30.03.2008 Detailed

6! HP OpenVMS unauthorized SSH access       6! CA BrightStor ARCserve Backup ActiveX Buffer overflow updated since 20.03.2008   Buffer overflow in ListCtrl.ocx AddColumn().   policyd-weight symbolic links vulnerabilities   Symbolic links vulnerability on temporary file creation.

HP notebooks multiple security vulnerabilities   BIOS vulnerabilities allows unauthorized access and DoS.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Internet Explorer / mozilla Firefox address spoofing

28.03.2008 Detailed

8! Mozilla Firefox / Seamonkey multiple security vulnerabilities updated since 26.03.2008   Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication. 8! CISCO routers IOS multiple security vulnerabilities updated since 26.03.2008   MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities. 7! Multiple BSD systems strfmon() libc function integer overflow updated since 27.03.2008   Integer overflow on format specificator in strfmon(). NULL pointer dereference in printf().

27.03.2008 Detailed

6! IBM SolidDB database server multiple security vulnerabilities   Format string vulnerability in logging function, multiple DoS conditions.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

26.03.2008 Detailed

6! Novell eDirectory buffer overflow   Buffer overflow on oversized LDAP delRequest. 6! SILC server and client buffer overflow   Buffer overflow on PKCS #1 certificates parsing.   AzTech routers command execution   It's possible to execute routers commands via web interface without authentication.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

25.03.2008 Detailed

6! OpenSSH privilege escalation   Local user can hijack X-session of different user because of invalid DISPLAY variable initialization. 6! Xine / MPlayer / VLC buffer overflow updated since 21.01.2008   Buffer overflows and array overflow on RTSP parsing.   debian-goodies Scripts shell characters vulnerabilities   Shell characters problem via process names in checkrestart utility.

Linksys SPA-2102 wireless IP phones DoS   Large ICMP packets cause device to crash.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Hamachi VPN Client cleartext password in process memory   Cleartext username and password can be dumped in cleartext from process memory.

24.03.2008 Detailed

6! Sun Solaris rpc.ypupdated code execution   Insufficient RPC requests filtering. 6! ircu and snircd IRC servers array index overflow   Array index overflow in /mode command.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Claroline: crossite scripting.

Novell Groupwise unauthorized access   User who has access to shared folder of different user can gain access to the rest of the folders.

Adobe Flash CS3 Professional / Macromedia Flash MX code execution   Multiple code execution vulnerabilities on .FLV files parsing.

Linksys WRT54g authentication bypass updated since 04.08.2006   Configuration changes are applied without authentication through Web interface.

23.03.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Mitsubishi GB-50A unauthorized access   Access authentication is not implemented.   unzip / bzip2 DoS

Apple Safari for Windows buffer overflow and content spoofing updated since 22.03.2008   Buffer overflow on oversized download filename.

22.03.2008 Detailed

8! Microsoft Office / Excel / Outlook / Web Components multiple security vulnerabilities updated since 12.03.2008   Microsoft Excel multiple security vulnerabilities, Outlook mailt: URI code execution, multiple Office memory corruptions, Office Web Components multiple security vulnerabilities. 7! ZyXel ZyWall unauthorized access   It's possible to manipulate with routing via RIP and OSPF with default non-changeble account 'zebra'. 6! Microsoft Internet Explorer 7 request modification   Headers manipulation and invalid chunked encoding processing allow response splitting.

Asus Remote Console buffer overflow   Buffer overflow on TCP/623 request parsing.

PHP integer overflow   Integer overflow in printf function.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.03.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS DataLife Engine - path information leakage.

21.03.2008 Detailed

8! Asterisk multiple security vulnerabilities updated since 19.03.2008   Multiple format string vulnerabilities, buffer overflow on RTP handling, HTTP interface sessions spoofing, unauthorized SIP calls. 6! SurgeMail buffer overflow   Buffer overflow in LSUB IMAP command. 6! Linux kernel information leak   Kernel memory access with fault handlers.

6! Multiple xinelib / Xine media player security vulnerabilities   Multiple buffer overflows on different media formats parsing.

20.03.2008 Detailed

6! Gentoo Linux multiple packages incalid SSL certificates generation   Certificate may be leaked to public file due to invalid ssl-cert eclass implementation. 6! FaceBook / Aurigma Image / PhotoUploader / Piczo ImageUploader / ActiveX buffer overflow updated since 06.02.2008   Multiple buffer overflows in different properties.   CenterIM shell characters vulnerability   Shell characters vulnerability on URI processing.

XWine WINE graphical interface multiple security vulnerabilities   Symbolic links problem on temporary files creation, weak configuration file permissions.

IBM Rational ClearQuest crossite scripting   Multiple crossite scripting conditions.

HP StorageWorks Library and Tape Tools unauthorized access

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.03.2008 Detailed

8! MIT Kerberos multiple security vulnerabilities   krb5kdc multiple memory corruptions. kadmin RPC library array overflow. 6! Apple Mac OS X wiki server directory traversal   It's possible to upload file to any server directory. 6! CUPS print system buffer overflow   Heap buffer overflow on TCP/631 request parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.03.2008 Detailed

7! VMWare applications multiple security vulnerabilities   Host to guest shared folder (HGFS) directory traversal, named pipes privileg e escalation, Windows 2000 privilege escalation, DHCP service DoS, configuration file privilege escalation, memory corruption. 6! Sun Solaris Cluster service rpc.metad DoS   Cradsh on malformed RPC request. 6! unzip code execution   Memory corruption with free() with invalid pointer.

Microsoft Internet Explorer 7.0 DoS   Crash on createtextrange method.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Home FTP Server DoS   Some command sequence causes service to crash.

17.03.2008 Detailed

7! MG-Soft Net Inspector multiple security vulnerabilities   Format string vulnerability, directory traversal, DoS conditions. 6! VideoLAN VLC media player multiple security vulnerabilities updated since 26.12.2007   Buffer overflow on subtitles parsing, format string vulnerability in Web interface TCP/8080.   Bootix BootManage TFTPD buffer overflow   Buffer overflow on logging.

RSA WebID crossite scripting   Multipel crossite scripting possibilities.

Raidsonic nas-4220 weak cryptography   Encryption key is stored with data.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Snewscms Rus 2.3: crossite scripting

16.03.2008 Detailed

6! XNView buffer overflow   Buffer overflow on oversized filename. 6! Rosoft media player buffer overflows   Buffer overflow on RML files parsing.

15.03.2008 Detailed

7! Cisco CiscoWorks Internetwork Performance Monitor code execution   It's possible to execute commands without authentication. 6! IBM Informix Dynamic Server multiple security vulnerabilities   Buffer overflow during authentication (TCP/1526), buffer overflow on oversized DBPATH.

14.03.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 14.03.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

13.03.2008 Detailed

7! Sun java WebStart multiple security vulnerabilities   Buffer overflow in useEncodingDecl(). 6! McAfee Framework / ePolicy Orchestrator format string vulnerability   Format string vulnerability in logging functions. 6! Cisco SecureACS buffer overflow updated since 12.03.2008   Buffer overflow on UCP (user changeable passwords).

6! Squid Analysis Report Generator buffer overflow updated since 03.03.2008   Buffer overflow and crossite scripting on oversized User-Agent in squid log.

Zabbix DoS   Invalid data to TCP/10050 приводят к отказу службы.

Remotely Anywhere DoS   TCP/2000 HTTP request invalid Accept-Charset header NULL pointer dereference.

Argon Client Management Services directory traversal   directory traversal in built-in TFTP server.

Acronis TrueImage multiple DoS conditions   unallocated memory access, NULL pointer dereference.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Motorola Timbuktu multiple security vulnerabilities updated since 12.03.2008   Directory traversal, DoS and log spoofing.

12.03.2008 Detailed

Adobe LiveCycle Workflow crossite scripting   Crossite scripting with web management page.   BEA Weblogic multiple security vulnerabilities   Session hijacking and HTML injection in web administration console.

11.03.2008 Detailed

6! SAP MaxDB database server multiple security vulnerabilities   vserver remote heap overflow, sdbstarter privilege escalation. 6! ASG-Sentry multiple security vulnerabilities   Unauthorized files access, buffer overflows, DoS. 6! MPlayer multiple security vulnerabilities   Buffer overflows on URLs and CDDB entries parsing.

Acronis PXE Server multiple security vulnerabilities   TFTP server directory traversal and NULL pointer dereference.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 11.03.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

PacketTrap PT360 TFTP directory traversal and DoS updated since 03.03.2008   TFTP server directory traversal.

10.03.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.03.2008 Detailed

6! Checkpoint VPN-1 Edge crossite scripting   Crossite scriptign with web authorization page.   Panda Internet Security / Antivirus memory corruption   cpoint.sys IOCTL processing memory corruption.   Neptune Web Server crossite scripting   Crossite scriptign with error page.

tomboy code execution   Invalid dynamic library path.

lighthttpd information leakage   It's possible to obtain CGI source code under some conditions.

MicroWorld eScan Server directory traversal   Embedded TCP/2021 FTP server directory traversal.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Board: crossite scripting with flash files.

06.03.2008 Detailed

Ruby WEBrick Web server Toolkit directory traversal   Directory traversal with backslash.   Vobcopy symbolic links vulnerability   Symbolic links vulnerability on temporary files creation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Board: crossite scripting with flash files.

Perforce Software Configuration Management multiple security vulnerabilities   Multiple DoS conditions (endless loop, uninitialized memory reference, NULL pointer dereference).

05.03.2008 Detailed

6! Evolution format string vulnerability   Format string vulnerability on encrypted mail parsing. 6! Versant Object Database code execution   TCP/5019 client-supplied application execution. 6! Opera browser multiple security vulnerabilities   Information leakage on form file upload, images comments scrip execution , DOM sanitization filters bypass.

Google Android SDK multiple security vulnerabilities   Multiple vulnerabilities on graphics formats parsing.

Dovecot symbolic links vulnerability   It's possible to access files readable by mail group via symlinks if mail_extra_groups=mail is set.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

04.03.2008 Detailed

6! Multiple BSD systems user-ppp buffer overflow   Buffer overflow on PPP protocol parsing.   Eye-Fi multiple security vulnerabilities   Multiple vulnerabilities in TCP/59278 Web server.   Paramiko SSH server weak encryption   Weak PRNG generator is used for encryption.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.03.2008 Detailed

Borland Starteam Server integer overflows   Multiple integer overflows.   Audacity symbolic links vulnerability   Unsafe temporary files creation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

02.03.2008 Detailed

Livebox routers format string vulnerability   Format string vulnerability in built-in ADI Convergence Galaxy FTP Server.   Wireshark multiple security vulnerabilities   Multiple DoS conditions.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.