26.04.2012 Detailed

6! Linux kernel multiple security vulnerabilities updated since 02.04.2012   DoS, information leakage, privilege escalation.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   NVidia Linux / Unix drivers privilege escalation   Kernel memory access is possible.

24.04.2012 Detailed

7! Asterisk multiple security vulnerabilities   Buffer overflow on Skinny processing, DoS via SIP, Asterisk Manager code execution.

6! Plixer Scrutinizer NetFlow and sFlow Analyzer multiple security vulnerabilities   Authentication bypass, SQL injection, crossite scripting.

6! InspIRCd buffer overflow   Buffer overflow on DNS request processing.

6! OpenSSL memory corruption updated since 22.04.2012   Memory corruption in asn1_d2i_read_bio()/SMIME_read_PKCS7()/SMIME_read_CMS()

RuggedCom SCADA equipment backdoor   RuggedCom's Rugged Operating System backdoor account.

VMWare ESXi / ESX weak permissions   VMWare Tools folder weak permissions

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP ProCurve switches compact flash cards virus   Some of the devices contain virus on compact flash card.

Astaro Security Gateway crossite scripting   Multiple crossite scripting possibilities.

Astaro Command Center crossite scripting   Multiple crossite scripting vulnerabilities.

23.04.2012 Detailed

7! Microsoft Windows multiple security vulnerabilities updated since 11.04.2012   MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability   EMC Data Protection Advisor security vulnerabilities   Integer overflow, NULL pointer dereference.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cyberoam Unified Threat Management security vulnerabilities updated since 26.03.2012   Command execution, information leakage.

22.04.2012 Detailed

7! Adobe Flash Player multiple security vulnerabilities   Different memory corruptions.   Comodo Internet Ssecurity DoS   BSOD on PE execution if ImageBase points to kernel space.   Samsun TV and BD-players security vulnerabilities   DoS, buffer overflow in Remote Controller protocol.

19.04.2012 Detailed

9! Samba array index overflow   Array index overflow on RPC request processing. 8! Microsoft Internet Explorer multiple security vulnerabilities updated since 11.04.2012   Multple vulnerabilities allow remote code execution. 7! Adobe Acrobat / Reader multiple security vulnerabilities   Memory corruptions, integer overflow, code execution.

7! Adobe Flash Player security vulnerabilities updated since 20.03.2012   Few memory corruptions.

6! RealNetworks Helix Server security vulnerabilities   Information leakage, SNMP DoS.

6! gajim jabber client multiple security vulnerabilities   Unescaped shell characters, symbolic links vulnerability, SQL injections.

SQLAlchemy SQL injection   SQL request data is not checked

HP OpenVMS DoS

Microsoft SQL Server privilege escalation   Privilege escalation via RESTORE DATABASE

Squid / McAfee Web Gateway URL filtering bypass   Server trusts to Host: header in CONNECT request.

11.04.2012 Detailed

6! Microsoft Forefront Unified Access Gateway information leakage   Request redirection, access restrictions bypass.   Microsoft Office buffer overflow   Buffer overflow on .wps files parsing.

09.04.2012 Detailed

8! Oracle Java multiple security vulnerabilities   19 different vulnerabilities allow file access and code execution. 7! VMWare privilege escalation updated since 02.04.2012   It's possible to manipulate emulated ROM via backdoor interface. 6! Quest Toad for Oracle ActiveX unauthorized access   It's possible to access files via unsafe methods.

PHP crossite scripting   XSS on error message if display_errors enabled.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP Business Availability Center crossite scripting

HP Onboard Administrator multiple security vulnerabilities   URL redirection, unaurthorized access, information leakage.

Sourcefire Defense Center multiple security vulnerabilities   Crossite scripting, unauthorized access.

Quest vWorkspace ActiveX unauthorized access   It's possible to modfi files via unsafe functions.

Cisco WebEx Player buffer overflow updated since 31.10.2011   Buffer overflow on .WRF files parsing.

Arbor Networks Peakflow SP crossite scripting   Crossite scripting in administration interface.

Sony Bravia TV sets DoS   Flood attack with malcrafted packets causes device to hang.

02.04.2012 Detailed

7! Cisco IOS multiple security vulnerabilities   Multiple DoS conditions. 6! McAfee Email and Web Security Appliance multiple security vulnerabilities   XSS, authentication bypass, privilege escalation, information leakage, directory traversal. 6! libzip securitty vulnerabilities updated since 25.03.2012   Buffer overflow and integer overflow on zip files parsing.

Quake 3 / ioquake3 traffic amplification vulnerability   Source of getstatus UDP message is not checked.

OpenSSL security vulnerabilities   DoS, CMS implementation vulnerabilities.

expat security vulnerability   Memory leaks, predictable hash function.

Wireshark multiple security vulnerabilities   DoS via ANSI A, IEEE 802.11, MP2T protocols.

HP-UX WBEM unauthorized access

D-Link SecuriCam ActiveX buffer overflow   Buffer overflow in DcsCliCtrl.dll control.

Quest InTrust ActiveX buffer overflows   ArDoc.dll and AnnotateX.dll buffer overflows.

TrendNet SecurView ActiveX buffer overflow   UltraMJCam control buffer overflow.

PHP DoS   Resouces exhaustion on POSIX regular expressions functions.

Intuit QuickBook сode execution   Code execution and memory corruption in intu-help-qb5: protocol handler.

raptor library (libreoffice / openoffice) file injection updated since 26.03.2012   It's possible to inject file via XML