30.03.2009 Detailed

unzip / bzip2 DoS updated since 23.03.2008

28.03.2009 Detailed

7! Multiple Sun Java (JRE / JWS) security vulnerabilities   Multiple integer overflows and memory corruptions on different data formats parsing. 6! OpenJDK multiple security vulnerabilities   Multiple DoS conditions, memory corruptions on different data formats parsing and LDAP requests.   squid memory exhaustion   Memory exhaustion on data received with ICAP protocol.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Webglimpse: crossite scripting.

26.03.2009 Detailed

6! HP OpenView Network Node Manager unauthorized access         HP UX Veritas File System (VRTSvxfs) privilege escalation         Systemtap race conditions   Privilege escalation via stap tool for stapusr group users.

24.03.2009 Detailed

7! Evolution Data Server multiple security vulnerabilities   Signature spoofing, DoS, process memory disclosure, integer overflows. 7! FreeBSD / Mac OS X integer overflow   Integer overflow in kernel space on process timers.   ZyXel G-570S multiple security vulnerabilities   Unauthorized configuration access, DoS, information disclosure.

Rittal CMC-TC Processing Unit II multiple security vulnerabilities   Crossite scripting, session hijacking.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

PostgreSQL DoS   Stack overflow on error message conversion.

Linux-PAM signed/unsignedconversion vulnerability   Problems with non-ASCII symbols in configuration file.

21.03.2009 Detailed

6! LittleCMS color management system library multiple security vulnerabilities   Buffer overflows, integer overflows, memory corruptions.   BSPlayer buffer overflow   Buffer overflow on oversized hostname in .bsl playlist.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Invision Power Board: user existance check

20.03.2009 Detailed

Breach Security ModSecurity for Apache DoS   Module hangs on incomplete HTTP POST multipart/form-data request.   Hannon Hill Cascade Server privilege escalation   Privilege escalation with XSLT files.   Jasper library multiplesecurity vulnerabilities   Integer overflow on JPEG2000 processing, format string vulnerability, symbolic links problem.

ghostscript integer overflow   Integer overflows in ICC library.

19.03.2009 Detailed

6! Autonomy KeyView library buffer overflow   Buffer overflow on Word Perfect (.wpd) files parsing.   CDex buffer overflow   Buffer overflow on .ogg format parsing.   Symantec PcAnywhere format string vulnerability   Format string vulnerability with .chm filename.

Weechat IRC client DoS   Crash on PRIVMSG parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.03.2009 Detailed

6! Rosoft Media Player buffer overflow updated since 19.12.2007   Stack buffer overflow on .M3U files parsing.   yaws Web server DoS   DoS via HTTP request with oversized header.   Rosoft Media Player buffer overflow   Buffer overflow on .rml playlists parsing.

Avahi multicast DNS server DoS   Resources exhaustions on mDNS packet parsing.

HP LaserJet printers crossite request forgery   Crossite request forgery with form data in conjunctions with insecure default access.

MySQL dynamic functions loading vulnerability   It's possible to load dynamic library from any location; functions are still available after library is unloaded.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

GOM Encoder buffer overflow   Buffer overflow on .srt subtitles processing.

15.03.2009 Detailed

7! glib library memory corruption   Memory corruption on base64 encoding/decoding.   MLDonkey directory traversal   It's possible to retrieve any file with HTTP console.   Apple iTunes DoS   DoS with DAAP messages.

SlySoft Multiple DVD applications memory corruptions   ElbyCDIO.sys driver multiple memory corruptions.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: DoS against user's account and server.

12.03.2009 Detailed

6! Cisco CallManager / Unified Communications Manager privilege escalation   During authentication process for address book synchronization, full access account credentials are leaked to client. 6! HP Systems Insight Manager unauthorized access   Unaurhorized access via WMI interface (WMI Mapper).   wesnoth game multiple security vulnerabilities   DoS, code execution.

POP Peeper buffer overflow   Buffer overflow with Date: header.

dash privilege esclation   privilege esccalation with .profile

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting. Athree CMS: information leak, SQL injection, DoS.

IBM Director CIM Server multiple security vulnerabilities   DoS, privilege escalation.

Linux kernel multiple security vulnerabilities   Unauthorized skfp_ioctl statistics reset, getsockopt() information leak.

Belkin Bulldog UPS management software buffer overflow   Buffer overflow in built-in web server.

PCTools iAntivirus multiple security vulnerabilities   Protection bypass, invalid behaviour in multiuser environment.

Adonics NAS Adapter DoS   Multiple DoS conditions on HTTP requests processing after authentication.

11.03.2009 Detailed

Asterisk VoIP server DoS   NULL pointer dereference on empty SIP INVITE header.   djbdns records poisoning   Ivalid processing of compressed response allows to inject additional NS records.

10.03.2009 Detailed

10! Microsoft Windows kernel multiple security vulnerabilities   Multiple security vulnerabilities allow code execution via EMF/WMF files.   Microsoft Windows DNS and WINS special records spoofing   It's possible to spoof WPAD and ISATAP records.

09.03.2009 Detailed

libc fts_* functions vulnerabilities   Invalid exceptional conditions processing on long path.   SupportSoft DNA Editor ActiveX unauathorized access   Multiple unsafe methods.   MPFR library buffer overflow   mpfr_snprintf() and mpfr_vsnprintf() functions buffer overflow

Microsoft Internet Explorer DoS   DoS with ListWidth property of Forms.ListBox / Forms.ComboBox ActiveX.

FoxIT Reader multiple security vulnerabilities   Uninitialized pointer dereference on PDF JBIG2 dictionary parsing, code execution, buffer overflow.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting.

Cisco 7600 Series Router Session Border Controller module DoS   DoS with crafted TCP/2000 data.

OptiPNG buffer overflow   Buffer overflow on .GIF files processing.

Audacity buffer overflow   buffer overflow on .gro files parsing.

Apache Tomcat crossite scripting   Crossite scriptign in example applications.

06.03.2009 Detailed

6! libpng uninitialized pointers   Uninitialized pointer reference on PNG parsing.   PHP unauthorized access   mbstring.func_overload setting in .htaccess is applied to all websites.   Multiple browsers inherited charset crossite scripting updated since 25.02.2007   If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP (SHIFT_JIS) charset.

04.03.2009 Detailed

libsndfile / WinAmp integer overflow   Integer overflow on .CAF format parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   curl protection bypass   Access restrictons can be bypassed with redirections.

02.03.2009 Detailed

dkim-milter Domain Keys authentication filter DoS   Crash on invalid DNS kay.   HTC Touch DoS   vCard files are accepted and imported without user intervation .   Hex Workshop buffer overflows   Buffer overflow on .cmap and .hex files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cetera CMS: crossite scripting

Wireshark multiple security vulnerabilities   Vulnerabilities on different capture files format parsing.