31.05.2004 Detailed

jftpgw format string buffer overflow   syslog() format string bug.   gatos privilege escalation   Under certain conditions xatitv runs configuration script with root privileges.

30.05.2004 Detailed

Multiple bugs in Sun-One on Windows updated since 28.05.2003   JSP source code disclosure, crossite scripting, weak encryption.

29.05.2004 Detailed

Mollensoft Lightweight FTP Server buffer overflow updated since 24.05.2004   CWD command buffer overflow.   CGI bugs updated since 24.05.2004

28.05.2004 Detailed

6! HP OpenView Select Access protection bypass   Invalid URL esc-symbols decoding allows user to access protected directory.   Web Driver buffer overflow   Buffer overflows in WebDriver and WTHoster.   MiniShare DoS   Incomplete HTTP request causs service to crash.

cpr privilege escalation   It's possible to load user library.

3COM OfficeConnect Remote 812 buffer overflow   Buffer overflow on oversized telnet esc-sequence.

26.05.2004 Detailed

FreeBSD msync problems   User with file read permission can prevent file from beeing updated.   Isoqlog buffer overflow (fake)   Local buffer overflow during configuration parsing in non-suid application. Not exploitable.

25.05.2004 Detailed

7! MacOS X browsers files overwriting and scripts execution (multiple bugs) updated since 17.05.2004   By using vulnerability in telnet: protocol handling it's possible to add -f option to telnet command line. help: protocol handler allows scripts execution via help: command.

24.05.2004 Detailed

6! Linux kernel multiple bugs   cpufreq privilege escalation, multiple SCSI drivers weak permissions.   NetGear protection bypass   By using oversized URL it's possible to vypass content filtering.

22.05.2004 Detailed

BNBT memory corruption   Memory corruption on incomplete base64 string.   Multiple MetaMail bugs   Multiple format string bugs and buffer overflow.   Multiple SquirrelMail bugs updated since 22.05.2004   Scrossite scripting, SQL injection.

CGI bugs updated since 17.05.2004

21.05.2004 Detailed

7! TCP RST packets spoofing updated since 21.04.2004   By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is not checked at all, it makes it possible to terminate session with single packet.   OpenBSD kernel information leak   It's possible to read chunks from kernel memory via procfs.

20.05.2004 Detailed

Linksys information leak   Replies to BOOTP packets contain data from kernel space.

19.05.2004 Detailed

7! CVS heap overflow   Heap overflow during modification flag analisys. 6! OmniHTTPd integer overflow   Integer overflow in Range: header 6! Outlook Express HTML file writing updated since 11.05.2004   During reply to a message with HTML file attached this file is saved to known location.

ZoneMinder buffer overflow

Multiple libuser bugs   Multiple bugs causing linked application to crash.

neon format string bugs and heap overflow updated since 14.04.2004   Format string bugs in few functions.

Irix rpc.mount multiple bugs updated since 22.11.2003   Iinformation leak, DoS, access from unprivileged client port.

18.05.2004 Detailed

NetChat buffer overflow   Buffer overflow on oversized GET request to embedded HTTP server.   KDE URI handling problem   During external URI handler invocation ability to insert handler arguments via '-' is not checked.

17.05.2004 Detailed

lha multiple bugs updated since 30.04.2004   Directory traversal, buffer overflows.   Sun Management Console information leak   Because of directory traversal bug it's possible to check any system file existance.

15.05.2004 Detailed

8! Symantec firewalls multiple problems updated since 13.05.2004   Heap and stack overflows on NetBIOS name service packets parsing, endless loop on DNS packets parsing, stack overflow on oversized canonical DNS name. 7! dtlogin buffer overflow updated since 24.03.2004   Buffer overflow during XDMCP parsing.   HP-UX GTK+ weak permissions   World-writable directory.

Bea weblogic shwutdown limitations bypass   User with admin or operator pribvileges can shutdown server even if this operation is restricted.

13.05.2004 Detailed

7! NetBSD systrace privilege escalation updated since 11.05.2004   By using invalid handling of error condition it's possible to obtain superuser privileges.   Sweex/Unex routers unauthorized access   Router configuration, including cleratext password, can be accesses via TFTP.   IEEE 802.11 collision avoidance procedure weakness   By using Clear Channel Assessment procedure weakness attacker equipped with standard client card can prevent data transmission over network.

Outpost e-mail DoS   High level of MIME recursion causes system to crash.

12.05.2004 Detailed

6! Windows Help Center Dvdupgrade code execution   It's possible to execute any code via local zone scripting.   Outpost memory leak   Small packet floods causes memory leak.   MDaemon buffer overflow   Authenticated IMAP user can overflow buffer with STATUS command.

Linux sctp_setsockopt() integer overflow   Integer overflow causes zero memory allocation.

DoS против MDaemon (imap buffer overflow) updated since 26.03.2001

11.05.2004 Detailed

7! McAfee ePolicy Orchestrator unauthorized access   Invalid HTTP POST request allows to upload files on server. 6! SMC routers unauthorized access   Administration web interface TCP/1900 is available from WAN without authentication. 6! IceCast buffer overflow   Authorization: HTTP header buffer overflow.

MailEnable Buffer overflow   Heap overflow in MEHTTPS on oversized GET reqauest and in SMTP component.

Pound format string bug   Format string bug during request processing.

MyWeb buffer overflow   Buffer overflow on oversized GET request.

eMule DoS   Combination of different HTTP requests causes application to crash.

CGI bugs

08.05.2004 Detailed

6! Trend Micro Office Scan weak permissions   Full access is given to Everyone group for installation directory and registry key. 6! Linux kernel in/out ports access   Mask for input/output permissions is not cleared for child process. It may lead to unauthorized access to i/o ports.

07.05.2004 Detailed

7! Exim buffer overflows   2 buffer overflows if sender_verify is on or verify = header_syntax. 6! Delegate buffer overflow   Stack overflow on SSL session negotiation.   Eudora buffer overflow   Buffer overflow on clicking oversized URL.

SuSE Live CD unauthorized access   Unauthorized root access via SSH is possible.

06.05.2004 Detailed

7! Heimdal Kerberos buffer overflow   k5admind Kerberos v4 code heap overflow   FreeBSD vm_map DoS   A user can cause the kernel to allocate an unbounded amount of wired memory/   CGI bugs updated since 03.05.2004

05.05.2004 Detailed

kolab cleartext password   OpenLDAP passwowrd is stored in world-readable file as cleratext.   Ultraseek special DOS device access   Document path can contain special device name.

04.05.2004 Detailed

6! Apple File Sharing bugger overflow   Preauthentication buffer overflow.   Network Administrator protection bypass   It's possible to access protected directory by using environment variables.   Aldos Webserver multiple bugs   Information disclosure, directory traversal.

Titan FTP Server DoS   User disconnection before LIST command completition causes server to crash.

03.05.2004 Detailed

Multiple Crystal Reports bugs   Multiple bugs in Web interface.

02.05.2004 Detailed

6! Apple QuickTime buffer overflow   Buffer overflow on parsing QuickTime format.   MPlayer/xine buffer overflow   Buffer overflow on parsing RTSP protocol.   Dameware weak encryotion   Session key is generated from static set.

linux PAX DoS   Bug during memory allocation handling.

Citrix Metaframe client disk access   Server administrator can access client drives.

flim symlink problem updated since 02.05.2004   Unsafe temporary files creation.

CGI bugs updated since 27.04.2004