hpaftpd multiple buffer overflows   Buffer overflows in multiple FTP commands.

Truecrypt privilege escalation   In suid mode it's possible for user to mount crypted filesystem to any directory.

Corel WordPerfect buffer overflow   Buffer overflow on .PRS file processing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Opera / Firefox anti-phishing protection bypass   Phishing sites embedded into IFRAME are not detected.

Yahoo Messenger information leak   Web mail authentication response reply with session identifier is saved in browser cache.

27.03.2007 Detailed

6! Linux kernel DCCP information leak   Integer overflow in getsockopt for SOL_DCCP gives ability to read content of kernel memory.   SingKorea ActiveX buffer overflow   Buffer overflow in DownloadCertificateExt() method.   Sony Playstation 3 flood DoS   UDP datagrams flood DoS with enabled remote play feature.

PHP PECL functions buffer overflows   Buffer overflow in confirm_phpdoc_compiled() function.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

26.03.2007 Detailed

7! Microsoft Data Access Components code execution updated since 13.02.2007   ADODB.Connection NextRecordset() / Execute() double free() vulnerability. Can be used for hidden malware installation.

25.03.2007 Detailed

6! PHP variables unset use after free vulnerability   There is no access counters for _SESSION and HTTP_SESSION_VARS variables, making it possible to trigger use-after-free conditions by unsetting these variables. In addition, it's possible to deserealize these variables. 6! X.Org libx11 library buffer overflow   Integer overflow during images parsing leads to buffer overflow. 6! Real Networks Helix RTSP Server buffer overflow   Heap buffer overflow on parsing RTSP REPLY request.

PHP unserialize() function information leak   Uninitiailized memory fragment is returned on "S:" string.

pcapsipdump SIP packets DoS

GlowWorm FW DoS   Infinite recursion on DNS reply packets parsing.

NetSievben SSH library SFTP DoS   SFTP file descriptors leak.

TinyMUX DoS

Mozilla Fizzle addon crossite access

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

WarFTPd buffer overflow (outdated version)   Buffer overflow in USER command.

24.03.2007 Detailed

6! Sun directory server memory corruption   free() function is called for non-innitialized pointer. 6! squid cache proxy DoS   DoS on processing TRACE method. 6! Multiple OPC Servers multiple security vulnerabilities   Multiple memory corruptions.

IDA Pro debugger unauthorized access   Remote debugging request is executed regrdless of authentication state.

file utilities integer overflow

PHP FTP commans injection   Unchecked CRLF in filename allows to inject FTP commands.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.03.2007 Detailed

Microsoft Windows Vista Internet Explorer applications execution   By clicking the link to the local file with the same name as local folder, file is executed.

22.03.2007 Detailed

6! PHP hash_update_file() function use after free() vulnerability   Race conditions allows to free resource processed by function. 6! PHP ext/gd use after free() vulnerability   During exceptional conditions handling, some resourceses aree free()ed and later accessed. 6! Atrium Mercur Mailserver IMAPD buffer overflow   Multiple buffer overflows in IMAP NTLM authentication implementation. Buffer overflow in SUBSCRIBE command.

6! Gnome Evolution calendar format string vulnerability   Format string vulnerability on shared memo parsing.

6! Linksys wireless routers information leak   Configuration information, including whole set of password is returned by request to UDP/916 port.

6! Asterisk PBX SIP DoS updated since 04.03.2007   Application crash on malcrafted SIP packet.

0IRC client DoS   NULL pointer dereference on oversized server message.

mb_parse_str() exceptional conditions protection bypass   Exceptional conditions during function invocation may lead to enabling register_globals.

PHP header() function memory corruption   Heap memory page coruption allows code execution on big endian systems.

Grandstream Budge Tone VOIP phones DoS   Crash on SIP protocol INVITE message parsing.

InterActual Player / CinePlayer ActiveX buffer overflow   Buffer overflow in IASystemInfo.dll ActiveX element.

XMMS multimedia player multiple integer overflows   Multiple integer overflows on different multimedia file formats parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Oracle Dynamic Monitoring Services crossite scripting   Crossite scripting with /servlet/Spy.

Microsoft Internet Explorer DoS   Memory exhaustion with appendChild method.

Network Audio System DoS

21.03.2007 Detailed

Cisco 7940 IP Phone denial of service updated since 20.03.2007   Crash on malformed INVITE SIP packet.

20.03.2007 Detailed

OpenAFS filesystem privilege esccalation   Attacke can make fake suid binary on network disk by using protocol weakness.   ZyXel wireless routers DoS

19.03.2007 Detailed

Microsoft Windows NDISTAPI DoS   During exceptions handling on \Device\NdisTapi device request handling URQL is not returned from DISPATCH level on switching to user mode, leading to crash (BSOD) with IRQL_LESS_THAN_NOT_EQUAL on accessing paged memory.   F-Secure anti-virus format string vulnerability   Format string vulnerability in management server name allows local privilege escalation.   Linux Security Auditing Tool symbolic links problem   Symbolic links problem on temporary file creation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.03.2007 Detailed

6! Sun Java Web Server unauthorized access       6! Linux netfilter multiple security vulnerabilities   Protection bypass with fragmented IPv6 packets, denial of service.   Adobe JRun / ColdFusion DoS   Denial of service under IIS Server on file request to JRun root folder.

netperf netserver symbolic links vulnerability   Symbolic links vulnerability on /tmp/netperf.debug file creation.

D-Link TFTP server memory corruption   Memory corruption on oversized GET/PUT commands.

PennMUSH mud environment DoS   Multiple DoS conditions on different commands processing.

Lookup electronic dictionaries interface symbolic links problem   Symbolic links problem on temporary files creation.

Rhapsody IRC client multiplesecurity vulnerabilities   Multiple buffer overflows and formatstring vulnerabilities.

Apple MacOS X multiple security vulnerabilities   Mac OS X security update closes a number of vulnerabilities.

17.03.2007 Detailed

6! libwpd /OpenOffice / AbiWord multiple security vulnerabilities   Multiple buffer overflows on Word Perfect documents parsing.   PHP array_user_key_compare() function memory corruption   Reference are left to freed buffer. It may lead to de-allocated memory space usage.   PHP invalid session id and session_regenerate_id() function double free() vulnerability   Race conditions on session identifier freeing can lead to double free() operation.

PHP compress.bzip2:// URL safe mode protection bypass   Safe mode and open_basedir limitations are not checked.

FrontBase Database server buffer overflow   Buffer overflow in 'CREATE PROCEDURE' SQL command.

Multiple libft p / GFTP security vulnerabilities   Multiple buffer overflows of different types.

PHP ibase_connect function buffer overflow   Buffer overflow on oversized function argument.

IBM Rational ClearQuest Web crossite scripting   Crossite scripting on text attachments.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.03.2007 Detailed

7! Microsoft MFC memory corruption updated since 13.02.2007   Memory corruption on RTF files parsing. Can be used for hidden malware installation.   Cisco multiple products help system crossite scripting   Crossite scripting on HTML help pages.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.03.2007 Detailed

Microsoft Windows mmioRead () multimedia function integer overflow   Integer overflow on negative parameter values.   Microsoft Internet Explorer page content spoofing   Crossite scripting in res://ieframe.dll/navcancl.htm#http://www.site.com page allows to inject HTML code into page.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Symantec Norton Personal Firewall / Norton Internet Security buffer overflow updated since 18.09.2006   \Device\SymEvent driver interface buffer overflow.

14.03.2007 Detailed

8! OpenBSD ICMPv6 buffer overflow updated since 12.03.2007   Buffer oveflow on fragmented IPv6 packet. 6! Apache Tomcat directory traversal   It's possible to traverse directories with /\../. 6! Microsoft Windows ChangeServiceConfig2A memory corruption   Memory corruption on ChangeServiceConfig2A() call.

TrendMicro antivirus DoS   Division by zero on UPX packed file parsing.

minigzip utility buffer overflow   Buffer overflow on oversized filename.

McAfee ePolicy Orchestrator ActiveX multiple buffer overflows   Buffer overflows in SiteManager.Dll ExportSiteList() and VerifyPackageCatalog() functions.

unrarlib library buffer overflow   Buffer overflow in urarlib_get() function on oversized filename.

Unfiltered shell characters in Amarok media player   Unfiltered shell characters on executing o external unzip command.

Macromedia ShockWave ActiveX multiple security vulnerabilities   SwDir.dll multiple methods buffer overflows.

Java Dynamic Management Kit privilege escalation   Invalid appliance of restriction policies allows to access Inter-ORB applications data.

AstroCam DoS

PHP filtering extension multiple security vulnerabilities   Buffer underflow, filtering protection bypass.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

13.03.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.03.2007 Detailed

6! Ktorrent multiple security vulnerabilities   Directory traversal with torrent files and DoS conditions.   FiSH IRC clients encryption plugin multiple security vulnerabilities   Multiple buffer overflows on different IRC messages.   Plash sandbox protection bypass   It's possible to execute any command via /dev/tty device.

Trac content displaying vulnerability   Content-Disposition MIME header is not defined. Crossite scripting.

RIM BlackBerry 8100 Wireless DoS   Resources exhaustion on activating long web link.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Linux setsockopt / getsockopt IPv6 DoS   IPV6_RTHDR option with invalid value causes system crash.

NetBSD ktruser integer overflow

11.03.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

10.03.2007 Detailed

6! snort packets reassembly DoS   Invalid packets reassembly on connection tracking causes application to crash. 6! Oracle for Windows privilege escalation   Weak permissions for memories sections and named pipes inside oracle process allow code execution with local system account. 6! Microsoft Windows files and folders management problems updated since 07.03.2007   During file operations conditions exist for attacker to gain access to content of protected or locked files. It's also possible to create unmanageble file.

SnapGear packets flood DoS

Apple Airport IPv6 weak default configuration   IPv6 tunneling support is enabled by default and no filtering rules are applied to tunelled traffic.

Sun SunFire ipmitool privilege escalation

Avaya Communications Manager crossite scripting

PHP COM extension safe_mode protection bypass   WScript.Shell COM object allows execution of any commands.

PHP CDFP extension cpdf_open information leak   Fragment of source code is printed in diagnostics message.

PHP SNMP extension snmpget() buffer overflow   Buffer overflow on oversized ID.

PHP zip:// URL buffer overflow   Stack buffer overflow (stack overrun) on oversized URL.

PHP substr_compare information leak   Integer overflow allows memory reading behind variable boundaries.

PHP shmop information leak   By using shared memory via shmop() function, script can obtain content of parent application's memory.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Mozilla Firefox integer overflow   Integer overflow on large GIF image size values.

Microsoft Windows OLE files DoS   Crash on OLE file (.DOC) preview.

Acrobat Reader plugin DoS   Request to PDF file with large number of %n causes CPU and memory exhaustion.

PHP FDF POST request filtering protection bypass   FDF extension doesn't support filtering.

09.03.2007 Detailed

6! Apple QuickTime multiple security vulnerabilities updated since 06.03.2007   Integer overflows, buffer overflows and memory corruptions on different data formats parsing.   MySQL subselect DoS   NULL pointer dereference if string function is applied to select with "order by" result.   Novell NetMail WebAdmin buffer overflow   TCP/89 HTTP Basic authentication buffer overflow.

CA eTrust privilege escalation   GINA password reset interface privilege escalation.

PHP crack_opendict() extension buffer overflow   Buffer overflow on oversized function argument.

IPSwitch IMail ActiveX multiple buffer overflows

Omnikey CardMan 4040 linux driver buffer overflow   Buffer overflow on cmx device request handling.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

PHP import_request_variables internal variables overwrite   $_GET $_POST $_COOKIE $_FILES $_SERVER $_SESSION and another internal variables may be overwritten during import.

Conquest game buffer overflow   Buffer overflow on parsing metaserver reply.

07.03.2007 Detailed

7! Multiple gzip security vulnerabilities updated since 19.09.2006   Buffer overflow, NULL pointer dereference, inifnite loop.   silce-server router DoS   Invalid authentication hash algorithm with empty cipher causes NULL pointer crash.   Apache mod_python information leak   If used in output filter mode, large output can lead to content of freed memory is leaked.

06.03.2007 Detailed

7! Multiple Mozilla Firefox / Thunderbird / Seamonkey vulnerabilities updated since 27.02.2007   HTML filtering bypass, crossite scripting, weak hashing function, memory corruption, buffer overflow, etc. 6! PHP mssql_connect() / mssql_pconnect() functions buffer overflow   Buffer overflow leads to code execution, resulting in sandbox protection bypass. 6! Mercury/32 IMAP server buffer overflow   Buffer overflow in LOGIN command.

6! Unsigned content spoofing in multiple application launching GnuPG   Signed text boundaries are incorrectly shown or not shown, making it's possible to insert unsigned packets.

PHP php_binary / WDDX information leak   Fragment of heap memory may be red because of missed variable length checking.

mod_security protection bypass updated since 06.03.2007   Invalid handling of NULL byte in POST form data opens possibility to traverse checks.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

PHP Ovrimos extension safe mode protection bypass   There are numerous code exectuion possibilities.

05.03.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 05.03.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

04.03.2007 Detailed

6! Symantec MailSecurity DoS   Crash on malcrafted mail headers parsing.