30.06.2003 Detailed

Abyss Webserver multiple bugs   Buffer overflow, HTTP reply spoofing.   gtksee buffer overflow   Hep overflow on PNG files viewing.   Imagemagic symlink problem   Unsafe temporary files handling.

Mantis weak permisions

28.06.2003 Detailed

WMVare symlink problem

wzdftpd DoS updated since 28.06.2003   DoS он PORT or USER command with empty argument.

Opete shell chatacters bug   Shell characters are not stripped on external program invocation.

ypserv DoS   Server awaits response from the client without processing new reqests.

CGI bugs updated since 09.06.2003

27.06.2003 Detailed

linux execve() unauthorized executable file access   During new application invocation through execve() there is a race condition than parent application can access new discriptor for executable file.

26.06.2003 Detailed

6! Bahamut IRCd format string bug   Format string bug during ident check. 6! Microsoft Windows Media services buffer overflow   Buffer overflow on oversized POST request.   FTP/X buffer overflow   Buffer overflow on parsing server reply.

MRV Optiswitch unauthorized access, unconfirmed   It's possible to bypass username/password check.

Microsoft Media Player Media Library unauthorized access   ActiveX element can access medial library.

25.06.2003 Detailed

6! Alt-N WebAdmin buffer overflow   Buffer overflow in username.   Sun JMF unuathorized java applet memory access   Java applet can access system memory.   Sharp Zaurus unauthorized access   While placed in docking station, SAMBA is started and disk can be accessed without restrictions via any network interface.

Multiple XFree86 bugs   New version of XFree86 contains few security bugfixes.

24.06.2003 Detailed

iWeb directory traversal   Directory traversal with escaped characters.   Armida Databased Web Server buffer overflow   Buffer overflow on oversized URI.

23.06.2003 Detailed

Compaq Web Based Managment multiple bugs updated since 08.11.2000   Access to critical files, crossite scripting, etc.

21.06.2003 Detailed

8! Multiple bugs in TracerouteNG updated since 28.11.2002   Buffer overflows, integer array index overflows. 6! Multiple gnuts bugs   Multiple buffer overflows in different components. 6! mhftpd DoS   names for logged in users are stored in shared memory segment.

6! SurfControl Web Filter directory traversal   Directory traversal in web interface (TCP/8888).

6! Linux-PAM privelege escalation   It's possible to spoof user's group by spoofing terminal device.

Retrospect Client weak permissions   Weak permissions for /Library/StartupItems/RetroClient directory.

Multiple mailtraq bugs   Directory traversal, passwords decryption, format string bugs, crossite scripting, etc.

Avaya Cajun DoS   Negative number sent to TCP/4000 of the gateway causes it to crash.

portmon unauthorized access   It's possible to read any file by specifing it instead of configuration.

Kerio Mail Server multiple bugs   Multiple buffer overflows in WebMail interface. Crossite scripting.

eldav symbolic links problem   Invalid handling of temporary files.

qpopper user existance information leak   During USER/PASS authentication behaviour for invalid username and password is different.

Dune buffer overflow   Buffer overflow on request to user's web home with loversized name.

CGI bugs

Progress multiple bugs updated since 05.04.2003   It's possible to read first line from any file with PROSTARTUP variable. Buffer overflow on DLC variable.

18.06.2003 Detailed

jboss .jsp source code leakage updated since 02.06.2003   By adding %00 то URL it's possible to obtain source code of .jsp page.

14.06.2003 Detailed

Mikmod buffer overflow   Buffer overflow then reading article with oversized attachment filename.   typespeed buffer overflow   Buffer overflow during network packet parsing.   Cistron RADIUS buffer overflow   Buffer overflow on NAS-Port above 2^31.

lyskom-server DoS

ike-scan format string bug   Format string bug during command line processing.

13.06.2003 Detailed

SMC Networks' Barricade Wireless Cable/DSL Broadband Router DoS   Invalid PPTP packet causes router to crash.   AIX utilities multiple bugs   Buffer overflows in errpt -T option parsing, lsmcode environment parsing. Symbolic link bug in diagrpt.   FakeBO format satring bug   Format string bug during syslog() call with remote host name.

10.06.2003 Detailed

8! HP-UX multiple bugs   Multiple bugs including remote overflow in rpc.yppasswdd.   NucaWeb Server directory tracersal   Directory traversal with ..   Nokia GGSN DoS   IP packet with invalid options causes device to crash.

Linux ICMP information leak   Because of invalid size calculation for SMTP packet with error code, it contains data from memory.

09.06.2003 Detailed

7! Multiple Internet Explorer bugs updated since 05.06.2003   New cumulativ update fixes buffer overflow and code execution. 6! SpeakFreely multiple bugs   Multiple buffer overflows 6! mail buffer overflow updated since 03.06.2003   Buffer overflow on parsing Cc: header in message.

6! Multiple bugs in Apache updated since 29.05.2003   Bugs causing remote DoS and under some specific conditions to code execution.

6! Переполнение буфера в eterm (buffer overflow) updated since 14.01.2002

Buffer overflow in zblast   Local overflow gives egid games.

Multiple bugs in FTP clients   Bugs during parsing FTP server data.

xaos privilege escalation   Program is installed as suid root.

Novell Netware HTTPSTK DoS   Invelid processing for Keep-Alive packet.

Novell iChain buffer overflow

gzip znew symbolic links problem   Unsafe temporary files creation.

cups DoS   DoS on incomplete header.

Mini HTTP Server buffer overflow   Buffer overflow on oversized URL.

WWW&FTP Server directory traversal   Directory traversal with /../

06.06.2003 Detailed

6! Solaris syslogd buffer overflow   Buffer overflow on files larger than 1024 bytes.   AdSubtract Proxy protection bypass   Any host with 127.0.0.1 in PTR record can bypass any ACL limitations.   HP-UX ftpd REST bug   Because of a bug in REST processing value given is treated as a memory address. It makes it possible to read any memory block.

IP address limitation protection bypass in OpenSSH   Only reverse resolution is checked, it allows to spoof record in reverse zone.

CGI bugs updated since 02.06.2003

05.06.2003 Detailed

6! kon2 buffer overflow   Buffer overflow in /usr/bin/kon on oversized -Coding parameter.   man format string bug   Format string bug during processing internationalization data from catalog file.   atftpd buffer overflow   Buffer overflow on uploadnign file with oversized name.

Buffer overflow in ArgoSoft FTP updated since 05.06.2003   Buffer overflow in all commands.

CA Unicenter password recovery   It's possible to recover original password.

04.06.2003 Detailed

IRCXPro multiple bugs   Passwords are stored in cleartext, remote control is enabled by default with default password.   Pablo FTP Service multiple bugs   Anonymous user has full disk access by default. Passwords are stred in cleartext.

03.06.2003 Detailed

7! Microsoft Internet Information Services multiple bugs updated since 29.05.2003   Windows Media Services DoS, Crossite scripting, local buffer overflows, DoS through WebDAV. 6! Multiple Pi3Web bugs updated since 15.01.2002   Buffer overflow and DoS conditions.   Crob FTP server Fotmat string bug   Format string bug in processing USER command.

02.06.2003 Detailed

8! Microsoft IIS WebDav buffer overflow updated since 18.03.2003   Buffer overflow in path conversion routine.   Desktop Orbiter memory leak   On every connection to TCP/51054 memory is allocated and never released back to system.