31.05.2005 Detailed

Nortel VPN routers DoS updated since 30.05.2005   IKE packets with malformed ISAKMP header lead to crash or reboot.

30.05.2005 Detailed

Fast n Furious DtDNS Updater information leak   Command line arguments are visible in process list.   Stronghold 2 game DoS   Allocated memory size is controlled by client.

29.05.2005 Detailed

Compuware SoftIce debugger debug message driver DoS   BSOD on invalid debug message pointer.

28.05.2005 Detailed

6! ClamAV antivirus MacOS X shell characters problem   Shell characters are not filtered in filename than external 'ditto' command in executed with system().   Bea Weblogic application server Server Console crossite scripting updated since 25.05.2005   Crossite scripting; no session cookie timeout is implemented.   PHP, ASP, CGI web applications security vulnerabilities updated since 23.05.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

27.05.2005 Detailed

6! Unauthorized HP-UX remshd access         Terminator 3: War of the Machines game multiple vulnerabilities   Buffer overflow, DoS.   Linux Kernel Cryptoloop encrypted filesystem weak encryption   Weak IV (Initial Vector) generation algorithm allows data watermarking, making it possible to detect data in filesystem.

C'Nedra virtual reality framework buffer overflow   READ_TCP_STRING buffer overflow.

Alwil Software Avast Antivirus device driver privilege escalation   No bounds checking on signal arguments processing in device driver allows to overwrite any kernel memory area.

26.05.2005 Detailed

6! L-Soft LISTSERV mailing lists server multiple vulnerabilities   Remote code execution, denial of service.   davfs2 DAV filesystem unauthorized access   After filesystem is mounted any local user ha unrestricted access.   SCO OpenServer Unix utilities format string bugs updated since 05.04.2005   Format string vulnerabilities in different utilities including sgid lp /usr/lib/nucrt/bin/nwprint.

25.05.2005 Detailed

6! Multiple IPSwitch IMail vulnerabilitiles   Multiple buffer overflows, directory traversals, DoS.   Cisco equipment DNS DoS   Failure in compressed DNS packets parsing.   ibsh Iron Bars SHell Format String Vulnerability format string bug   Format string bug allows restricted shell escaping.

Unauthorized JavaMail mail server API mailbox access updated since 20.05.2005   It's possible to access different mailbox by mail number.

24.05.2005 Detailed

ZyXel Prestige routers fragmented packets DoS   Malformed fragmented TCP packet causes router to temporary hang.   Sambar proxy server / web server multiple vulnerabilities   Crossite scripting in multiple Web template files.   Multiple Qualcomm qpopper POP3 server vulnerabilities   Elevated privileges are not dropped during file access, directory traversal.

Warrior Kings game multiple vulnerabilities   Format string bug, NULL pointer dereference.

Meteor FTP Server buffer overflow updated since 10.08.2003   Buffer overflow on oversized FTP command.

23.05.2005 Detailed

6! Computer Associates antivirus library buffer overflow   Heap overflow on OLE streams VBA projects analysis (Microsoft Office documents).   gxine audio video player format string bug   Format string bug in hostname.

21.05.2005 Detailed

gedit text editor format string vulnerability   Format string bug in filename.   PHP, ASP, CGI web applications security vulnerabilities updated since 16.05.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

20.05.2005 Detailed

Multiple gdb GNU debugger vulnerabilities   Multiple vulnerabilities, including integer overflows.   IBM AIX Bellmail mail agent race conditions   Race conditions during temporary file creations.   Microsoft Word buffer overflow   Buffer overflow on .mcw (Word for Macintosh) files parsing.

19.05.2005 Detailed

6! libtiff TIFF graphics library buffer overflow   Buffer overflow on invalid bits per sample value. 6! Multiple Novell ZENworks remote management application vulnerabilities   Multiple heap based, stack and integer overflows.   ExtremeWare network switches privilege escalation

18.05.2005 Detailed

F5 iControl Service Manager system management solution multiple vulnerabilities   Privilege escalation, DoS.   ignitionServer IRCX (Extended Internet Relay Chat) server multiple vulnerabilities   It's possible to delete access control entries. Operator can not access channel locked by user.

17.05.2005 Detailed

8! Multiple Apple MacOS X vulnerabilities updated since 04.05.2005   NeST buffer overflow. Âûïîëíåíèå javascript in local context with Help Viewer, insufficient input balidation in URL Protocol Messaging, insufficient input validation in x-man-path:, insufficient input validation in terminal emulators. Multiple bluetooth vulnerabilities. vpnd buffer overflow. 6! Linux kernel pktcdvd privilege escalation   Rawdevice ioctl handler parameters are not checked. 6! FreeRADIUS RADIUS server multiple vulnerabilities   Buffer overflow, SQL injection if SQL is used for authentication or accounting.

Fastream NETFile Web / FTP server ftp bounce attack   It's possible to use FTP to bounce data to third party.

War Times game DoS

MySQL symbolic links problem updated since 19.08.2004   mysqlhotcopy, mysqlaccess unsafe temporary files creation.

16.05.2005 Detailed

Avaya CMS (Call Management System) / IR (Interactive Response) multiple vulnerabilities

14.05.2005 Detailed

6! gaim intant messenger buffer overflow   Buffer oveflow during e-mail address displaying.   cdrdao privilege escalation   root privileges are not dropped before writing configuration file.   PHP, ASP, CGI web applications security vulnerabilities updated since 10.05.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

13.05.2005 Detailed

Sun Solaris automountd DoS   It's possible to stop automountd by accessing /xfn/_x500.   Acrowave AAP-3100AR wireless router unauthorized access   It's possible to acces device without password.   Apple Quartz Composer / QuickTime 7 information leak   It's possible to determine system facilities.

Bugzilla bug tracking system information leak   It's possible to determine if closed product exist, password can be leaked as a part of URL.

Kerio MailServer DoS updated since 18.04.2005   WebMail vulnerability leads to 100% CPU exhaustion. Crash on multiple attached .eml files, DoS with IMAP and Outlook Connectors.

Multiple BakBone NetVault backup solution vulnerabilities updated since 02.04.2005   Multiple buffer overflows.

OllyDbg debugger format string bug updated since 19.07.2004   Format string bug on application debugging.

12.05.2005 Detailed

6! Linux kernel coredump pribilege escalation   Bug in ELF format parsing leads to code execition.   Cisco Firewall Services Module filtering protection bypass   It's possible to bypass ACL.   Neteyes Nexusway Multiservice Border Gateway multiple vulnerabilities   Shell characters filtering problem.

HT Editor hex editor multiple vulnerabilities   Integer overflow, buffer overflow.

11.05.2005 Detailed

Multiple online games vulnerabilities updated since 25.02.2004

10.05.2005 Detailed

8! Multiple Mozilla / Firefox / Netscape vulnerabilities   Few combined vulnerabilities allow to download and execute file on client machine. 6! IPSec information leak   If ESP is used without integrity control it's possible to obtain plaintext data in ICMP error meesage by modifying source packet.   Digital Video Surveillance System weak authentication   Authentication mechanism is vulnerable to man-in-the-midle attack (replay attack and cleartext recovery).

Zoidcom network library DoS   Insufficient check of the network data.

07.05.2005 Detailed

6! 4d WebSTAR Web Server buffer overflow   Buffer overflow in Web Server Tomcat plugin.   LibTomCrypt cryptography weakness updated since 04.05.2005   ECC (Elliptic Curve Cryptography) signature scheme weakness.   PHP, ASP, CGI web applications security vulnerabilities updated since 03.05.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

06.05.2005 Detailed

6! Qmail mail server 64-bit platforms integer overflow       6! Oops! proxy format string vulnerability   Format string bug during database logging. 6! Multiple Merak Mail Server vulnerabilities   Unauthorized access, crossite scripting, etc.

6! Adobe SVG Viewer multiple bugs updated since 07.10.2003   ActiveX control contains few metods used to access local and remote files, scripting in local zone, crossite scripting.

ufdbGuard URL filter buffer overflow   Buffer overflow on URL longer than 512 bytes.

Multiple FreeBSD vulnerabilities   /dev/iir weak permissions, kernel memory disclosure.

SimpleCam webcam server directory traversal

GoldenFTP FTP Server directory traversal

04.05.2005 Detailed

MaraDNS DNS poisoning records spoofing   Weak PRNG generation algorithm allows to spoof server's reply.   NetWin DMail mail server multiple vulnerabilities   Unauthenticated maling lists access, SMTP format string vulnerability.   PostgreSQL database multiple vulnerabilities   DoS, buffer overflow in charset conversion functions.

03.05.2005 Detailed

GnuTLS TLS cryptography library DoS   TLS packet parsing vulnerability.   Linux kernel it87 and via686a drivers DoS   Insecure permissions lead to ability of resource exhaustion.   602LAN SUITE mail server webmail directory traversal.   Directory traversal in webmail interface.

HP OpenView Event Correlation Services DoS

Multiple ESRI ArcGIS GIS software vulnerabilities   Buffer overflows in different suid utilities.

ASP.NET __VIEWSTATE function replay attack   Data is stored signed on client side, but host name and timestamp are not part of signed data.

MacOS X terminals information leak   Unprivileged user is unable to obtain exclusive tty access.

Mtp-target online game format string bug   Format string bug suring message displying.

Video Cam Server multiple vulnerabilities   Directory traversal, information disclosure, DoS.

Multiple ceterm terminal emulator multiple vulnerabilities   Elevated privileges are not correctly dropped.

RaidenHTTPD Web Server directory traversal updated since 08.02.2005   Invalid request URI allow to retrieve any file from system partition.

01.05.2005 Detailed

BIG-IP 3-DNS Controller protection bypass         GOCR optical character recognitin program integer overflow   Integer overflow on PGM format parsing.   Mac OS X Cocktail information leak   Password is used on command line.

Multiple Kerio WinRoute Firewall, Kerio Personal Firewall and Kerio MailServer administration protocol vulnerabilities updated since 30.04.2005   Password bruteforcing, DoS.

PHP, ASP, CGI web applications security vulnerabilities updated since 25.04.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.