26.03.2012 Detailed

9! Microsoft .Net multiple security vulnerabilities updated since 02.01.2012   DoS, multiple vulnerabilities in forms authentication. 7! GnuTLS / libtasn1 security vulnerabilities   Vulnerabilities on TLS and ASN.1 records parsing.   gnash multiple security vulnerabilities   Ingerer overflow on SWF parsing, unsafe cookie handling, symbolic links vulnerability.

CA ARCserve Backup DoS   Crash on network request parsing.

Cisco PlayerPT ActiveX buffer overflow   Buffer overflow in SetSource() method.

Apache Traffic Server DoS   Server crash on oversized Host: header.

20.03.2012 Detailed

6! EMC RSA enVision multiple security vulnerabilities   Crossite scripting, SQL injection, directory traversal, hardcoded accounts, restrictions bypass. 6! VMWare applications multiple security vulnerabilities   Privilege escalation, cross application scripting, information leakage, crossite scripting. 6! Aruba Remote Access Point secuirty vulnerabilities   Commands injection, authentication bypass

Dell Webcam ActiveX buffer overflow   Multiple buffer overflows in crazytalk4 ActiveX

at32 reverse proxy buffer overflow   Buffer overflow on headers parsing.

ManageEngine DeviceExpert directory traversal   ScheduleResultViewer servlet directory traversal.

Tor Browser Bundle information leakage   Debugging logging is always on.

EMC Documentum eRoom security vulnerabilities updated since 18.03.2012   replay attacks and crossite scripting.

Apache FCGID module resources exhaustion   FcgidMaxProcessesPerClass limit is no actually working..

19.03.2012 Detailed

6! ABB WebWare code execution   TCP/5512 port service code execution. 6! Cisco SRP 500 multiple security vulnerabilities   Commands injection, directory traversal, unauthorized configuration uplooad. 6! Dropbear SSH server use-after-free

6! YAML::LibYAML format string vulnerability   Few format string vulnerabilities.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

notmuch special characters vulnerabilities   MML tags are not escaped.

FlashFXP FTP client buffer overflow   Buffer overflow on server response parsing.

Endian UTM Firewall security vulnerabilities   XSS, CSRF.

Polycom teleconferencing devices security vulnereabilities   Directory traversal, code injection.

VMware vCenter Chargeback Manager security vulnerabilities   Information leakage, DoS.

DBD::Pg format string vulnerability   Format string vulnerability on server response parsing.

pidgin / libpurple security vulnerabilities updated since 17.03.2012   DoS via XMPP and MSN messages, local information leakage.

Barracuda CudaTel crossite scripting   Stored XSS in different configuration parameters.

Enterasys SecureStack Switch crossite scripting   Stored XSS in different configuration parameters.

CheckPoint Firewall / VPN-1 information leakage   It's possible to obtain host names.

18.03.2012 Detailed

6! Cisco ASA / Cisco FSM multiple security vulnerabilities   Multiple DoS conditions, ActiveX code execution. 6! Asterisk security vulnerabilities   Milliwatt Application buffer overflow, HTTP manager buffer overflow   Oracle Exadata Infiniband Switch security vulnerabilities   Default accounts, /conf/shadow file weak permissions.

VMWare View multiple security vulnerabilities   Multiple XSS vulnerabilities.

Linux systemd race conditions   Race conditions on symbolic links removal.

Yealink VOIP Phone crossite sceripting   Crossite scripting in address book

17.03.2012 Detailed

8! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Multiple memory corruptions, privilege escalation, crossite access. 6! nginx information leakage   Invalid server response can lead to server memory content disclosure.

14.03.2012 Detailed

8! Microsoft Windows multiple security vulnerabilities   Kernel drivers privileges escalation, DirectWrite API DoS, RDP memory corruption and DoS. 6! Microsoft WIndows DNS Server DoS   Crash on request processing.   Microsoft Visual Studio code execution   Unsafe add-in loading

Microsoft Expression Design unsafe DLL loading   Unsafe DLL loading on .xpr and .design files processing.

10.03.2012 Detailed

9! Microsoft Windows multiple security vulnerabilities updated since 15.02.2012   GDI code execution, drivers privilege escalation, unsafe DLL loading, C Runtime code execution, .Net framework and Silverlight vulnerabilities. 9! Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities updated since 30.01.2012   Quarterly CPU fixes nearly 80 different vulnerabilities 8! Microsoft Internet Explorer multiple security vulnerabilities updated since 15.02.2012   Code execution, information leakage.

6! python-pam memory corruption   Memory corruption on the passwords with NULL byte.

6! glibc multiple security vulnerabilities   memcpy() integer overflow, RPC DoS, vfprintf() integer overflow.

python-httplib information leakage   SSL certificates are not checked.

Light Display Manager / gdm / LTSP Display Manager file descriptor leakage   File descriptor is no closed before child proess is spawned.

Linux kernel multiple security vulnerabilities   LDM and NFSv4 file systems DoS, futexes privilege escalation.

09.03.2012 Detailed

7! Apple iPhone multiple security vulnerabilities   Information leakage, protection bypass, sandbox limitation bypass. 6! Apple TV integer overflow   libresolve integer overflow 6! Cisco Unified Communications Manager SQL injection   SQL injection and DoS on SCCP request processing.

6! Cisco Wireless LAN Controller Multiple security vulnerabilities   Multiple DoS conditions, unauthorized access.

6! Cisco Unity Connection security vulnerabilities   Privilege escalation, crafted TCP packets DoS.

6! imagemagic security vulnerabilities   Memory corruption and DoS conditions on EXIF data parsing.

6! FreeType multiple security vulnerabilitiles   Multiple vulnerabilities on font files parsing .

Puppet security vulnerabilities   Privilege escalation conditions.

libvpx security vulnerabilities   Few DoS conditions.

Samba DoS   Infinite recursion on Batched request processing.

PostgreSQL vulnerabilities   Triggers privilege escalation, pg_dump reloading SQL injection.

Cisco Cius DoS   DoS on network traffic processing.

Cisco TelePresence Video Communication Server DoS   Crash on SIP request processing.

libxslt out-of-bounds read

XML::Atom Perl module limitations bypass   It's possible to obtain read access to limited resources.

plib / TORCS buffer overflow   Buffer overflow on error messages processing.

RSA SecurID Software Token Converter buffer overflow

Holdem Manager security vulnerabilities   Multiple memory corruptions.

file utility memory corruption   Memory corruption CDF format parsing.

libVTE (gnome-terminal, xfce4-terminal, terminator, etc) information leakage   scrollback buffer data is saved to temporary file.