31.05.2002 Detailed

6! Few bugs in Quantum SNAP   Weak initial TCP sequence number generation, DoS.   Buffer overflow in Informix   Buffer overflow in few suid/sgid utilities on command line parsing.   Multiple bugs in Caldera OpenServer utilities   Symlink problem on temporary files handling in sort and scoadmin.

Few bugs in Kismet   Local and remote buffer overflows.

FreeBSD ACCEPT_FILTER DoS   If ACCEPT_FILTER is used it's possible to cause DoS by creating a number of hanging connections.

Courier DoS   By settinf oversized year value program may be treated into long processor intensive calculations.

Microsoft Exchange DoS   Malcrafted message causes 100% CPU in Store service.

FreeBSD rc script file deletion   No symbolic links check on /tmp cleanup.

Password protection bypass in Intel D845 motherboards updated since 26.04.2002   Password is not required to select boot device.

28.05.2002 Detailed

6! Multiple bugs in Windows FTP servers   Buffer overflows, directory traversal. 6! Multiple buffer overflows in amanda   Local andremote buffer overflows.   Netscreen DoS   Oversized username causes device to reboot.

Code execution via Microsoft Office XP updated since 01.04.2002   It's possible to include scripting object which fill be activated in case user reply or forward e-mail message. Host method of spreadsheet object allows creation and execution of arbitrary files.

PHP classical bugs in phpBB allows remote code execution updated since 12.08.2001   Uninitialized PHP variables and ability to modify SQL query allow to execute code on server. Crossite scripting. Invalid NULL-byte handling leads to DoS.

27.05.2002 Detailed

8! Unauthorized local file access in Opera   Javascript submition of form with <input type="file"> element doesn't require user intervation. 6! Buffer overflow in YoungZSoft CMailServer   Buffer overflow on long USER command.   Multiple bugs in COWS   Crossite scripting, physical path disclosure, etc

25.05.2002 Detailed

6! Buffer overflow in PGP Public Key Server   Buffer overflow on long search string.   One byte buffer overflow in CVSD   One byte buffer overflow in scanf()   Directory protection bypass in LocalWeb2000   It's possible to access protected directory by adding ./

24.05.2002 Detailed

6! Strong authentication bypass in SSH   By spoofing AllowedAuthentications variably client can shoose weak authentication protocol.   Cisco DSL DoS         Multiple bugs in Cisco IP Phones updated since 23.05.2002   Differenc DoS attacks scenarios and access to locked devices.

CGI bugs updated since 13.05.2002

23.05.2002 Detailed

8! Debploit: Microsoft Windows NT/2000 debug API privelege escalation updated since 15.03.2002   By connection to PLC port DbgSsApiPOrt it's possible to obtain handler for any process or thread for debugging.   Multiple bugs in ServletExec ISAPI   Physical path disclosure, directory traversal, DoS, buffer overflow.   Microsoft Windows 2000 Active Directory LDAP DoS   Malformed LDAP-request causes Active Directory to hang.

22.05.2002 Detailed

7! Multiple bugs in Solaris in.rarpd   Buffer overflows, format string bugs. 6! Bultiple bugs in True64 utilities   Buffer overflow in /bin/chsh, /usr/bin/passwd, /usr/sbin/quot   Buffer overflow in MatuFtpServer   Buffer overflow in PASS command.

Cisco IOS ICMP redirects DoS   ICMP redirect flood causes memory exhaustion.

21.05.2002 Detailed

7! Six new bugs in Internet Explorer updated since 16.05.2002   Crossite scripting, local files disclosure, security zone spoofing, etc. 7! Äûðêà â IMail (buffer overflow) updated since 25.04.2001       6! Multiple bugs in hostingcontroller updated since 28.01.2002   Different error message on wrong user name and password makes it possible to check account existance. Directory traversal allows to access files outside web root.

FreeBSD k5su problems   Wheel group membership is not checked fo k5su.

Multiple bugs in bzip2   Silent file overwritting, invalid symbolic link permissions inside archieves, etc.

20.05.2002 Detailed

Deerfield Website Pro source disclosure   It's possible to obtain scripts sources with 8.3 names.

18.05.2002 Detailed

6! Unauthorized access via Xerox DocuTech   Default system settings and admin password.   Protection bypass for linux grsecurity   It's possible to modify kernel memory by using memory mapping.

17.05.2002 Detailed

7! Unauthorized access to special devices and NetBIOS connections in Microsoft Internet Explorer updated since 14.05.2002   With <IFRAME> and <BGSOUND> tags it's possible to cause DoS against Outlook Express or to send data to special device. It's also posible to cause IE to establish NetBIOS connection with any untrusted host.   Protection bypass and crossite scripting in Sonicwall SOHO   It's possible to access banned site and to insert javascript into log file by using URL javascript injection.   Privelege escalation via SuSE shadow/pam-modules

Buffer overflow in mpg321   Buffer overflow on audio stream processing.

Buffer overflow in lukemftp   Buffer overflow on preparing PASV command.

16.05.2002 Detailed

6! TCP connection establishing via Cisco Transparent Cache Engine   It's possible to establish TCP connection via transparent proxy in default configuration. 6! Crossite scripting in Opera   javascript: URL is executed in context of previously loaded page.   Cisco Content Service Switch DoS   Malfromed POST request to web managment interface can cause device to reboot.

MacOS X sliplogin buffer overflow   Buffer overflow on long command line argument.

15.05.2002 Detailed

Information leakage in Quake2   It's possible to retrieve any server variables vaules including $rcon_password by using modified client without $-variables expanding.

13.05.2002 Detailed

Buffer overflow in MnogoSearch   Heap overflow on request parsing in search.cgi   Weak permissions in gaim   During message reading world readable file is created in /tmp

11.05.2002 Detailed

8! Buffer overflow in imap-uw   BODY[] command with oversized argument causes buffer overflow. 8! Multiple bugs in Novell Netware and utilities updated since 10.05.2002       8! Buffer overflow in AOL Instant Messanger updated since 03.01.2002   Buffer overflow on game request processing. Array boundary tracersal on aim: URL processing.

Protection bypass in Cisco ATA-186   It's possible to obtain web administration acces without administrative password.

File access via inJoin web administration   User via web server administrator account may access local files on server with server account.

10.05.2002 Detailed

9! Format string bug in ISC dhcpd   Format string on syslog call in NSUPDATE functionality. 7! Buffer overflow in MSN Messanger updated since 06.05.2002   Buffer overflow on long font name in header and in OCX MSN Chat Control.   Remote code execution via SuSE sysconfig   Invalid usage of DHCP client allows command execution by spoofing DHCP server reply.

NTFS encryption information leakage problem in PGP   If "wiping file on deletion" option is used EFS temporary files are not deleted during file encryption.

Buffer overflow in CIsco NTP

Buffer overflow in Caldera OpenServer sar updated since 03.05.2002   Buffer overflow in -o command line option.

08.05.2002 Detailed

Directory traversal in Lysias Lidik Webserver         PIN code in cleartext in Pointsec for PalmOS   PIN code is stored clear text in memory.

07.05.2002 Detailed

9! Multiple bugs in Solaris utils updated since 30.04.2002   Local and remoter root compromise via buffer overflows and remote DoS attacks.

06.05.2002 Detailed

6! Format string bug in pam_ldap/squid_auth_ldap   Format string bug on syslog() call   CGI bugs

03.05.2002 Detailed

8! Buffer overflow in Netscape/Mozilla   Buffer overflow on irc:// URL parsing. 8! Format string bug in rwalld   Formaqt string bug on syslog() call 6! Multiple local bugs in Lotus Domino

6! JSP pages source code access updated since 08.06.2000   There are multiple ways to get a source code of JSP pages

CGI bugs

Multiple buffer overflow in 3COM 3CDaemon

Snapgear Lite+ DoS   Multiple scenarios for DoS attacks.

Symbolic links in Nautilus

mod_python imported modules inderect calls   It's possible to inderectly call unsafe function via imported module.

ISS RealSecure DHCP DoS   It's possible to reference NULL pointer by malcrafted DHCP packet.

Buffer overflow and directory traversal in 4D webserver updated since 15.01.2002

Multiple buffer overflows in Progress updated since 06.10.2001   Multiple buffer overflows, format string bugs, etc.

Directory traversal in DocBook   During conversion to HTML identifuers are used to form a filename without check for ../

Unauthorized access to locked workstation via wireless Logitech keyboards   Hot key still work for locked workstation.