30.05.2010 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

28.05.2010 Detailed

7! FreeBSD OPIE library off-by-one overflow   Off-by-one overflow during authentication. 7! ClamAV antivirus multiple security vulnerabilities   Memory corruptions on PDF and PE files parsing. 6! FreeBSD jail escape   It's possible to access current working directory.

6! FreeBSD NFS client privilege escalation   Buffer overflow and memory corruption on volume mounting.

3Com Intelligent Management Center multiple security vulnerabilities   Directory traversal, crossite scripting.

Microsoft Internet Explorer information leak   It's possible to access external UNC location via ICMFilter option, leaking authentication information.

HP TestDirector for Quality Center unauthorized access

Mozilla Firefox information leakage   It's possible to retrieve information about visited URLs from the site.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

eLiteCore Cyberoam SSL VPN Client cleartext passwords   SSL VPN client Username and password are stored in cleartext in the registry.

27.05.2010 Detailed

7! Sun Solaris multiple security vulnerabilities   Crossite scripting in ftpd, DoS against file utilities, buffer overflow in LIBC functions. 6! MySQL multiple security vulnerabilities   Buffer overflow and privilege escalation via COM_FIELD_LIST, DoS because of endless loop on network packet reading. 6! Cisco Network Building Mediator multiple security vulnerabilities   Default accounts, privilege escalation, unauthorized access.

6! GNU glibc library security vulnerabilities   Invalid mntent functions string processing, ELF format parsing memory corruption.

Kingsoft WebShield privilege escalation   Kernel memory overwrite on IOCTL processing.

Webby Web server buffer overflow   Buffer overflow on GET request parsing.

ghostscript code execution   Application is executed by relative path upon .ps file parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

26.05.2010 Detailed

7! HP-UX, IBM AIX, SGI IRIX rpc.pcnfsd format string vulnerability   Format string vulnerability on syslog() call. 6! Linux kernel multiple security vulnerabilities   Information leaks, privilege escalations, DoS. 6! Ziproxy integer overflow   Integer overflows on JPEG and PNG images processing.

Scientific Atlanta DPC2100 cable modems security vulnerabilities   Crossite request forgery. Authentication bypass.

CompleteFTP FTP Server buffer overflow   Buffer overflow on PORT command processing.

barnowl buffer overflow   Buffer overflow on CC: handling.

Apache Axis2 crossite scripting   Crossite scripting via administration interface.

PostgreSQL code execution   It's possible to execute PL/perl or PL/Tcl code via stored procedure.

25.05.2010 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 25.05.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.05.2010 Detailed

9! Adobe Shockwave multiple security vulnerabilities updated since 12.05.2010   Multiple buffer overflows, integer overflows, memory corruptions, code executions.   Wireshark memory corruption   Memory corruption on DOCSIS protocol parsing.   X.Org X11R7 memory corruption   Memory corruption on client application request processing.

HP-UX NFS/ONCplus DoS

Orbit Downloader directory traversal   metalink files directory traversal.

Linux Mint 9 symbolic links vulnerability   mintUpdate utility symbolic links vulnerability.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

MIT Kerberos 5 GSS-API library DoS   NULL pointer dereference in server side code.

USR5463 wireless router crossite scripting   Crossite scripting via configuration page.

20.05.2010 Detailed

HP Performance Manager multiple security vulnerabilities   Unauthorized access, crossite scripting, DoS.   libpurple / Pidgin DoS   Crash on MSN emoticon messages parsing.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP System Management Homepage multiple security vulnerabilities updated since 26.04.2010   Crossite scripting, DoS, unauthorized access, code execution.

MySQL table drop   Under some conditions, files related to different table may be removed on dropping MyISAM table.

18.05.2010 Detailed

6! Ghostscript buffer overflow updated since 12.05.2010   Few buffer overflows.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   SpringSource tc Server authentication bypass   Access with empty password is possible if encrypted passwords are used for JMX interface.

17.05.2010 Detailed

aria2 directory traversal   Directory traversal via metalink files.   HP MFP Digital Sending Software unauthorized access updated since 17.05.2010         Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

libXext race conditions   Race conditions on shared memory access.

14.05.2010 Detailed

6! Free Download Manager multiple security vulnerabilities   Buffer overflows, directory traversals.   KDE KGet files overwrite   It's possible to overwrite files via metalink file.

13.05.2010 Detailed

HP Systems Insight Manager crossite scripting         HP Insight Control Server Migration crossite scripting         VMware View crossite scripting

BaoFeng Storm media player buffer overflow   Buffer overflow on .m3u playlists parsing.

Linux iSCSI DoS   ietd daemon DoS via iSNS request.

Cisco PGW Softswitch multiple security vulnerabilities   Multiple DoS conditions.

IrfanView buffer overflow   Buffer overflow and integer overflow on PSD parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP Performance Center Agent / HP Load Runner Agent code execution   Code execution via TCP/54345 service.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 11.05.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.05.2010 Detailed

6! New local NT attack - TOCTOU (Time-Of-Check-to-Time-Of-Use race conditions) updated since 03.01.2004   If service hooks are used for argument filtering, race conditions are possible between argument check and actual sytem call.   HP OpenView Network Node Manage multiple security vulnerabilities   Vulnerabilities in multiple CGI applications.

11.05.2010 Detailed

8! Microsoft VBA buffer overflow   Buffer overflow on ActiveX elements search on Microsoft Office files parsing. 7! PHP multiple security vulnerabilities   Multiple information lekages, uninitialized memory access, double free(), integer overflows. 6! PCRE library buffer overflow   Buffer overflow on regular expresssion compilation.

MPlayer integer overflow   Integer overflow on RDT streams playing.

Microsoft Windows Mail / Outlook Express integer overflow   Integer overflow on POP3 or IMAP server reply parsing.

Linux kernel DoS   DoS conditions in nfs_wait_on_request, and sg_build_indirect functions.

fetchmail resources exhaustion   Memory exhaustion on debugging information printing.

dvipng / TeX Live memory corruption   Memory corruption on DVI files processing.

MySQL DoS   Local user can execute UNINSTALL PLUGIN funtion

07.05.2010 Detailed

6! ESET Smart Security / Nod32 memory corruption   Memory corruption on LZH archives scanning.

05.05.2010 Detailed

6! Alien Technology ALR-9900 RFID-reader backdoor   There are undocumented remote access methods with undocumented default accounts. 6! Microsoft Wndows / Microsoft Exchange SMTP Service DoS updated since 16.04.2010   Crash on DNS server response parsing, information leak.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

04.05.2010 Detailed

6! GnuTLS library buffer overflow   Buffer overflow in gnutls_x509_crt_get_serial() function on big-endian platforms.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   MDaemon directory traversal   Directory traversal on mailing list configuration files allows to access files with LocalSystem privileges.

Microsoft Internet Explorer, Google Chrome, Opera and Mozilla Firefox DoS   Large buffer within <marquee> tag causes browser to crash.

Kaspersky Antivirus privilege escalation   Antivirus windows is vulnerable to shatter attack.

Microsoft Visio multiple security vulnerabilities updated since 16.04.2010   Multiple memory corruptions.

03.05.2010 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.