30.04.2005 Detailed

lam-runtime unauthorized access   Account without password is created during installation process.   ProZilla download manager buffer overflows updated since 24.11.2004   Multiple buffer overflows and format string bugs.

28.04.2005 Detailed

Multiple firewalls directory traversal protection bypass         IBM WebSphere Application Server crossite scripting   Crossite scripting with error pages.

KMiNT21 Software Golden FTP Server buffer overflow   Buffer overflow on oversized username.

BulletProof FTP Server privilege escalation   Privilege escalation with help subsystem.

Bakbone Netvault privilege escalation   Hidden windows of local system process handles user's messages.

Rootkit Hunter symbolic links problem   Insecure temporary files handling.

VooDoo cIRCle BOTNET buffer overflow   Buffer overflow in botnet center while processing data from bot.

BEA application server Admin console crossite scripting   Crossite scripting with http://server:8001/console/actions/jndi/JndiFramesetAction/

Altris deployment solution AClient privilege escalation updated since 30.11.2004   It's possible to launch executable with LocalSystem privileges.

netterm netftpd multiple bugs updated since 21.07.2003   Buffer overflows, DoS.

27.04.2005 Detailed

Citrix Program Neighborhood Agent multiple vulnerabilities   Buffer overflow, code execution with startup folders.   Multiple MySQL MaxDB database server WebTools problems updated since 08.12.2004   Buffer overflows, NULL pointer dereference, DoS.

26.04.2005 Detailed

ImageMagic PNM buffer overflow   Heap overflow in ReadPNMImage().   snmppd SNMP proxy daemon format string bug   Format string bug on syslog().   nProtect:Netizen virus / phishing protection ActiveX unauthorized access   It's possible to upload file to any location.

25.04.2005 Detailed

Adobe Acrobat Reader ActiveX information leak   It's possible to check file existance with LoadFile method.   Novell secure logging and auditing product DoS

23.04.2005 Detailed

6! KDE desktop environment PCX graphics format buffer overflow updated since 12.04.2005   Multiple kimgio image reading vulnerabilities.   PHP, ASP, CGI web applications security vulnerabilities updated since 19.04.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

22.04.2005 Detailed

6! Xine media library multiple buffer overflows   Multiple buffer overflows on MMS and RTSP streaming data processing.   KDE Kommander code execution         APG classmaster weak permissions   Access to subfolders is not limited.

21.04.2005 Detailed

6! telnet client multiple buffer overflows updated since 31.03.2005   env_opt_add(), slc_add_reply() buffer overflows.   Yawcam webcam software directory traversal         PostgreSQL weak cryptography   Username is used as a salt for MD5-hashed passwords. In addition, during authentication hash may be used directly without knowledge of cleartext password.

Desktop Rover remote desktop application DoS   DoS on parsing TCP/61427 data.

20.04.2005 Detailed

9! Microsoft Exchange Server SMTP protocol buffer overflow updated since 13.04.2005   Heap overflow on extended SMTP commands. 6! RealPlayer media player buffer overflow   Buffer overflow on RAM (real media audio) files parsing.   Sun Java System Web Proxy Server buffer overflow

f2c fortran to c translator symbolic links problems   Symbolic links problem on temporary files creation.

Microsoft Windows Explorer code execution   It's possible to execute script automatically on file selection.

19.04.2005 Detailed

6! PostgreSQL database array overflow   Array overflow on large number of variables in plpgsql.   McAfee Internet Security personal firewall / antivirus software weak permissions   Weak permissions for installation folder.   PMSoftware Simple Web Server buffer overflow   Buffer overflow on oversized GET request.

WheresJames Webcam Publisher buffer overflow   Buffer overflow on oversize GET request.

Webcam XP web camera software crossite scripting updated since 22.01.2004

18.04.2005 Detailed

8! Multiple Netscape / Mozilla / Firefox vulnerabilities   Search content hijacking with search plugins, crossite scripting with link tag. 7! CVS (Concurrent Versions System) buffer overflow         GNU oSIP SIP voice protocol library buffer overflow   Heap overflow on URL parsing.

17.04.2005 Detailed

6! Solaris GSS API privilege escalation   Ralative part is used to load library. 6! Sun ONE Directory Server buffer overflow   Buffer overflow on parsing LDAP request. 6! MacOS multiple browsers unauthorized local files access   By using AppleWebKit XMLHttpRequest it's possible to mount disk image with HTML documents to known location.

6! gld / postgrey antispam greylisting daemon for Postfix multiple vulnerabilities updated since 13.04.2005   Multiple buffer overflows, format string bugs.

libsafe stack protection library protection bypass   In multithread application there are race doncition before protection becomes active.

monkeyd web server format string vulnerability

Multiple Musicmatch Jukebox bugs   Unauthorized files access, information leak.

PHP, ASP, CGI web applications security vulnerabilities updated since 11.04.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Dameware NT Utilities / Mini Remote Control privilege escalation updated since 07.04.2005

15.04.2005 Detailed

7! Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflows updated since 12.04.2005   Buffer overflows in different internal protocol commands (TCP/6050, UDP/6050).   FreeBSD ifconf() information leak   Buffer may contain a part of kernel memory.

14.04.2005 Detailed

6! Squid proxy cache double memory free vulnerability   Double memory free on aborted PUT or POST request. 6! IBM WebSphere application server information leak   It's possible to obtain JSP page source code by requesting non-existing virtual host. 6! Multiple Microsoft Internet Explorer memory corruptions updated since 13.04.2005   Memory corruptions of different types, including buffer overflows.

LG mobile phones DoS   Phone crashes on corrupted MIDI file.

JunkBuster filtering proxy multiple vulnerabilities   Heap corruption, content spoofing.

PHP multiple vulnerabilities updated since 13.04.2005   Integer overflows on EXIF tags parsing.

WinHex editor buffer overflow   Buffer overflow on oversized file name.

13.04.2005 Detailed

9! Microsoft Windows TCP/IP stack multiple vulnerabilities   Memory corruption on IP packets handling, TCP connection reset with spoofed TCP and ICMP packets, a varinat of LAND attack. 7! Windows 2000/XP/2003 kernel multiple vulnerabilities   Buffer overflow during font files parsing, buffer overflow in CSRSS (Win32 execution subsystem), privilege escalation. 6! Microsoft Windows MSHTA code execution   Content type of the file is determined based on CLSID in file content, not by it's extention.

Oracle Forms SQL injection   Form request data is not validated.

Axel download accelerator buffer overflow   Buffer overflow on HTTP redirection handling.

Veritas i3 multiple vulnerabilities

Oracle multiple vulnerabilities

JavaMail directory traversal   Content-Disposition header filename is not checked.

MSN Messenger GIF file buffer overflow   Buffer overflow on GIF files parsing.

Microsoft Word integer overflow updated since 07.10.2004   Integer overflow in signed/unsigned conversion during .doc file parsing.

12.04.2005 Detailed

6! Multiple Mozilla / Firefox / Thunderbird browsers bugs updated since 02.03.2005   Symbolic links problem, crossite XML data access, form autocomplete feature information leak, buffer overflows, data spoofing, invalid certificates handlings.   portupgrade symbolic links problem   Insecure temporary files creation.   Pine symbolic links problem   Symbolic links problem in rpdump utility.

Smart Cache proxy DoS

DeluxeFTP FTP client weak permissions   FTP sites accounts are stored in world readable file.

OpenText FirstClass client code execution   Internet Bokkmark can point to UNC resource.

GNU core utilities symbolic links race conditions   If -m option is used in mkdir, mknod, mkfifo it's possible to change permissions for any file.

11.04.2005 Detailed

7! Novell Netware TCP/IP null pointer DoS       6! Lotus Notes, Lotus Domino multiple vulnerabilities   Buffer overflows, format string bugs, crossite scripting.   DC++ direct connect file sharing agent unauthorized files access

Multiple AN HTTPD Web Server vulnerabilities   Buffer overflows, crossite scripting.

OpenOffice buffer overflow   Buffer overflow on Microsoft Word files parsing.

HP OpenView Network Node Manager DoS

KMail mail agent signed content spoofing   Invalid HTML part handling allows to spoof signed text.

Linux kernel multiple vulnerabilities   sysfs_write_file() integer overflow, futex functions DoS, ext3 and jfs race conditions.

rsnapshot file system backup utility symbolic links problem   During symbolic links resotration file permissions are applied to file instead of link.

10.04.2005 Detailed

6! Microsoft Outlook digitally signed e-mail and name spoofing updated since 26.03.2005   E-mail and name of digital certificate is not checked against message's From: address.   PHP, ASP, CGI web applications security vulnerabilities updated since 04.04.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

09.04.2005 Detailed

6! Maxthon browser multiple bugs   Directory traversal, local files access, etc.   grip, GnomeVFS, libcdaudio CDDB client buffer overflow updated since 10.03.2005   Buffer overflow on CDDB server response parsing.

08.04.2005 Detailed

Messenger Plus! instant messanger password protection bypass   It's possible to change password without entering old one.   SCO OpenServer Unix multiple shells buffer overflow   termsh, atcronsh, auditsh buffer overflow during environment variables parsing.   Macromedia Coldfusion MX application server information leak   Compilde JAVA pages are stored in the Web accessible directory.

Irix gr_osview privilege escalation   Irix gr_osview privilege escalation.

SurgeFTP FTP server DoS   Developers left debugging LEAK command, that opens large number of file descriptors.

07.04.2005 Detailed

6! FreeBSD amd64 platform privilege escalation   Userland process can access phisical hardware. 6! Computer Associates eTrust Intrusion Detection IDS DoS   Buffer overflow on Microsoft Crypto API CPImportKey() call. 6! Sybase ASE database multiple vulnerabilities updated since 23.12.2004   Multiple buffer overflows and DoS conditions.

Cisco Linksys WET11 wireless ethernet bridge unauthorized access   It's possible to reset device password with web interface.

Miranda instant messanger PopUp Plus plugin buffer overflow   Buffer overflow on oversized message.

Lotus Domino Web server DoS   Large number of unicode 430 characters in URL causes stack overrun.

Cisco routers IOS ssh DoS   Bugs in ssh in conbination with TACACS+ causes router to hang or reload.

Cisco routers IOS IKE XAuth authentication bypass   It's possible to bypass authentication process.

vixie-cron symbolic links information leak   During editing synbolic links are not checked, allowing to read tasf files of different users.

FreeBSD sendfile() information leak   If file size it changed content of kernel memory can be disclosured.

05.04.2005 Detailed

6! Mozilla / Firefox / Netscape javascript information leak   It's possible to access random heap content with string replacement functions.   Windows 2003 Server DoS vulnerabilities   DoS on network operation during high CPU load, on printing in terminal sessions.   Adobe Acrobat Reader file information leak   It's possible to enumerate files.

Linux kernel AIO DoS   Call to io_queue_release() without call to io_queue_release() causes system crash on 64bit platforms (PPC64 and IA64).

CommuniGate Pro mail server DoS   Bug in LIST module multipart messages handling.

SonicWALL SOHO/10 firewall crossite scripting

04.04.2005 Detailed

Multiple remstats remote statistics system vulnerabilities   Unfiltered shell characters, symbolic links problem.

03.04.2005 Detailed

6! Linux ext2 filesystem information leak   During directory creating random data from kernel memory are written to disk.   Multiple gaim instant messanger DoS vulnerabilities   Multiple bugs in different messages formats and protocols.   PHP, ASP, CGI web applications security vulnerabilities updated since 28.03.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

02.04.2005 Detailed

Rumba network management system buffer overflow   Buffer overflow on profile file parsing.

01.04.2005 Detailed

10! Windows multiple bugs updated since 14.04.2004   LSASSS buffer overflow, LDAP DoS, PCT buffer overflow, WinLogon buffer overflow, WMF/EMF parsing buffer overflow, HCP:// code execution, Utility Manager privilege escalation, WMI privilege escalation, LDT privilege escalation, H.323 buffer overflow, NTVDM privilege escalation, ASM.1 double free memory coruuption. 7! Multiple Linux Kernel vulnerabilities   Privilege escalation with ATI Radeon drivers, remote denial of service with Netfilter.   PHP getimagesize DoS   Infinite loops with 100% CPU utilization.

Microsoft Windows msjet database multipl vulnerabilities   Microsoft Windows msjet databases multiple vulnerabilities.

Bay Technical Associates RPC-3 authentication bypass   It's possible to bypass authentication process with ESC.