30.04.2007 Detailed

6! Opera buffer overflow   Buffer overflow on torrent files parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   ActiveGS ActiveX multiple buffer overflows   Buffer overflows in different components.

29.04.2007 Detailed

IPIX Image Well ActiveX buffer overflow   Buffer overflow in CreateMediaGroup method.

Beast privilege escalation   Unchecked result of setuid() call can be exploited by user with exhausting system resources.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

28.04.2007 Detailed

6! AFFLIB library multiple security vulnerabilities   Shell characters injections, buffer overflows, format string vulnerabilities, race conditions, etc.   MyDNS buffer overflow   Heap buffer overflow on dynamic DNS update request parsing.   Symantec Norton Ghost multiple security vulnerabilities   Service Manager buffer oveflow, weak encryption.

Multiple browsers digest authentication request splitting   It's possible to inject new line characters to HTTP request headers thorugh username.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

27.04.2007 Detailed

6! Linux and BSD based Unix system IPv6 traffic amplification   IPv6 routing header allows to set route in a way to trasmit packet for multiple times over the same link.   Novell eDirectory NCP over IP DoS   Malformed fragmented request causes service to crash.

25.04.2007 Detailed

7! Asterisk multiple security vulnerabilities   Multiple buffer overflows on T.38 SDP SIP channels parsing. DoS in administration interface. Multiple security vulnerabilities in parsing SIP replies.   Cisco Network Services NetFlow Collection Engine default account   Account with hardcoded password is used for NetFlow information gathering.   HP StorageWorks unauthorized access

3COM TippingPoint intrusion prevension system DoS   Packets flood to TCP/80 port leads to resources exhaustion.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Apache unfiltered HTTP methods   HTTP request method is not checked for RFC2616 complience. Under specific conditions it may lead, for example, to crossite scripting.

24.04.2007 Detailed

6! PostgreSQL privilege escalation   By using temporary objects, unprivileged user can execute function with permissions of security-definer.   Lilnksys SPA941 VoIP phone DoS   Denial of Service on character with code 255 in SIP INVITE message.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.04.2007 Detailed

8! Courier-IMAP shell characters problem   Invalid usage of XMAILDIR environment variable controlled by attacker thorugh logon request in the scripts courier-imapd.indirect and courier-pop3d.indirect

22.04.2007 Detailed

aMSN messenger denial of service   Crash on double '{' character to dynamic application port.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 20.04.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.04.2007 Detailed

6! Apple Mac OS X RPC portmapper service integer overflow   Integer overflow during AUTH_UNIX RPC uahtneitcation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   OpenSSH account enumeration   S/Key is requested only for existing user account, if S/Key authentication is used.

20.04.2007 Detailed

7! Oracle critical patch update updated since 18.04.2007   Patch set fixes 36 vulnerabilities in Oracle applications, including 13 vulnerabilities in Oracle database server. 6! eXtremail buffer overflow   DNS resolver code buffer overflow. 6! WinAmp memory corruption   Memory corruption on WMV files processing.

6! IBM Tivoli Monitoring Express buffer overflow   Heap buffer overflow on oversized request to Universal Agent Primary Service (TCP/10110), Monitoring Agent for Windows (TCP/6014), Tivoli Enterprise Portal Server (TCP/14206).

6! Novell Groupwise WebAccess buffer overflow   Stack buffer overflow (stack overrun) during TCP/7205 TCP/7211 HTTP basic authentication on base64 decoding.

GraceNote CDDBControl ActiveX buffer overflow   Buffer overflow on oversized proxy configuration paramters.

Dovecot unauthorized access updated since 20.04.2007   zlib plugin allows access to the files behind mail directory.

BMC Performance Manager unauthorized access   PatrolAgent.exe TCP/3181 allows SNMP community definition modification.

BMC Patrol PerformAgent memory corruption   Buffer overflow on bgs_sdservice.exe TCP/10128 XDR data parsing.

BlueArc Titan storage server FTP bounce attack   Bounced port scan is possible.

Netsprint Toolbar ActiveX buffer overfow updated since 17.04.2007   Buffer overflow in isChecked() interface.

Macrovision InstallAnywhere protection bypass   It's possible to bypass serial number / password protection.

19.04.2007 Detailed

6! IBM WebSphere multiple security vulnerabilities   Double free() vulnerability, Servlet Engine vulnerabilities. 6! Sun Solaris fragmented IP packets DoS       6! liggttpd multiple denial of service conditions   NULL pointer dereference, infinite loop.

Roxio CinePlayer ActiveX buffer overflow   Buffer overflow in SonicDVDDashVRNav.dll.

Linux AppleTalk DoS   Denial of Service on AppleTalk frame parsing.

Wizz RSS Reader Mozilla plugin crossite scripting   Crossite scripting with RSS feeds.

TinyMux multiple security vulnerabilities   Multiple denial of service conditions.

ScramDisk 4 for Linux privilege escalation   suid bit is not cleared, it's possible to mount image to system directory.

lha symbolic links problem   Symbolic links problem on temporary files creation.

bftpd FTP server buffer overflow

Python information leak   strxfrm function leaks memory content.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.04.2007 Detailed

McAfee E-Business Admin Server DoS   Read access to unallocated memory during authentication.   McAffee VirusScan antivirus buffer overflow   Buffer overflow on oversized Unicode filename.   Sun Java web console format string vulnerability   Format string vulnerability in libwebconsole_services.so on syslog() call.

17.04.2007 Detailed

6! 3proxy buffer overflow   Buffer overflow on parsing transparent HTTP proxy request. 6! DNS birthday attacks updated since 25.04.2003   DNS uses 2-bytes message identificator to prevent spoofing attack. The problem is if few same requests came in same time they are forwarded with different IDs from same UDP port. It increases chances to spoof reply (so called birthdey effect: probability that among 60 randomely choosen persons there are 2 with same bithdate is under 95%).   Gentoo Linux Vixie cron denial of service   Weak file permissions allows to prevent cron jobs from running via hard links.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 17.04.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Akamai Download Manager ActiveX buffer overflow   Buffer overflow in MANAGER.DLMCtrl.1 element.

16.04.2007 Detailed

6! Adobe Macromedia Flash Player code execution   *nix platforms code execution. 6! ClamAV antivirus multiple vulnerabilities updated since 13.04.2007   Buffer overflow on CAB files parsing, DoS on CHM parsing. PDF files parsing descriptors leak.   Metamod-P DoS   Denial of service on oversized list command.

Quagga bgpd BGP service DoS updated since 16.04.2007   Denial of service on BGP UPDATE messages processing.

bftpd FTP server DoS   Denial of service on processing GET / MGET commands.

SecuStick USB flash drive protection bypass   File access does not dependant on authentication, making it's possible to bypass authentication for file access.

'file' utility regular expressions DoS   Large number of LF characters leads to CPU consumption.

elinks format string vulnerability   Relative path is used to search text strings (.po) file. It makes it possible to spoof the file and to conduct format string attack.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FreeRADIUS memory leak   Memory leak on large number of EAP-TLS requests leads to Denial of Service conditions.

VCDGear buffer overflow   Buffer overflow on parsing .cue files.

14.04.2007 Detailed

LANDesk Management Suite buffer overflow   UDP/65535 alert service bufer overflow.

13.04.2007 Detailed

6! Cisco Wireless Control System multiple security vulnerabilities   Hardcoded unchangable FTP server account, privilege escalation thorugh group membership, information leaks. 6! HP-UX pfs_mountd.rpc PFS file system daemon buffer overflow   Buffer overflow on UDP datagrams parsing.   Airodump-ng buffer overflow   Buffer overflow on 802.11 authentication packet parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco Wireless LAN Controller multiple security vulnerabilities   Default SNMP communities, default passwords, DoS on Ethrenet frames parsing, multiple NPU DoS conditions, WLAN ACLs are lost during reboot.

eIQnetworks Enterprise Security Analyzer multiple buffer overflows   Buffer overflow on parsing TCP/10616 ESA Server data.

Stegano weak cryptography   Decryption key is stored with data.

HP Mercury Quality Center multiple security vulnerabilities updated since 03.04.2007   SQL injection, ActiveX buffer overflow

12.04.2007 Detailed

6! Apache suexec multiple vulnerabilities   RAce conditions on symbolic links handling, access to partially matched directories, privilege escalation because of absent GID/UID check.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 11.04.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.04.2007 Detailed

9! Mltiple MIT Kerberos security vulnerabilities updated since 04.04.2007   telnet daemon arbitrary user logon without password, krb5_klog_syslog() buffer overflow, double free() vulnerability. 7! Microsoft Windows memory corruption updated since 16.12.2006   CSRSS memory corruption on MessageBox with MB_SERVICE_NOTIFICATION beginning with "\??\".   IBM AIX drmgr DoS

PulseAudio sound server DoS   Multiple invalid assert()usage, e.g. on empty request.

IBM Tivoli Provisioning Manager for OS Deployment DoS   Invalid handling of HTTP POST multipart/form-data requests to 8080/tcp or 443/tcp ports.

Multiple phone systems unauthorized voice mail access   Spoofable Caller ID (CNID) is used for access authentication.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 11.04.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Racoon IPSec key exchange DoS   It's possible to disrupts established IPSec tunnels.

Microsoft Windows Virtual DOS machine privilege escalation   Race conditions allow to overwrite VDM memory zero page.

Half-Life DoS updated since 22.04.2003   Malformed packet causes server to crash.

Mozilla Grand Paradiso alpha version DoS   Crash on large numbr of non-existant applets requests.

10.04.2007 Detailed

7! Microsoft Agent ActiveX memory corruption   Buffer overflow on URL parsing. 6! Microsoft Windows Universal PnP memory corruption   Memory corruption during TCP/2869 and UDP/1900 request processing. 6! Microsoft Content Management Server multiple security vulnerabilities   Crossite scripting, memory corruption.

6! AOL instant messenger / ICQ directory traversal   Directory traversal on file receiption.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.04.2007 Detailed

6! Microsoft Windows Vista protected process protection bypass   It's possible to set or remove process protection. 6! Multiple Microsoft Office security vulnerabilities   Buffer overflows, CPU exhaustion on .doc files parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

08.04.2007 Detailed

6! PHP ext/filter protection bypass   \n injection is not checked. 6! PHP imap_mail_compose buffer overflow   Buffer overflow on oversized MIME boundary. 6! man buffer overflow   Buffer overflow on oversized -H argument.

SolidWorks ActiveX buffer overflow   Run methods allows to execute external application.

PHP memory manager integer overflow   Integer overflow on large memory allocation.

PHP msg_receive() integer overflow   Integer overflow with max_size parameter.

PHP php_stream_filter_create() buffer overflow   Off-by-one overflow on the filter name ending with dot.

Buffer overflow on in PHP sqlite_udf_decode_binary() function   Buffer overflow on the string with single \0x01 character.

PHP str_replcae() integer overflow   Integer overflow on a large number of single char substring occurance.

PHP gd extension readwbmp() function integer overflow   Buffer overflow on WBMP image parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Wserve HTTP Server buffer overflow   Buffer overflow on oversized header in request.

06.04.2007 Detailed

7! Multiple Kaspersky Antivirus / Internet Security security vulnerabilities   Multiple unsafe ActiveX methods allows files uploading from vulnerable host. Buffer overflow on ARJ files parsing. Local driver buffer overflow. 6! NullSoft WinAmp multiple security vulnerabilities   Multiple memory corruptions in different modules. 6! Mozilla Firefox Firebug extension code execution   Script can access browser chrome:.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Filtering / protection bypass in Microsoft ASP.NET   There are multiple ways to bypass filtering functions and conduct crossite scripting attack.

05.04.2007 Detailed

6! QT / KJS UTF-8 decoding security vulnerability   Oversized UTF-8 sequences are not blocking, making it possible to conduct cross-site scripting and directory traversal attacks. 6! Multiple OpenOffice security vulnerabilities updated since 29.03.2007   Shell characters problem on document open, code execution.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 05.04.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

SAP RFC library multiple security vulnerabilities   Buffer overflows, DoS conditions and information leak in TRUSTED_SYSTEM_SECURITY, RFC_START_PROGRAM, RFC_START_GUI, SYSTEM_CREATE_INSTANCE, RFC_SET_REG_SERVER_PROPERTY.

04.04.2007 Detailed

10! Microsoft Windows animated cursors buffer overflow updated since 30.03.2007   Stack buffer overflow (stack overrun) is actively used for hidden malware installation. 9! Microsoft Windows multiple GDI vulnerabilities       7! Multiple vulnerabilities in X.Org X11 server   Multiple inteer overflows and memory corruptions.

6! Yahoo! Messenger ActiveX buffer overflow   Buffer overflow in Yahoo.AudioConf control.

6! Microsoft Vista IPv6 multiple security vulnerability updated since 29.03.2007   Multiple DoS conditions and spoof possibilities.

Microsoft Windows DoS with WMF files   Uninitialized memory reference in system kernel.

03.04.2007 Detailed

6! HP OpenView Network Node Manager unauthorized access         ImageMagic buffer overflow   Buffer overflow on DCM and XWD images processing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

02.04.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

01.04.2007 Detailed

7! Brightstor ArcServe Backup buffer overflow updated since 08.12.2006   Buffer overflowû in backup discovery service and tape engine, backup message system.   Norton Personal Firewall / Norton Internet Security privilege escalation   Invalid processing of hooked functions parameters.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ESRI ArcSDE DoS

NetBSD reference ISO protocol implementation multiple security vulnerabilities   Buffer overflows in different functions.

Apache mod_perl resource exhaustion   PATH_INFO environment variable is used in regular expressions without scpeial characters escaping.

ActSoft DVD-Tools ActiveX buffer overflow updated since 16.02.2007   Stack buffer overrun in OpenDVD method within dvdtools.ocx ActiveX class library.