31.05.2008 Detailed

VMWare buffer overflow   Host Guest File System (HGFS) shared folders heap overflow.

30.05.2008 Detailed

9! Apple Mac OS X multiple security vulnerabilities   AFP server directory traversal, Apache updates, AppKit memory corruption, Apple Pixlet Video multiple memory corruptions, Apple Type Services PDF printing fonts memory corruption, SSL information leak, multiple vulnerabilities in Graphics and Image engines on different filetypes and multimedia formats, Help Viewer buffer overflow, Unicode content filtering bypass, Image Capture directory traversal, DoS через IPv6, SMTP client buffer overflow, etc. 6! Opera buffer overflow   Buffer overflow on TLS certificate parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke AutoHTML Module 2.0 - crossite scripting.

29.05.2008 Detailed

7! Cisco multiple applications code execution   CiscoWorks Common Services code execution. 6! imlib2 library buffer overflow   Buffer overflow on PNM and XPM files parsing in load() function. 6! Motorola RAZR cell phones buffer overflow   Buffer overflow on JPEG images processing.

6! EMC AlphaStor multiple security vulnerabilities   Library Manager (TCP/3500) code execution, Server Agent (TCP/41025) multiple buffer overflows.

6! Samba buffer overflow   Buffer overflow in receive_smb_raw() SMB client code.

6! OpenSSL multiple security vulnerabilities   NULL pointer dereference, memory corruption on TLS certificate exchange.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

CA Internet Security Suite ActiveX unauthorized files access   SaveToFile method allows system files corruption.

emacs code execution   LISP macro execution is possible.

Linux multiple security vulnerabilities   Memory leak in IPv6 over IPv4 tunnels, mmap DoS on the SPARC architecture, DoS on amd64 architecture, DoS with hrtimer integer overflow on 64bit architectures.

27.05.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   PHP Sleep() DoS   Sleep() time is not limited with max_execution_time, making resources exhaustion possible.

25.05.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 25.05.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

24.05.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   IBM Lotus Sametime buffer overflow   TCP/1533 oversized URL buffer overflow.   Barracuda Spam Firewall crossite scripting updated since 24.09.2007   Crossite scripting with Web Syslog, with web administration login page.

F5 BIG-IP crossite scripting updated since 12.02.2008   Crossite scripting in web admin console.

22.05.2008 Detailed

7! Trillian instant messenger multiple security vulnerabilities   Buffer overflows and memory corruptions in AIM/ICQ, MSN and XML-based protocols parsing. 6! Cisco IOS ssh DoS   Multiple vulnerabilities leading to device crash. 6! Alcatel OmniPCX cpmmands execution   /cgi-data/FastJSData.cgi web interface command execution.

6! Borland Interbase integer overflow   Integer overflow on TCP/3050 traffic parsing leads to stack based buffer overflow.

6! HP-UX useradd privilege escalation

6! Peercast buffer overflow updated since 18.12.2007   Buffer overflow in HTTP Basic authentication and on SOURCE header parsing.

6! BT Home Hub router multiple security vulnerabilities updated since 09.10.2007   Authentication bypass, crossite scripting, privilege escalation.

snort IDS protection bypass   Packet's fragments with significant TTL difference are ignored.

libfishsound library integer overflow

Apple iCAL multiple security vulnerabilities   Multiple vulnerabilities on .ics files parsing.

Cisco Voice Portal privilege escalation   User granted administrator privileges can modify accounts of superusers.

SAP Web Application Server crossite scripting   Crossite scripting with /sap/bc/gui/sap/its/webgui/

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

20.05.2008 Detailed

7! CA BrightStor ARCserve Backup multiple security vulnerabilities   caloggerd directory traversal. Buffer overflow in multiple xdr functions. 6! GnuTLS library multiple security vulnerabilities   Frevulnerabilities on TLS traffic parsing lead to DoS conditions and potential buffer overflow. 6! mtr (multiprotocol traceroute) buffer overflow   Buffer overflow on DNS server response parsing.

6! Symantec Altiris Deployment Solution multiplse security vulnerabilities updated since 16.05.2008   SQL injection, information leak.

Foxit Reader buffer overflow   util.printf() JavaScript function buffer overflow.

Microsoft Office code execution   It's possible to embed javasript code into document.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting. Invision Power Board: XSS

17.05.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting.

16.05.2008 Detailed

Aruba Mobility Controller multiple security vulnerabilities   Unauthorized access with TACACS authentication, crossite scripting.

15.05.2008 Detailed

6! Linux distributives OpenSSH / OpenSSL weak random generator updated since 14.05.2008   Weak random generation in Debian-based distributives (Debian, Ubuntu).   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Cisco Content Switching Module memory leak   Memory leak on TCP flags processing causes DoS conditions.

Cisco Unified Presence Denial of Service   Presence Engine service DoS, SIP proxy DoS.

14.05.2008 Detailed

7! Microsoft Jet engine buffer overflow   Buffer overflow on MDB files request handling. 7! Microsoft Word multiple security vulnerabilities   Memory coruption on RTF parsing, memory corruption on CSS parsing. 6! Cisco Unified Communications Manager DoS   DoS against Certificate Trust List (CTL) Provider (TCP/2444), Certificate Authority Proxy Function (CAPF) (TCP/3804), SIP and SNMP TRAP.

6! Microsoft antiviral applications multiple security vulnerabilities   Multiple DoS conditions on different file formats parsing.

libid3tag library endless loop   Endless loop on MP3 files parsing.

Adobe Distiller buffer overflow   Buffer overflow on .joboptions file parsing.

Cisco Building Broadband Service Manager Captive Portal crossite scripting   Crossite scripting with http://host/ekgnkm/AccessCodeStart.asp?msg=%3Cscript%3Ealert(%22XSS%22);%3C/script%3E

Common Data Format library buffer overflow   Buffer overflow in Read32s_64() function.

Microsoft Windows I2O driver privilege escalation   \\.\I2OExc device weak permissions, IOCTL data insufficient validation.

Microsoft Publisher memory corruption   .PUB files memory corruption on embedded objects parsing.

13.05.2008 Detailed

7! libpng code execution updated since 01.05.2008         Linux kernel DoS   fcntl code race conditions.   HP-UX FTP server DoS

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.05.2008 Detailed

OllyDBG DoS   Invalid processing of processor bits leads to traced application crash.

11.05.2008 Detailed

6! Oracle Application Server unauthorized access   It's possible to bypass authentication.   InspIRCd buffer overflow   namesx and uhnames modules buffer overflows.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting

08.05.2008 Detailed

6! rdesktop multiple security vulnerabilities   Multiple integer overflows and buffer overflows on RDP server response parsing.   ZyXel ZyWALL crossite scripting   Crossite scriptin with Referer: header.   Adobe Acrobat multiple security vulnerabilities   Protection bypass, memory corruption.

Adobe Reader silent printing   Script can send PDF document to printing without user's permission.x

Novell Netware Client buffer overflow   Buffer overflow in password reminder on oversized username.

Multiple terminal clients X sessions hijack   Terminal always opens :0 display if DISPLAY is not set.

emacs symbolic links vulnerability   vcdiff script insecure tamporary files creation.

PHP multiple security vulnerabilities   GENERATE_SEED() weak random generator,

Wonderware SuiteLink DoS   Service crash on invalid network packet.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting

06.05.2008 Detailed

6! Novell eDirectory multiple security vulnerabilities   HTTP interface TCP/8028 TCP/8030 DoS, SOAP interface unauthroized access (TCP/8028 TCP/8030).   CUPS PNG files DoS   PNG image size is not checked.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 06.05.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

blender 3D modelling application byffer overflow   Buffer overflow on Radiance High Dynamic Range (HDR) format parsing.

04.05.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 04.05.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.05.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Call of Duty game server DoS updated since 03.05.2008   stats packet invalid size crash.

02.05.2008 Detailed

8! Oracle database server multiple security vulnerabilities updated since 16.04.2008   CPU for April, 2008 fixes huge number of vulnerabilities. 6! Linux multiple security vulnerabilities   Multiple DoS conditions and privilege escalation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

01.05.2008 Detailed

6! SNMPc buffer overflow   Buffer overflow on oversized SNMP community string. 6! HP-UX WBEM multiple security vulnerabilities   Code execution, privilege escalation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.