31.03.2010 Detailed

6! OpenDcHub buffer overflow   Buffer overflow on MyINFO messages parsing. 6! Apache mod_proxy_ftp multiple security vulnerabilities updated since 23.09.2009   Denial of service, restrictions bypass.   Apple iTunes for Windows privilege escalation   Application is launched with LocalSystem rights from user-writable folder, allowing DLL spoofing.

VMWare application WebAccess multiple security vulnerabilities   Multiple crossite scripting vulnerabilities.

HP Insight Control for Linux multiple security vulnerabilities   Code execution, privilege escalation.

HP SOA Registry Foundation multiple security vulnerabilities   Crossite scripting, code execution, privilege escalation.

HP-UX AudFilter DoS

HP-UX with NFS/ONCplus NFS access

aircrack-ng buffer overflow   Buffer overflow on IEEE 802.11 EAPOL parsing.

emacs privilege escalation   It's possible to access different users' files via email helper.

Varnish privilege escalation   There is a process executing commands with root privileges.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

29.03.2010 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

26.03.2010 Detailed

HP Project and Portfolio Management Center crossite scripting         Sun Solaris symbolic links vulnerability   Multiple symbolic links vulnerabilities on updates installation.

25.03.2010 Detailed

7! Cisco routers IOS multiple security vulnerabilities   DoS via TCP connections, multiple vulnerabilities in IPSec, H.323, SIP. SCCP, MPLS protocols. 6! MIT Kerberos DoS   Crash on SPNEGO negotiation.   Remote Help HTTP server format string vulnerability

MX Simulator Server buffer overflow   Buffer overflow on network request handling.

puppet privilege escalation   Elevated privileges are not dropped on files access, symbolic links vulnerability.

Deliver race conditions   Multiple race conditions lead to symlink attacks and DoS conditions.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Apple Safari / WebKit protection bypass   Integer overflow allows to bypass destination port limitations.

Lexmark laser printers multiple security vulnereabilities   PJL processing buffer overflow, FTP service DoS.

Linux GFS / GFS2 file system DoS   gfs2_lock/gfs_lock doesn't check file permissions.

24.03.2010 Detailed

8! Microsoft Internet Explorer memory corruption   Memory corruption on XML/HTML processing.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.03.2010 Detailed

libcurl / cURL DoS   Resources exhaustion on gzip decompression.   Pango library array index overflow   Array index overflow on font file parsing.   Harris Stratex StarMAX crossite request forgery   Referer for GET request is not checked.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

IBM Lotus Domino response splitting updated since 21.03.2010   Response splitting via POST request to /names.nsf, crossite scripting.

21.03.2010 Detailed

6! PHP DoS   Crash on XML-RPC requests processing.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.03.2010 Detailed

7! SAP MaxDB code execution   Buffer overflow on TCP/7210 request parsing.   httpdx DoS   Crash on malformed HTTP request.   QuickZip buffer overflow   Buffer overflow on .zip files parsing.

libpng DoS   Resources exhaustion on data decompression in png_decompress_chunk().

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 18.03.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Virtual PC protection bypass   Invalid memory regions protection for memory >2GB allows to bypass Windows memory protection techniques for guest system.

MediaCoder buffer overflow   Buffer overflow on .lst files parsing.

Windisc buffer overflow   Buffer overflow on Banzhaf (.bnz) files parsing.

17.03.2010 Detailed

7! WebKit / Apple Safari / Google Chrome multiple security vulnerabilities updated since 15.03.2010   Use-after-free, integer overflow, clickjacking.   bind DNS server cache poisoning updated since 01.12.2009   It's possible to inject cache record during DNSSEC request processing.

15.03.2010 Detailed

8! Adobe Acrobat and Reader multiple security vulnerabilities updated since 17.01.2010   Code executions, memory corruptions, buffer overflow, integer overflow, DoS on PDF parsing. 7! Skype multiple security vulnerabilities   Code execution and unauthorized files access on URI processing.   SUPERAntiSpyware / SuperADBlocker multiple security vulnerabilities   Multiple DoS conditions, information leaks, privilege escalation, memory corruptions.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 15.03.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.03.2010 Detailed

8! Spamassasin milter plugin shell characters vulnerability   Shell characters vulnerability via RCPT TO: command. 7! Apache mod_isapi uninitialized pointer function call   Uunder some conditions function from dynamic library is called by it's address after library is unloaded. 7! Integer overflow in Autonomy KeyView / Symantec antiviral applications   Buffer overflow on Microsoft Office documents parsing.

6! HP OpenView Performance Insight code execution   It's possible to upload JSP page to server.

6! Microsoft Excel multiple security vulnerabilities updated since 10.03.2010   Multiple buffer overflows, memory corruptions, code execution.

ncpfs multiple security vulnerabilities   DoS conditions, information disclosure.

Juniper Secure Access crossite scripting   editbk.cgi crossite scripting

GNU tar / cpio buffer overflow   Buffer overflow in rmt code implementation

kvm multiple security vulnerabilities   DoS, privilege escalation.

Sun VirtualBox DoS

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Yahoo Player buffer overflow   Buffer overflow on .m3u files parsing.

XNView buffer overflow   Integer overflow on DICOM images parsing leading to buffer overflow.

10.03.2010 Detailed

Microsoft Movie Maker buffer overflow   Buffer overflow on .MSWMM files parsing.

09.03.2010 Detailed

Apache HTTPD information leak   Under some conditions it's possible to access memory with data related to prvious requests.   gnome-screensaver protection bypass updated since 16.02.2010   Screensaver crash on monitor hotplugging.

04.03.2010 Detailed

6! librpc.dll library multiple security vulnerabilities   Multiple buffer overflows and integer overflows. 6! Cisco Digital Media Manager multiple security vulnerabilities   default credentials, privilege escalation, information leak. 6! Cisco Digital Media Players unauthorized access   It's possible to inject video/audio data into remote display.

6! cups lppasswd format string vulnerability   Format string vulnerability via LOCALEDIR environment variable.

6! Apple Airport unauthorized network access   FTP proxy functionality doesn't check PORT command arguments allowing to map external port to any internal port of any internal address.

IBM Lotus Domino ActiveX buffer overflow   Buffer overflow in Domino Web Access ActiveX.

Novell eDirectory DoS   Crash on SOAP novell.embox.connmgr.serverinfo action request processing.

McAfee LinuxShield privilege escalation   nailsd (TCP/65443) service allows authenticated user to manipulate files with nailsd permissions.

Apache mod_proxy_ajp DoS   Resources are not freed if client closes connection before request body is sent.

Cisco Unified Communications Manager DoS   DoS on SIP and SCCP (Skinny) protocols, on CTI Manager (TCP/2748) request parsing.

Authentium Command on demand online scanner ActiveX buffer overflow   Buffer overflow in InstallProduct methods.

fcron fcrontab symbolic links vulnerabilities   Few race conditions.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 04.03.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Luxology Modo 401 integer overflow   Integer overflow on .LXO files parsing.

02.03.2010 Detailed

DATEV eG ActiveX code execution   ExecuteExe unsafe method allows code execution.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

01.03.2010 Detailed

6! getPlus ActiveX code execution updated since 25.02.2010   Insufficient validation of domain name.   Apache mod_security multiple security vulnerabilities   DoS, protection bypass.   Asterisk invalid ACL processing   /0 CIDR in ACL is processed in unpredictable way.