29.04.2008 Detailed

6! KDE start_kdeinit privilege escalation   It's possible to execute code with root privileges or send signals to privileged processes.   Multiple antivirus and firewall memory corruption   Memory corruptions on SSDR hooked functions argument processing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

28.04.2008 Detailed

6! ldm / ltsp X session hijack   It's possible to connect to X server of any LTSP client.

6! Novell Groupwise buffer overflow   Buffer overflow on mailto: URI parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

27.04.2008 Detailed

6! HP eSupportDiagnostics ActiveX unauthorized access updated since 20.12.2007   Unsafe ReadTextFile() / ReadValue() methods allow file system / registry access.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 27.04.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Comix multiple security vulnerabilities   Shell characters vulnerability, symbolic links problem.

Lotus Expeditor code execution   cai: URI handler allows code exectuion from any SMB share.

25.04.2008 Detailed

7! Sun Java JRE / JDK multiple security vulnerabilities updated since 07.03.2008   Vulnerabilities on image parsing. 6! perl buffer overflow   Heap memory overflow on regular expression handling. 6! Trillian buffer overflow   Buffer overflow on oversized MSN messenger nickname.

6! BadBlue Web server multiple security vulnerabilities updated since 13.12.2007   Buffer overflow, directory traversal, information leak, DoS.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Coppermine: SQL injection.

24.04.2008 Detailed

7! Xinelib buffer overflow   Buffer overflow on oversized MP3 Copyright tag. 6! Microsoft Windows Realtek HD Audio privilege escalation   Multiple security vulnerabilities on IOCTL processing. 6! Asterisk IAX2 calls spoofing   Insuficient check of server ACK and weak call number generation allows blind spoofing.

Zune software ActiveX unauthorized access   It's possible to save files to any location.

OpenFire jabber server DoS   Memory exhaustion if client fails to receive messages.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Wordpress: different message for wrong username and pasword, weak inicial password generation.

Safari multiple security vulnerabilities   DoS conditions, link target spoofing.

RSA Authentication Agent crossite scripting   Crossite scriptign via authorization page.

23.04.2008 Detailed

6! QiP memory corruption   Memory corruption on large number of smiles in message.

22.04.2008 Detailed

6! Adobe Photoshop / Adobe After Effects buffer overflow   Buffer overflow on BMP files parsing.   DBMail unauthorized access   It's possible to access any account without password if authldap is used.   Motorolla Surfboard cable modem multiple security vulnerabilities   DoS conditions, crossite request forgery.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.04.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

20.04.2008 Detailed

6! Aztech ADSL routers backdoor   It's possible to obtain administrative access with undocumented account isp/isp. 6! MPlayer array index overflow   Array index overflow on SDP session data parsing. 6! Multiple torrent client commands injection   It's possible to inject web interface command by using CSRF injection technique.

6! OpenOffice multiple security vulnerabilities   multiple buffer overflows and integer overflows on QPRO (Quattro Pro), EMF and Microsoft Office files parsing.

6! IBM DB2 database server multiple security vulnerabilities updated since 16.04.2008   Privilege escalation with administration utility, db2dasStartStopFMDaemon buffer overflow. JAR files DoS. Code execution with ADMIN_SP_C/ADMIN_SP_C2. Arbitrary files overwrite with SYSPROC.NNSTAT.

Microsoft Windows privilege escalation   By using RPCSS service it's possible to elevate privileges from NetworkService to SYSTEM.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. mnoGoSearch: crossite scripting in search.php3 via q parameter.

18.04.2008 Detailed

6! Mozilla Firefox memory corruption   Memory corruption in Javascript garbage collection.

17.04.2008 Detailed

7! XPDF / Poppler uninitialized pointer dereference   User-controlled pointer dereference. 7! Speex / VLC / gstreamer-plugins-good / sweep / SDL_sound / vorbis-tools / Xine buffer overflow   Buffer overflow in speex_packet_to_header(). 7! CA multiple applications ActiveX code execution   Code execution with gui_cm_ctrls control.

7! PCRE library buffer overflow updated since 20.02.2008   Buffer overflows on regular expressins with codepoints greatr than 255.

6! PolicyKit format string security vulnerability   Format string vulnerability via password.

6! Cisco Network Admission Control weak encryption   Shared secret is transmitted cleartext over the networkig during logging.

BigAnt Server buffer overflow   Buffer overflow on oversized TCP/6080 HTTP request.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FoxIt Reader multiple security vulnerabilities   Memory corruptions on PDF parsing.

16.04.2008 Detailed

7! ICQ buffer overflow   Buffer overflow on status message parsing. 7! ClamAV antivirus multiple security vulnerabilities updated since 15.04.2008   Endless loop on ARJ files handling. Heap buffer overflow on WWPack'ed and PeSpin'ed PE files. 6! DivX Player buffer overflow   Buffer overflow on .SRT subtitile files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Trashbin plugin for Wordpress: crossite scripting.

15.04.2008 Detailed

7! IBM Lotus Notes / Autonomy Keyview multiple security vulnerabilities   Multiple buffer overflows. 7! ActivePDF / Lotus Notes / Symantec Mail Security / Autonomy Keyview multiple security vulnerabilities updated since 14.04.2008   Multiple buffer overflows on Folio Flat File / Applix graphics format parsing. 6! Opera browser multiple security vulnerabilities   Multiple memory corruptions, keyboard passwords handling weakness.

6! IBM Websphere MQ unauthorized access   Authentication bypass, security restrictions bypass.

6! Xitami web server format string vulnerability   Format string vulnerability on SSI files handling.

6! Microsoft Internet Explorer memory corruption updated since 08.04.2008   Memory corruption on datasream processing.

OpenOffice array index overflow   Array index overflow on large number of document styles.

Unixware utilities buffer overflow   Buffer overflows in suid utilities /usr/lib/merge/mcd /usr/opt/reliant/bin/hvdisp /usr/opt/reliant/bin/rcvm

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

squid proxy server DoS   assert() on invalid cache update reply.

HP OpenView Network Node Manager multiple CGI buffer overflow updated since 07.12.2007   Buffer overflows in ovlogin.exe, OpenView5.exe, snmpviewer.exe, webappmon.exe. OpenView5.exe directory traversal.

Watchguard Firebox user enumeration   Error code is different for invalid username and password for PPTP MS-CHAPv2 authentication.

14.04.2008 Detailed

8! Adobe Flash Player multiple security vulnerabilities updated since 10.04.2008   Code execution, crossite scripting, request spoofing. 6! Trillian buffer overflow   Buffer overflow on .dtd files parsing. 6! Borland Interbase database server buffer overflow   Buffer overflow on TCP/3050 data parsing.

6! EMC DiskXtender multiple security vulnerabilities   Authentication bypass, buffer overflow, format string vulnerability.

6! rsync integer overflow   Integer overflow on ACL handling.

libpng uninitialized memory reference   Uninitilized memory reference on zero-sized chunk with external chunk handlers.

gnome-screensaver privilege escalation   getpwuid() exceptional conditions are not handled.

Python buffer overflow   Integer overflow leading to buffer overflow in PyString_FromStringAndSize().

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

am-utils symbolic links security vulnerability   expn utility unsafe temporary files creation.

10.04.2008 Detailed

6! Audit buffer overflow   Buffer overflow on logging. 6! licq fd_set bitmap index overflow   FD_SETSIZE is not checked on incoming connection accept().   Python zlib module buffer overflow   Integer overflow in flush leads to buffer overflow.

AlsaPlayer buffer overflow   Buffer overflow on oversized .ogg comment.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Wayport Public Access PC protection bypass   It's possible to disable protection by disabling Internet Explorer plugin.

HP Integrity server iLO-2 DoS

09.04.2008 Detailed

9! Microsoft Windows GDI multiple security vulnerabilities updated since 08.04.2008   Multiple buffer overflows on EMF and WMF files parsing. 8! Microsoft Windows multiple ActiveX elements security update updated since 08.04.2008   Code execution in hxvz.dll.

08.04.2008 Detailed

9! Microsoft Windows VBScript / JScript buffer overflow   Buffer overflow on scripts parsing. 7! XFree86 / X.Org / NX multiple security vulnerabilities updated since 20.01.2008   XInput and TOG-CUP extensions memory corruption, EVI and MIT-SHM extensions integer overflows, multiple extensions array index overflows. libxfont PCF fonts parsing buffer overflow. 6! Microsoft Windows privilege escalation   Code execution in kernel context.

6! Microsoft Visio multiple security vulnerabilities   Memory corruption and code execution on files parsing.

6! HP OpenView Network Node Manager multiple security vulnerabilities updated since 08.04.2008   Buffer overflows, format string vulnerabilities, DoS conditions on TCP/2953, TCP/2954 traffic parsing.

6! Tumbleweed SecureTransport FileTransfer ActiveX buffer overflow   Buffer overflow in TransferFile method.

Microsoft project memroy corruption   Memory corruption on file parsing.

CDNetworks Nefficient Download ActiveX unauthorized access   It's possible to download file to any location.

openMosix API library buffer overflow   Buffer overflow in msx_readnode().

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

05.04.2008 Detailed

7! Symantec Internet Security activeX code execution   It's possible to execute code by using crossite scripting in symantec.com domain. Buffer overflow. 7! Apple QuickTime multiple security vulnerabilities   Buffer overflows and memory corruptions aon multiple file and stream formats. 6! SCO Unixware pkgadd directory traversal   It's possible to access any system files.

6! OrbitDownloader buffer overflow   Buffer overflow on Unicode URL parsing.

6! CA ARCserve Backup and CA Desktop Management multiple seucirty vulnerabilities   Durectory traversal and buffer overflow.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. MODx CMS: index.php crossite scripting through email parameter.

Cisco Unified Communications Disaster Recovery Framework code execution   Command execution thorugh backup management service.

F5 BIG-IP privilege escalation   Resource Manager group member can execute shell commands thorugh perl injection vulnerability.

03.04.2008 Detailed

7! CUPS code execution with GIF files   Buffer overflow on GIF files parsing. 6! Webwasher content fitler DoS   Proxy hangs on URL parsing.   Seattlelab SLMail Pro multiple security vulnerabilities   Memory corruption and DoS conditions.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

LANDesk Management Suite directory traversal   Directory traversal in TFTP server.

HP Select Identity unauthorized access

02.04.2008 Detailed

6! Apache-SSL multiple security vulnerabilities   Multiple vulnerabilities on environment variable initialization from client certificates data.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

01.04.2008 Detailed

6! Macrovision InstallShield InstallScript One-Click Install ActiveX code exectuion   Control allows to download and execute dynamic library from remote site.   PowerDNS DNS cache poisoning attack   Weak PRNG generator allows cache poisoning attack.   Avast! antivirus memory corruption   Kernel memory corruption in aavmker4.sys on IOCTL processing.

2X ThinClientServer TFTP server directory traversal

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 01.04.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

lighthttpd SSL DoS   Termination of one SSL connection may cause another concurrent SSL connection to terminate.