31.03.2011 Detailed

7! EMC Replication Manager code execution updated since 14.02.2011   Command execution via TCP/6542 service.   Cisco Secure Access Control System privilege escalation   It's possible to reset any user's password.   Cisco Network Access Control Guest Server System Software Authentication Bypass   Unauthenticated access to protected network is possible.

OpenLDAP vulnerabilities   Authentication bypass, DoS.

VMware privilege escalation   It's possible to elevate privileges via shared library spoofing.

BSD systems / Solaris port hijacking   User can open port with specified interface address if it's already open by another application without interface address.

GNOME Desktop Manager privilege escalation   root privileges are not dropped on files access.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

29.03.2011 Detailed

7! Comodo issued fraudlent certificates updated since 23.03.2011   login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org "Global Trustee" certificates were issued to untrusted third party. 6! Zend Server code execution   It's possible to execute user-supplied code via Java Bridge (TCP/10001) service.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 29.03.2011   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP Diagnostics crossite scripting

25.03.2011 Detailed

7! SCADA service multiple security vulnerabilities   Large number of different vulnerabilities in factory sofware. 6! HP Data Protector integer overflow   Data Protector Media Operations DBServer.exe (TCP/19813)integer overflow is unpatched for over 180 days.   HP Virtual SAN Appliance buffer overflow   Buffer overflow in hydra.exe (TCP/13838) authentication is unpatched for 180 days.

VLC media player security vulnerabilities   Buffer overflow on .AMV and .NSV parsing.

Apache mpm_itk module privilege escalation   Under some conditions, request is processed with root privileged.

EMC Data Protection Advisor Collector weak security permissions   Weak permissions for executable files.

Cisco VPN privileges escalation   Privilege escalation via Dial-Up Networking interface.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.03.2011 Detailed

8! Apple Mac OS X multiple security vulnerabilities   Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation. 7! RealPlayer buffer overflow   Buffer overflow on IVR files parsing. 7! IBM Lotus Domino Server Controller unauthorized access   User-supplied network file is used for stored user's credentials during TCP/2050 service authentication.

6! libcgroup security vulnerabilities   Buffer overflow, privilege escalation.

6! libtiff buffer overflow   Buffer overflow in ThunderCode codec, stack overflow.

6! Advantech BroadWin WebAccess multiple security vulnerabilities   Code execution, information leak from TCP/4592 RPC-based service.

6! Novell Netware FTP server buffer overflow updated since 31.03.2010   rmdir/mkdir/dele commands buffer overflow.

IGSS ODBC Server uninitialized pointer free()   Multiple uninitialized pointer dereference conditions.

Progea Movicon TCPUploadServer unauthorized access   It's possible to upload and execute file to arbitrary location.

Asterisk DoS   Connection flood leads to resources exhaustion.

libvirt protection bypass

Linux kernel multiple security vulnerabilities   Privilege escalation, multiple information leaks.

Symantec LiveUpdate Administrator crossite request forgery   Crossite request forgery in administration web interface.

HP Discovery & Dependency Mapping Inventory information leak   public community has SNMP read access by default.

TeX (tex-common) shell characters vulnerability

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP Client Automation code execution updated since 15.03.2011   Code execution with radexecd.exe (TCP/3465).

Immunity Debugger buffer overflow   Buffer overflow during software update process.

Cisco IPSec information leak   It's possible to check groupname existance.

21.03.2011 Detailed

6! libzip library / PHP DoS   NULL pointer dereference in _zip_name_locate.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.03.2011 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   SAP Crystal Reports Server crossite scripting   Multiple crossite scripting vulnerabilities.   RSA Access Manager Server unauthorized access

EMC Avamar secrurity vulnerabilities   Information leakage, privilege escalation.

SAP GUI DLL hijacking   DLL hijacking by placing .sap files in network floder.

16.03.2011 Detailed

9! Apple WebKit / Safari / iTunes / libtiff / Google Chrome multiple security vulnerabilities updated since 03.03.2011   Multiple vulnerabilities on PNG, TIFF, JPEG, XML parsing, multipe WebKit memory corruptions.   nostromo nhttpd directory traversal   Directory traversal (including code execution via CGI) with escaped URI.   MIT Kerberos 5 double free updated since 16.03.2011   Double free vulnerability on PKINIT.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 15.03.2011   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.03.2011 Detailed

QNX Neutrino RTOS privilege escalation   It's possible to overwrite files via LD_DEBUG_OUTPUT for suid applications.   Checkpoint VPN privilege escalation   It's possible to obtain Local System privileges.

11.03.2011 Detailed

HP MFP Digital Sending Software configured devices unauthenticated access         Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 10.03.2011   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   TP-LINK TL-WR740N wireless router vulnerabilities   Crossite scripting, DoS.

10.03.2011 Detailed

6! Wireshark multiple security vulnerabilities   Memory corruptions and DoS conditions on different capture files formats and different network protocols parsing. 6! Majordomo2 directory traversal updated since 03.02.2011   Directory traversal on help command processing via e-mail or Web.   ISC DHCP server DoS   Crash on IPv6 address.

Weborf Web server DoS   Crash on invalid HTTP request.

Hiawatha Web-server integer overflow   Integer overflow via Content-Length.

OpenSLP / VMWare ESX/ESXi SLPD DoS   CPU exhaustion vulnerability.

ProFTPD integer overflow   Integer overflow in SFTP module.

nbd Network Block Device server buffer overflow updated since 21.12.2005

Apple iPhone information leakage   Information about Wi-Fi keys for Personal Hotspot feature is logged to debugging console.

09.03.2011 Detailed

6! Microsoft Windows multiple security vulnerabilities   Unsafe library loading, code execution with .dvr-ms files.   Subversion DoS   Crash on lock request processing.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.03.2011 Detailed

9! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Multiple memory corruptions, buffer overflows, user-after-free, crossite scripting, crossite request forgery, etc. 7! Postgres Plus SQL authentication bypass   Unauthorized access to DBA Management Server (TCP/9000, TCP/9363)   HP StorageWorks File Migration Agent unauthenticated access   Access authentication is not implemented.

logwatch shell characters vulnerability   Shell characters vulnerability on filenames.

vsftpd DoS   Resources exhaustion via path globbing.

Pango library NULL pointer dereference   Memory allocations are not controlled.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

weechat certificate spoofing   Server certificate is not validated.

01.03.2011 Detailed

6! Samba fd_set array overflow   Memory corruption by setting large number of connections.   FUSE symbolic links vulnerability   It's possible to unmount arbitrary directories.   ClamAV antivirus double free vulnerability   Double free() vuonerability on microsoft office documents VBA code parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FreeBSD / MacOS X crontab information leakage   User can retrieve some information about files and directories he has no access to.