30.04.2010 Detailed

7! Novell ZENworks directory traversal updated since 26.04.2010   UploadServlet directory traversal. 6! VLC media player multiple security vulnerabilities   Multiple buffer overflows and memory corruptions on different media formats.   Internet Download Manager buffer overflow   Buffer overflow on ftp:// URI processing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP System Insight Manager multiple security vulnerabilities   Crossite scripting, crossite request forgery, privilege escalation.

29.04.2010 Detailed

7! AgentX++ library / Helix Server multiple security vulnerabilities updated since 26.04.2010   Integer overflow, buffer overflow.

Microsoft SharePoint Server crossite scripting   Crossite scripting in help.aspx   PostgreSQL DoS   Crash on substring() function in SQL.

27.04.2010 Detailed

6! Novastor NovaBACKUP Network multiple security vulnerabilities   Buffer overflow, information leak, DoS.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

26.04.2010 Detailed

7! Apache mod_auth_shadow authentication bypass   Race conditions allow to bypass username/password check. 6! HP Virtual Machine Manager unauthorized access         CompleteFTP DoS   Memory leak during authentication.

HP-UX DoS

HP Operations Manager code execution

ClamAV memory corruption   Memory corruption on CAB files parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 26.04.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

WinMount buffer overflow   Buffer overflow on oversized file names inside archive.

23.04.2010 Detailed

6! imlib2 library buffer overflow   Heap buffer overflow in IMAGE_DIMENSIONS_OK().   MIT Kerberos 5 double free()   KDC double free()   Cisco RVS/PVC/WVC information leak   Unprivileged user can view passwords.

HTC communicators SMS crossite scripting   Crossite scripting on SMS preview.

Microsoft Windows DoS   SfnLOGONNOTIFY and SfnINSTRING functions DoS.

Apache Tomcat information leak   Internal computer name and port may be used as a realm name for HTTP basic authentication.

22.04.2010 Detailed

6! Adobe Download Manager ActiveX buffer overflow   Buffer overflow via parameters. 6! OpenSSL DoS confitions   DoS conditions in ssl3_get_record and kssl_keytab_is_available functions. 6! sudo protection bypass updated since 01.03.2010   when a pseudocommand is enabled, it's possible to created an executable file with the same name, it will be executed by relative name with escalated privileges.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.04.2010 Detailed

8! Adobe Acrobat and Reader multiple security vulnerabilities   Multiple buffer overflows, memory corruptions, code execution, crossite scripting, DoS conditions. 7! Cisco Secure Desktop ActiveX code execution   Web Install ActiveX allows to download and execute code due to failed signature validation. 7! Apple Mac OS X multiple security vulnerabilities updated since 07.04.2010   Code execution on Internet Enabled Disk Image files. Multiple vulnerabilities in ImageIO,

Visualization Library memory corruption   Memory corruption on .dat files parsing.

iomega Home Media Network Hard Drive unauthorized access   Web interface allows SMB access to device and network it's connected to.

Micropoint Proactive Denfense privilege escalation   User-controlled kernel memory access on IOCTL processing.

ejabberd XMPP/Jabber server DoS   Array overflows on large number of simulationeus c2s messages.

KDE kdm race conditions   race conditions allow to change file permissions.

irssi multiple security vulnerabilities   Insufficient SSL certificate and version validation, DoS.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

VMWare applications multiple security vulnerabilities updated since 12.04.2010   Code execution, privilege escalation, buffer overflow, format string vulnerabilities, DoS, information leaks.

Imperva SecureSphere Web Application Firewall protection bypass

IBM BladeCenter Management Module DoS   DoS on tcp/3900 traffic processing.

17.04.2010 Detailed

8! Oracle / Sun applications multiple security ulnerabilities updated since 16.04.2010   Oracle quarterly CPU contains fixes for approximately 50 different vulnerabilities.

16.04.2010 Detailed

7! Microsoft Windows MP3 codec buffer overflow   Buffer overflow on AVI files with MP3 audio stream. 6! Microsoft Windows Media Services buffer overflow   Buffer overflow in nsum.exe on client request processing.   Microsoft Windows ISATAP IPv6 address spoofing   Insufficient check for tunneling address.

Microsoft Windows Media Player ActiveX memory corruption   Memory corruption on media file parsing.

Microsoft Office Publisher buffer overflow   Buffer overflow on files parsing.

15.04.2010 Detailed

8! Microsoft Windows file signature spoofing   Signature spoofing in PE and CAB files. 7! Microsoft SMB client multiple security vulnerabilities updated since 10.02.2010   Memory corruptions, race conditions. 6! Microsoft Windows kernel multiple privilege escalations   Multiple DoS conditions, race conditions, memory corruptions.

Microsoft VBS code execution   If F1 is pressed in dialog window, help file controlled by attacker

14.04.2010 Detailed

TANDBERG Video Communication Server multiple security vulnerabilities   Static ssh key, authentication bypass, files access.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.04.2010 Detailed

8! Oracle Sun Java WebStart code execution   Characters injection during javaws/javaws.exe launch allows dynamic library execution in specified location. 8! Apple QuickTime/iTunes multiple security vulnerabilities updated since 05.04.2010   Multiple vulnerabilities on FLC, PICT and multiple graphics and video formats parsing.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

WinSoftMagic Photo Editor buffer overflow   Buffer overflow on .PNG files parsing.

09.04.2010 Detailed

TCPDF library code execution   PHP code execution with <tcpdf> tag.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

07.04.2010 Detailed

9! Oracle Sun Java multiple security vulnerabilities updated since 31.03.2010   Buffer overflows on soundbank parsing, buffer overflow on images and archives parsing. Multiple code executions and privilege escalations.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   MIT Kerberos 5 kadmind DoS   use-after-free vulnerability on error message generation.

Miranda IM TLS encryption vulnerability updated since 18.03.2010   Under some conditions TLS is not used for Jabber server connection regradless of settings.

06.04.2010 Detailed

8! Многочисленные уязвимости в Mozilla Firefox / Seamonkey multiple security vulnerabilities   Multiple memory corruptions, integer overflows, array index overflows, information leak.   xulrunner multiple security vulnerabilities   Multiple memory corruptions, privilege escalations, code executions.

05.04.2010 Detailed

9! Microsoft Internet Explorer multiple security vulnerabilities updated since 31.03.2010   Multiple security vulnerability are used in-the-wild for hiddden malware installation.   BitComet torrent client DoS   Crash on malformed DHT packet.   Apache CouchDB timing attack   Password validation algorythm allows to guess matching part.

libnss-db unauthorized files access   It's possible to access local files with elevated privileges.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.