31.05.2003 Detailed

6! Windows 2003/XP gethostbyaddr() NULL pointer bug   If invalid CNAME in reverse lookup zone is specified, gethostbyaddr() returns hostent structure with name pointer set to NULL.   W3Mail multiple bugs   delete.cgi invokes external program though system() call without escaping shell characters. It's possible to change server configuration without administrator's permissions. All passwords are stored in Base64 encoding.   Microsoft Windows 2000 Network Monitor buffer overflow   Buffer overflow on pasring SMB request to oversized filename.

30.05.2003 Detailed

gPS multiple bugs   Buffer overflows, DoS conditions, etc.

Activity Monitor buffer overflow   Buffer overflow on sending large data to TCP/15163

CGI bugs updated since 26.05.2003

29.05.2003 Detailed

ICQ Lite weak permissions   During installation Interactive Users: Full Control permission is added to executables directory.   GoldMine code execution         Remote PC Access Server DoS   Invalid packet causes server to crash.

Tornado multiple bugs   Directory traversal, buffer overflows.

Son hServer directory traversal   It's possible to use /.|./ to traverse directory.

28.05.2003 Detailed

6! Kazaa buffer overflow   Buffer overflow on parsering network packet.   Axis Network Camera unauthorized access   By adding additional / after hostname in Web access URL it's possible to bypass authentication.   Vignette multiple bugs

Gnome Batalla Naval buffer overflow   Buffer overflow on oversized string to TCP/1995.

PalmVNC weak encryption   Passwords are stored in cleartext.

upclient buffer overflow   Buffer overflow in -p command line option.

27.05.2003 Detailed

6! AnalogX Proxy buffer overflow   Buffer overflow on oversized proxy request.

26.05.2003 Detailed

Privatefirewall protection bypass   Any scan different from SYN-scan can bypass scanning protection.   WebWeaver buffer overflow   Buffer overflow on oversized POST or HEAD request.

24.05.2003 Detailed

MediaMail buffer overflow   Buffer overflow during environment variables parsing.

23.05.2003 Detailed

Eudora buffer overflow   Large number of extensions in filename causes buffer overflow.   iisProtect SQL injection   SQL injection bug in web interface.   Magic Winmail Server format string bug   Format string bug during POP3 logging.

ST FTP directory traversal   It's possible to perform cd to any disk.

Prishtina FTP DoS   Oversized server banner causes client to crash.

Multiple EServ bugs   Web directory listing, unauthorized FTP/HTTP proxying.

Polymorph buffer overflow   Buffer overflow on oversized username.

Multiple Nessus bugs   Buffer overflows and integer overflow in nasl.

CGI bugs updated since 21.05.2003

22.05.2003 Detailed

7! Microsoft Internet Explorer code execution updated since 09.05.2003   If page contains large number of elements like <FRAME SRC="C:\winnt\regedit.exe"></FRAME> application will be executed without user's intervation.   BlackMoon weak encryption   Passwords are stored in .mdb file.   Privelege escalation in LSF   Dynamic library is loaded in the path specified by user.

Buffer overflows in WSMP3d updated since 26.11.2002   Multiple buffer overflows.

21.05.2003 Detailed

CaesarFTP weak encryption   Cleartext passwords in Program Files\CesarFTP\settings.ini   Bad Blue protection bypass   It's possible to bypass ISAPI protection and obtain access to administration interface.   ttCMS/ttForum multiple bugs updated since 09.05.2003   SQL injection via username in Profile.php. PHP injection in News.php, install.php.

Maelstorm buffer overflow   Buffer overflow during command line parsing.

17.05.2003 Detailed

6! SmartMax MailMax buffer overflow updated since 12.04.2003   Buffer overflow on oversized LOGIN or SELECT IMAP command.   Venturi Client open proxy   Client behaves itself as a open proxy.   lv privelege escalation   File .lv is searched in current directory which may contain commands.

Snowblind Web Server multiple bugs   Directory traversal, directory listing, DoS.

CGI bugs updated since 13.05.2003

15.05.2003 Detailed

BEA Weblogic cleartext passwords   Passwords are stored on disk in cleartext.   Inktomi Traffic-Server crossite scripting   Crossite scripting in proxy server error message.   Multiple bugs in ST FTP   Buffer overflow on oversized username, unauthorized access if username is empty.

14.05.2003 Detailed

3COM 812 DSL information leak   DHCP response contains information from memory.   cdrecord format string bug   Format string bug on error message printing.

12.05.2003 Detailed

Pi3Web DoS   GET ///(...)/// trquest leads to DoS.   Apple Airport weak encryption   Weak encryption of administrator's password (XOR with predefined string).   Drag znd Zip buffer overflow   Buffer overflow during archieving of files with long filenames.

11.05.2003 Detailed

BitchX DoS   Certain channel mode changes would cause BitchX to core consistantly.   InfoZip unzip directory traversal   Special characters in file name, skipped during extraction, allow to masquarade directory traversal.   CGI bugs updated since 08.05.2003

BitchX DoS updated since 18.02.2003   RPL_NAMREPLY with value of 353 causes program to crash.

10.05.2003 Detailed

6! CMailServer multiple bugs   Buffer overflow in few SMTP commands (MAIL FROM: as example).

09.05.2003 Detailed

6! Microsoft Windows Media Player directory traversal updated since 07.05.2003   Directory traversal during .wmz files download allows to uploading any file to any location.   Bestpractical RT crossite scripting         ListProc buffer overflow   Local buffer overflow in catmail helper utility.

07.05.2003 Detailed

6! Siemens mobile buffer overflow updated since 06.05.2003   Buffer overflow on oversized image name. 6! Multiple bugs in Cisco VPN 3000 updated since 04.09.2002         Multiple Cisco VPN 3000 bugs   IP filtering bypassing if IPSec enabled, SSH DoS, ICMP flood DoS.

sapdb installation privelege escalation   Race condition exists with workd-writable executable during installation process.

Buffer overflow in youbin   Buffer overflow on GOME variable processing.

06.05.2003 Detailed

FTGate buffer overflow updated since 06.05.2003   Buffer overflow in SMTP MAIL FROM: command.   Multiple bugs in ICQ 2003   Format string bug in integer overflows in POP3 client, multiple DoS conditions.

05.05.2003 Detailed

6! Microsoft Internet Explorer code execution updated since 03.05.2003   Web Folders feature allows to store file in known location. In conjunction with another weaknesses it makes it possible to save and execute code.   Key spoofing bug in GnuPG   On certain condition message may be encrypted with another user's key without warning.   Session Hijacking in CommunigatePro   In webmail interface session identifier is passed to server as a part of GET requiest, thouse may be discovered by third party via Referer: field.

03.05.2003 Detailed

6! HP-UX utilities buffer overflow updated since 30.04.2003   Buffer overflow in oversized rexec -l switch in combination with -n, rwrite, kermit.   smallftpd multiple bugs   Directory traversal, format string bug.   Multiple DoS vulnerabilities in Cisco ONS   Multiple bugs in FTP, telnet, etc.

Cisco Content Service Switch DNS DoS   Negative DNS response caching lieads to DoS possibility.

CGI bugs updated since 28.04.2003