30.04.2004 Detailed

6! Multiple bugs in Sambar updated since 07.10.2003   Combination of multiple small vulnerabilities leads to remote code execution.   apache mod_ssl memory leak         3COM NBX 100 DoS

Multiple midnight commander bugs   Buffer overflows, format string bugs, symlink problem on temporary files.

libpng DoS   Access to uninitialized memory.

29.04.2004 Detailed

klogd buffer overflow   Heap overflow.

Zonet NAT problem   During translation to internal network IP address is overwritten with internal IP of the router.

28.04.2004 Detailed

DiGi WWW Server DoS   Oversized request with large number of '/' character causes CPU exhaustion.

27.04.2004 Detailed

6! Multiple vulnerabilities and Easter Eggs in HP Web JetAdmin   Unauthorized access, weak encryption, priviledge escalation. 6! eXtremail format string bugs   Format string bug in IMAP LOGIN command. 6! eXtermail format string bug updated since 23.06.2001   Format string bug in POP3/SMTP commands.

Samsung switches unauthorized access   Administrativ access without knowledge of admin password is possible.

26.04.2004 Detailed

Explorer / Internet Explorer buffer overflow   Buffer overflow on connection to network folder with oversized share name.

24.04.2004 Detailed

Symantec personal firewalls DoS   TCP packets with some options of zero langth causes system to hang.   CGI bugs updated since 19.04.2004

23.04.2004 Detailed

Netegrity SiteMinder Affiliate Agent buffer overflow   Heap overflow on SMPROFILE cookie parsing.

22.04.2004 Detailed

ident2 buffer overflow   Buffer overflow in child_service() function.   OpenSSL DoS   NULL pointer and uninitialized memory reference during SSL/TLS handshake.

21.04.2004 Detailed

6! Cisco SNMP DoS   Malformed packet can cause router to crash.   Microsoft Exchange POP3 gateway Exchangepop3 buffer overflow updated since 21.04.2004   Buffer overflow in SMTP MAIL FROM command.

20.04.2004 Detailed

8! linux kernel ip_setsockopt integer overflow   Integer overflow on MCAST_MSFILTER option processing. 6! Solaris NIS unauthorized passwords access   After installing 113579-03 patch any user can access secure NIS maps, for example passwd.adjunct.byname.   ssmtp symbolic links problem   Log file is created in /tmp without checking for symlinks.

Multiple utempter bugs   buffer overflows, directory traversal.

XChat buffer overflow   Buffer overflow in SOCKSv5 client code.

19.04.2004 Detailed

6! Serv-U buffer overflow updated since 26.01.2004   Stack overflow in non-RFC 'chmod' and 'mdtm' and 'ls -l' commands.   Fastream NETFile DoS   Server crashes on unknown FTP username/password.   Zaep crosssite scripting   Crossite scripting in message validation web interface.

Squirrelmail chpasswd buffer overflow   Buffer overflow on oversized username.

ColdFusion MX file uploading and error messages memory leak updated since 17.04.2004   Memory leak on terminated file upload and oversized error message.

Symantec Security Check / Trend Micro HouseCall/ RAV online scanning/ Panda ActiveScan / Mcafee FreeScan / BitDefender ActiveX buffer overflow adn another problems updated since 23.06.2003   Multiple buffer overflows. File upload and execution.

17.04.2004 Detailed

Logcheck symbolic links problem   Symlink problem on temporary files handling.   CGI bugs updated since 13.04.2004         X-Micro WLAN backdoor account updated since 13.04.2004   Built-in account 'super' wirh password 'super' or '1502' with password '1502'.

16.04.2004 Detailed

KPhone buffer overflow   Stack overflow on parsing STUN packet.   WinSCP DoS   Oversized URL causes client to hang.   ADA Image Server multiple bugs   Directory traversal, buffer overflows, etc.

SurgeLDAP directory traversal   user.cgi allows to download any file.

Cisco IPSec group password weak encryption   Group password is stored cleartext in memory. Knowledge of group passwords allows to steal individual password from wire.

ZoneAlarm e-mail protection bypass   File is not checked if filename contains extended characters.

15.04.2004 Detailed

ssmtp format string bug   Format string bug in logging.   CVS directory traversal   Server can send absolute path to client.   Lprng symbolic links problem updated since 15.04.2003   psbanner creates temporary file without checking symbolic links.

14.04.2004 Detailed

10! Windows NT/2000/XP/2003 RPC buffer overflow updated since 17.07.2003   Multiple buffer overflows during RPC request parsing via TCP/135 and another RPC ports. 8! MS Internet Explorer CHM files and ms-its handler code execution updated since 09.04.2004   HTTP redirection to ms-its (and few others) protocol exploiting directory traversal bug cause CHM file to be saved to known location. With another directory traversal bug HTML from CHM file can be executed in local zone. 7! Multiple linux kernel bugs updated since 22.07.2003   /proc/tty/driver/serial kestroke counting information leak, multiple execve() problems, multiple STP problems, UDP port spoofing, forwarding table records spoofing. ISO9660 file system buffer overflow.

6! Microsoft Jet Database Engine buffer overflow   Request to database can cause buffer overflow.

Eudora nested MIME DoS   Crash on deeply nested MIME attachment.

Outlook/Outlook Express NULL character DoS   Client hangs on POP3 receiving if message contains NULL character.

Zaep AntiSpam Cross Site Scripting   Crossite scripting in /?key= parameter.

ServerAlive weak encryption   Passwords are stored in text file in base64 format.

13.04.2004 Detailed

asleap - offline LEAP authentication hacking   MS-CHAP (NTLM) vulnerability allows offline passwords attacks.   Citadel/UX weak permissions   Messageboxes are world readable.   linux threaded processes DoS   SIGRT_1 signal can be delivired to application causing invalid handling of child threads termination.

Old FreeBSD versions ECCEflag ipfw protection bypass   ACK packets with ECE flags bypass filtering.

11.04.2004 Detailed

Mutt buffer overflow updated since 11.02.2004   Buffer overflow on displaying malformed messages.

09.04.2004 Detailed

rsniff DoS   socket is leaked on unsuccessful authentication attempt.   crackalaka DoS   Random data to TCP/6667 cause server to crash.   Cisco IPSec VPN module IKE DoS updated since 09.04.2004   Device crashes on malformed IKE packet.

Multiple LCDProc bugs   Multiple buffer overflows.

CGI bugs updated since 05.04.2004

08.04.2004 Detailed

6! Oracle web cache buffer overflow updated since 17.03.2004   Heap overflow on invalid HTTP/HTTPS request.   Cisco WLSE/HSE backdoor account   There hardcoded username/password to access device.   clamav rar DoS   Certain types of archives cause scanner to crash.

07.04.2004 Detailed

6! Real One / Real Player buffer overflow   Stack overflow on R3T parsing.   Kerio Personal Firewall DoS   Special characters in URL cause service to crash.   xine symbolic links problem   Problem during temporary files handling.

blaxxun buffer overflow   Buffer overflow on handling application/x-cc3d MIME type.

heimdal privilege escalation   Trusted real can impersonate any account from trusting realm.

06.04.2004 Detailed

6! DreamWeaver unauthorized access updated since 05.04.2004   Test database is accessible after installation.   IBM Director DoS   Malformed packets to TCP/14247 cause service to crash.   Moni HTTP interface multiple bugs updated since 25.11.2003   Buffer overflow, DoS.

05.04.2004 Detailed

6! Winamp buffer overflow   in_mod.dll .xm files parsing buffer overflow.   SuSE YaST symbolic links problem   Symbolic links problem with YOU/online_update.   Microsoft SharePoint Portal Server 2001 (crossite scripting)   Multiple crossite scripting bugs.

ActivePerl buffer overflow   win32_stat buffer overflow

Multiple Llinbit Linbox bugs   Authentication bypass, password disclosure, privilege escalation.

fte buffer overflows   Buffer overflows in concole version.

textutil symbolic links problem   synboli links problem on logfile creation.

03.04.2004 Detailed

6! eMule buffer overflow   Buffer overflow on oversized message.   Multiple IRIX ftpd DoS   DoS, logging bypass.   CGI bugs updated since 30.03.2004

02.04.2004 Detailed

Multiple bugs in Mondosoft Mondosearch   DoS, request proxying, user enumeration.

01.04.2004 Detailed

squid URL ACL protection bypass   By escaping URL characters it's possible to bypass URL filtering.   MPlayer buffer overflow   Buffer overflows during URL parsing.   cdp buffer overflow   Buffer overflow on oversized CD track name.