31.05.2006 Detailed

6! Multiple eserv IMAP mail server and web server vulnerabilities   IMAP server directory traversal, HTTP scripts source code disclosure.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 31.05.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   ktools library buffer overflow updated since 28.11.2005   VGETSTRING macro buffer overflow.

30.05.2006 Detailed

6! PHP cURL safe mode protection bypass   Multiple possibilities to execute code with no restrictiions with curl* functions.

aMule P2P client directory traversal   aMuleWeb directory traversal.

D-Link DSA-3100 wireless access point crossite scripting   Crossite scriptign with username on authentication page.

Open Exchange default account   mailadmin/secret LDAP account is created during installation with /bin/bash login shell.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

TZipBuilder / Abakt / CAM UnZip / ZipCentral buffer overflow updated since 09.05.2006   Buffer overflow on ZIP archives parsing.

MDaemon buffer overflow   Buffer overflow on oversized quoted string in IMAP commands. Vulnerability exploitation is probably impossible.

27.05.2006 Detailed

9! Multiple Microsoft Internet Explorer security vulnerabilities updated since 22.03.2006   Jump to ininitialized function pointer by referencing unspupported object's method (createTextRange() for checkbox). Potentially can be used for code execution and hidden malware installation. Memory corruption on uninitialized event handlers. HTA code execution. HTML parsing memory corrution. COM objects memory corruption. Crossite scripting.   GNU binutils libbfd buffer overflow   Buffer overflow on TekHex (Tektronix Hex Format) parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

26.05.2006 Detailed

6! Microsoft Internet Explorer memory corruption   resizeBy() method negative values memory corruption. 6! libtiff buffer overflow   Stack-based buffer overflow in tiffsplit.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 20.04.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

25.05.2006 Detailed

6! Multiple tor distributed anonymizing service security vulnerabilities   Log entries spoofing, integer overflows, DoS. 6! Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing   It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object. 6! HP-UX Software Distributor unauthorized access updated since 20.12.2005

6! HP OpenView Network Node Manager unauthorized access updated since 05.10.2005

Apple Xcode unauthorized access   Access restrictions do not work.

HP OpenView Storage Data Protector unauthorized access

HP-UX xterm unauthorized access

kphone SIP VoIP software solution weak permissions   .qt/kphonerc file is world-readable and contains sensitive information, including SIP accounts.

PunkBuster game servers anti-cheat system buffer overflow   Buffer overflow in built-in web server on oversized webkey parameter.

netPanzer game server DoS   Assert termination on malformed packet.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

NetPanzer game DoS updated since 14.07.2005   Server enters to endless loop on the packet with zero data.

Kaspersky Antivirus content filtering protection bypass   Small reassembly timeout during stateful filtering allows filtering bypass by breaking stream with pauses.

23.05.2006 Detailed

7! EMC Retrospect backup client buffer overflow   Buffer overflow on parsing TCP/497 packet. 7! Novell eDirectory Novell Directory Service buffer overflow   iMonitor NDS Server buffer overflow (HTTP TCP/8028, HTTPS TCP/8038) on oversized URI in NDS path.   HP-UX DoS

Java applets stack overflow   Recursive array definition leads to stack overflow.

Novell client unauthorized clipboard access   Copy/Paste cliboard operations are available from console unlock screen.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Mozilla / Firefox / Netscape exceptions information leak   On exception raise message contains path to application installation and sometimes user's profile path.

22.05.2006 Detailed

7! Skype information leak updated since 19.05.2006   It's possible to construct URL in the file file will be transferred from Skype user's computer to another skype user without any confirmation. 6! Cyrus IMAPD POP3 server buffer overflow   Buffer overflow on oversized username if popsubfolders options is enabled in imapd.conf.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

fbi image viewer symbolic links problem   Symbolic links problem on directory creation.

20.05.2006 Detailed

Windows limited service account privilege escalation   By using security tokens located in process memory it's possible to escalate privileges from limited service account, such as Network Service or Microsoft SQL Service account.   Sun ONE Web server crossite scripting   Crossite scripting on URL with quote sign.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.05.2006 Detailed

6! Solaris FTP server directory traversal         Sun N1 System Manager information leak   Password disclosure.   Sybase EAServer information leak   It's possible to retrieve GUI cleartext password entered by user with javax.swing.JPasswordField of javax.swing.JPasswordField UI component.

FreeType integer overflow   read_lwfn() integer overflow on LWFN files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.05.2006 Detailed

6! libextractor buffer overflow   Heap memory overflow on ASF streams and QuickTime parsing.   Mobotix network cameras crossite scripting   Multiple crossite scriptign possibilities.   SAP sapdba for Informix database administration utility privilege escalation   Improper environment cariables validation allows to run any command with informix rights.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.05.2006 Detailed

6! IPSwitch What's Up administration authentication bypass   It's possible to bypass authentication by adding User-Application: NmConsole header. 6! Caucho Resin application server directory traversal   There are few way to access content behind web root directory.   Unauthorized Sun Directory Server console acces

LiveData ICCP server DoS   Buffer overflow on parsing ISO Transport Service packet.

SAP Web Application Server crossite scripting   Crossite scripting with error messages.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FreeSSHd / FreeFTPd / wodSSHServer / FortressSSH SSH servers buffer overflow updated since 14.05.2006   Buffer overflow on cryptographic keys exchange.

16.05.2006 Detailed

Multiple SAP Business Coneector security vulnerability   File access, frame spoofing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.05.2006 Detailed

6! JDK java applet disk space DoS   It's possible to consume all available disk space with temporary file.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Novell client fro Windows buffer overflow updated since 10.05.2006   Buffer overflow in DPRPC library on XDR stream decoding.

14.05.2006 Detailed

7! Multiple Apple MacOS X security vulnerabilities updated since 12.05.2006   Security update for May fixes 25 different vulnerabilities.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

13.05.2006 Detailed

7! Apple QuickTime multiple security vulnerabilities updated since 12.05.2006   Buffer overflow on MOV files udta atom parsing. Buffer overflow on FPX files parsing. H.264 protocol parsing heap overflow.   GNUNet secure networking library DoS   Endless loop on zero sized UDP packet.   Multiple outgun game security vulnerabilities   Buffer overflows, DoS conditions.

Empire game DoS   Uninitialized memory access.

Multiple Genecys game security vulnerabilities   Buffer overflow, DoS conoditions.

Multiple Raydium game engine security vulnerabilities   Buffer overflows, format string vulnerabilities, DoS conditions in both server and client parts.

Dovecot IMAP server directory traversal   Directory traversal in LIST command.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.05.2006 Detailed

7! Apple Quick Time Streaming Server buffer overflow   Buffer overflow on RTSP protocol headers parsing.   Ipswitch WhatsUp network monitoring tool multiple security vulnerabilities   Information disclosure, crossite scripting.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Macromedia ColdFusion MX application server crossite scripting updated since 28.04.2005   Crossite scripting with error pages.

Symantec Firewall information leak   With request like "get/XX HTTP/1.0" it's possible to obtain IP address of internal Web server.

11.05.2006 Detailed

6! Verisign I-Nav Internationalized Domain Names (IDN) code execution   VUpdater.Install allows to install software without integrity check. 6! Medal of Honor game buffer overflow         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco Application Velocity System TCP port relaying   Default configuration allows any TCP port to be accessed with transparent HTTP proxy request.

Zango Adware code execution   The integrity of downloaded components is not checked.

Microsoft Distributed Transaction Coordinator DoS updated since 09.05.2006   Two different buffer overflows causing service to crash.

10.05.2006 Detailed

10! Microsoft Exchange Calendar code execution updated since 09.05.2006   Server doesn't properly handles iCal and vCal properties of MIME message. 6! Adobe Macromedia Dreamweaver Server SQL injection   Multiple vulnerabilities in generated code.   3COM TippingPoint SMS Server weak permissions   It's possible to access directories where sensitive information can be potentially stored through web interface.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.05.2006 Detailed

8! Multiple Adobe Macromedia Flash products vulnerabilities updated since 17.03.2006   Multiple vulnerabilities, including standard browser's plugins. Can be used for silent malware installation. 6! Sophos Anti-Virus memory corruption   Heap memory corruption on CAB archives parsing. 6! Quake 3 engine buffer overflow updated since 06.05.2006   Buffer overflow on remapShader command processing.

6! Different FTP servers multiple security vulnerabilities updated since 02.05.2006   Multiple vulnerabilities were uncovered with FTP Fuzzer stress test suite. - ArgoSoft FTP Server (RNTO Unicode overflow) - Golden FTP Server (NLST overflow) - FileZilla FTP Server (MLSD) - FileZilla remote server interface (homemade protocol) - WarFTPD (various exceptions and WDM.exe overflow)

SunSolaris libike IKE library DoS

Avahi multiple security vulnerabilities   Buffer overflow, DoS.

Linux kernel SCTP DoS   Few vulnerabilities on SCTP chunks parsing.

Cisco Secure ACS for Windows information leak   Administration password and encryption key are insecurely stored in HKEY_LOCAL_MACHINE registry key.

Cisco PIX / FWSM WebSense content filtering bypass   Filter doesn't catch signature in segmented packet.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ICQ client cross application scripting   It's possible to inject script code into banner window to execute code in My Computer security zone.

07.05.2006 Detailed

6! D-Link DSL and wireless routers administration backdoor access updated since 19.05.2005   Backdoor feature in web interface allows unauthenticated administrative access.   Intel wireless service s24evmon.exe information leak   S24EventManagerSharedMemory shared memory sections is used to store critical information, such as WEP keys and passwords without access control.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

06.05.2006 Detailed

6! Kerio Winroute Firewall DoS   Crash on scanning POP3 / SMTP messages.   FileCopa FTP Server buffer overflow   Buffer overflow on oversized USER command.   acFtpd buffer overflow   Buffer overflow on oversized USER command.

Linux VServer privilege escalation   Some crytical capabilities are not limited for guest account.

Hostaupd IEEE 802.11 authentication daemon DoS   DoS on invalid EAPoL frame.

Cryptomathic TDC Digital signature ActiveX buffer overflow   Buffer overflow in ActiveX element of Danish OCES certificate policy.

rsync integer overflow   receive_xattr() integer overflow.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

RaidenHTTPD Web server / Quick 'n Easy Web Server / Baby ASP / Blazix Web Server / AN HTTPD / Xeneo scripts source code disclosure updated since 03.03.2006   It's possible to retrieve script source code by adding " ./" to request.

05.05.2006 Detailed

7! Multiple libtiff security vulnerabilities   Denial of service via a TIFF image that triggers errors in the TIFFFetchAnyArray function in tif_dirread.c; certain "codec cleanup methods" in tif_lzw.c, tif_pixarlog.c, and tif_zip.c; and improper restoration of setfield and getfield methods in cleanup functions within tif_jpeg.c, tif_pixarlog.c, tif_fax3.c, and tif_zip.c, TIFFToRGB out-of-memory reference, tif_jpeg.c double free(), TIFFFetchData integer overflow. 6! Ultr@VNC weak encryption   Weak ecnryption algorithm (XOR) while transmitting on wire.   CA Common Services CAIRIM on z/OS LMP SVC privilege escalation

XM Easy Personal FTP Server buffer overflow   Buffer overflow on oversized username.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 05.05.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Sami FTP Server buffer overflow updated since 25.01.2006   Buffer overflow on oversized FTP USER command.

04.05.2006 Detailed

6! Multiple Linux kernel security vulnerabilities   sys_mbind() buffer overflow, SELinux module DoS, /sys filesystem DoS, amd64 debugging race conditions DoS, getsockopt() kernel memory content leak, ip_route_input() DoS.   zawhttpd Web server DoS   DoS on GET request with large number of slashes.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.05.2006 Detailed

7! X.Org X Server bufer overflow   Buffer overflow in XRender extension. 7! Multiple MySQL security vulnerabilities   Memory content leak during authentication, memory content leak and code execution with COM_TABLE_DUMP packets.   BankTown Client Control buffer overflow   Buffer overflow in ActiveX control.

Quagga ripd multiple vulnerabilities   RIPv1 downgrade attack is possible even if RIPv2 is only configured protocol. RIPv1 protocol is insecure by design.

ejabberd installation script symbolic links problem   Insecure /tmp files creations.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

02.05.2006 Detailed

6! Xine media player format string vulnerability updated since 18.04.2006   Format string bug on diagnostic message printing, including playlist files parsing.   Kerio Mailserver attachments filtering bypass         Unauthorized Cisco Unity Express access   It's possible to change password without entering old one if account is expired.

MacOS X memory corruption   Memory corruption on EXR files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

01.05.2006 Detailed

ClamAV Clam Anti Virus freshclam buffer overflow   Buffer overflow on oversized HTTP header.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.