27.04.2011 Detailed

6! Asterisk security vulnerabilities updated since 26.04.2011   Privilege escalation DoS via resources exhaustion.   CA Arcot WebFort Versatile Authentication Server security vulnerabilities   Crossite scripting, request spoofing.   HP OpenView Storage Data Protector code execution

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 26.04.2011   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

rsync memory corruption updated since 06.04.2011   Memory corruption on server reply parsing.

26.04.2011 Detailed

Kaspersky administration Kit SMB relaying attack   Network is automatically scanned and hosts found are automatically connected via SMB with administrative permissions, making it possible SMB relaying attack.

HP Network Automation information leakage         HP System Management Homepage multiple security vulnerabilities   Crossite scripting, code execution, DoS.

HP Proliant Support Pack multiple security vulneraebilities   Crossite scripting, information leakage.

HP Insight Control multiple security vulnerabilities   Privilege escalation, code execution, information leakage, DoS.

Microsoft fixed SMB NTLM relay attacks updated since 12.11.2008   Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness.

AT-TFTP DoS   Crash if no acknowledgment is recevied after file is retrieved.

21.04.2011 Detailed

7! Apple WebKit / Safari multiple security vulnerabilities updated since 19.04.2011   Integer overflow, use-after-free. 6! language-selector privilege escalation   Privilege escalation via D-Bus messages.   HP Systems Insight Manager multiple security vulnerabilities   Crossite scripting, crossite request forgery, DoS.

HP Performance Insight information leakage

Videcon Viola DVR VIO-4/1000 directory traversal   Directory traversal in Web interface.

PolicyKit privilege escalation   privilege escalation via pkexec

HP Virtual Server Environment for Windows privilege escalation

HP Insight Control Performance Management security vulnerabilities   Crossite request forgery, privilege escalation.

libtiff memory corruption   Memory corruption on JPEG files parsing.

CA Output Management Web Viewer ActiveX buffer overflow   Buffer overflows in UOMWV_HelperActiveX.ocx and PPSView.ocx

FreeBSD mountd protection bypass   Network mask in ACLs is computed incorrectly.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.04.2011 Detailed

7! CA TotalDefence multiple security vulnerabilities   SQL injection, directory traversal, information leakage, unauthorized access. 7! IBM Tivoli Directory Server buffer overflow   Buffer overflow in LDAP (TCP/389) CRAM-MD5 authentication.   KDE KGet directory traversal   Directory traversal via filename.

KDE KHTML crossite scripting   Crossite scripting via error pages.

EMC Networker weak permissions   Weak permissions for executable file.

EMC RSA Adaptive Authenticatio crossite scripting updated since 19.04.2011   Flash file crossite scripting.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.04.2011 Detailed

9! Microsoft Windows multiple security vulnerabilities updated since 13.04.2011   SMB client and server memory corruption, Fax Cover Page Editor memory corruption, MFC library unsafe DLL loading, MHTML library information leak, GDI+ library integer overflow, DNS client memory corruption, memory corruption in .Net Framework, memory corruption in JScript / VBScript engines, stack overflow in OpenType fonts parsing, multiple drivers vulnerabilities. 8! Microsoft Internet Explorer multiple security vulnerabilities updated since 13.04.2011   Multiple memory corruptions and information leaks. 7! Microsoft Office multiple security vulnerabilities updated since 13.04.2011   Multiple memory corruptions in Excel and PowerPoint, unsafe DLL loading, memory corruption in Office Graphic.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

14.04.2011 Detailed

VeryPDF PDF Extract TIFF library multiple security vulnerabilities   Multiple vulnerabilities on PDF parsing.   TOTVS ERP Microsiga Protheus buffer overflow   Buffer overflow on network request parsing.   RealNetworks RealPlayer code execution   Code execution via .rnx files.

HP Photosmart printers security vulnerabilities   Unauthorized access, crossite scripting.

McAfee Firewall Reporter unauthenticated access   Bug in application logic allows authentication bypass.

Linksys WRT54G information leakage   Access passwords are stored in the files available via anonymous FTP.

VLC mediaplayer buffer overflow   Heap oveflow on MP4 parsing.

HP-UX NFS/ONCplus DoS

MIT Kerberos 5 memory corruption   Invalid pointer free() during password change request processing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Reader integer overflows   Integer overflows on different formats parsing.

GIMP multiple security vulnerabilities   Memory corruption on different data formats parsing.

13.04.2011 Detailed

6! Multiple ActiveX components security vulnerabilities   kill bit update for multiple components of different vendors.   Multiple systems ICMPv6 flood DoS   router announcement packets flood resourceds exhaustion   Apache Tomcat information leakage   Under some conditions, information may be sent to wrong client.

Windows help system buffer overflow   Buffer overflow on CHM files parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.04.2011 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.04.2011 Detailed

6! libmodplug library buffer overflow   ReadS3M buffer overflow. DoS on ABC files parsing.   XRDB shell characters vulnerability   Shell characters vulnerability via host name.   tmux privilege escalation   Elevated group privileges are not dropped.

Debian symbolic links vulnerability   /etc/cron.d/php5 cron job allows to delete arbitrary files via symlinks.

KDE KSSL certificate spoofing   It's possible to spoof certificate issued for IP address.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

O2 DSL Router Classic router crossite scripting   Crossite scripting in administration interface.

06.04.2011 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

05.04.2011 Detailed

6! RealNetworks RealGames ActiveX code execution   Multiple unsage methods. 6! xmlsec library unauthorized access   It's possible to access files via ds:Transform. 6! GGmpeg library multiple security vulnerabilities   Buffer overflow on Vorbis / WebM files decoding, memory corruption on RealMedia and VC1 files.

Novell File Reporter Agent buffer overflow   NFRAgent.exe TCP/3037 buffer overflow.

IBM solidDB authentication bypass   solid.exe (TCP/1315, TCP/1964, TCP/2315) authentication bypass.

iSCSI target user-space tools double free   Double free() in tgt.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

THOMSON TG585 routers crossite scripting   Crossite scripting in Web interface.

04.04.2011 Detailed

8! Multiple BSD systems IPSec IP Compression stack overflow   kernel stack overflow on packet parsing. 7! RealNetworks Helix DNA Server buffer overflow   Buffer overflow on RTSP processing.   HP Operations for UNIX crossite scripting

Hp-UX DoS

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FreeBSD sendfile() information leak updated since 07.04.2005   If file size it changed content of kernel memory can be disclosured.

Movie Player buffer overflow   Buffer overflow on AVI parsing.

Microsoft Windows shmedia.dll DoS   Division by zero on AVI preview creation.