30.06.2004 Detailed

7! Llibpng buffer overflow updated since 19.07.2002   Buffer overflow during image processing. 6! Linux TCP options signed/unsigned conversions DoS   TCP option length over 127 bytes can cause infinit loop inside netfilter if options are used in filtering rules.   rsbac protection bypass   suid files can be created from jailed processes.

Pavuk buffer overflow   Buffer overflow during parsing HTTP/305 redirection.

Apache integer overfow updated since 29.06.2004   MIME header length is unlimited, leading to possible memory exhaustion. On 64bit platforms integer overflow during MIME headers parsing (requires sending of large amount of data).

29.06.2004 Detailed

7! ISC DHCP buffer overflow updated since 23.06.2004   Buffer overflow on oversized hostname in DHCP query, if hostname is splitted to few attributes.

6! nCipher netHSM information leak   Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a directly attached keyboard, are exposed in the netHSM system log   popclient buffer overflow   Off-by-one buffer overflow on oversized message line.

MPlayer buffer overflow   Buffer overflow on oversized playlist file/URL entry.

D-LINK 614 DoS   Multiple DHCP processing bugs.

SUN virtual java machine DoS   Invalid fonts handling can crash virtual machine under Windows.

28.06.2004 Detailed

Lotus Notes URI command line modification updated since 24.06.2004   notes: URI allows to execute notes.exe with any arguments, for example to cpecify .ini file location.

26.06.2004 Detailed

6! MacOS X cleartext passwords in memory   Passwords are stored in swap and memory in cleartext. 6! GNATS format string bugs   Format string bug in syslog() call. 6! FreeS/WAN, Openswan, strongSwan, Super-FreeS/WAN multiple certificate problmes   DoS, unauthorized access.

6! Apache mod_proxy buffer overflow

Multiple drcatd bugs   Multiple buffer overflows

CGI bugs updated since 21.06.2004

25.06.2004 Detailed

FreeBSD Alpha DoS   Unaligned execve() argument causes system to crash.   gzexe symlink problem   Unsafe temporary files creation.   gift-fasttrack DoS

BryanFTPD buffer overflow   Buffer overflow on oversized FTP command.

rlpr format string bug updated since 21.06.2004   syslog() format string bug.

24.06.2004 Detailed

Linux Broadcom 5820 Cryptonet driver integer overflow   ubsec_ioctl() function integer overflow.

23.06.2004 Detailed

Linux FireWire drivers integer overflow   Integer overflows in different functions.   rssh protection bypass   Access outside jail is possible.   NetGear FVS318/Microsoft MN-500 Web interface DoS   Limitation for connection number prior authentication without timeouts.

DLink 514 DHCP crossite scripting   Crossite scripting via DHCP request parameters.

BT Voyager SNMP information leak updated since 23.06.2004   Password is accessible for reading via SNMP.

GNU RADIUS SNMP DoS   SNMP packet with invalid oid causes server to crash.

21.06.2004 Detailed

sup format string bug   Format string bug on syslog() call.   ircd-ratbox/ircd-hybrid message flood DoS   If sender type is unknown message rate limitation causes messages to be accumulated in memory.   Format string bug in super updated since 31.07.2002   Format string bug on syslog call

18.06.2004 Detailed

ignitionServer password protection bypass   Zero length password is universal.   linux kerndel floating point exception DoS   Problem with floating point exceptions lead to unstable kernel state.   CGI bugs updated since 14.06.2004

17.06.2004 Detailed

6! Cisco BGP DoS   Router reboots on malformed BGP packet.   IBM eGatherer/IBM acpRunner ActiveX multiple bugs   Unsafe methods allows disk access and scripting.   Linux kernel i2c integer overflow DoS   signed/unsigned conversion problem.

Symantec Enterprise Firewall DNSD cache poisoning   During DNS request parsing neither DNS server authority nor relation between request and response is checked.

Winagent buffer overflow   Buffer overflow on oversized filename.

FreeBSD securelevel protection bypass   It's possible to lower security level by installing new syscall.

15.06.2004 Detailed

6! Irix SGI_IOPROBE privilege escalation   Unprivileged user can access memory.   thy DoS   Incomplete URL causes program to crash.   Skype buffer overflow   Buffer overflow on callto: URL.

14.06.2004 Detailed

7! New Internet Explorer crossite scripting problems updated since 08.06.2004   Location: URL: HTTP header in conjuection with ms-its: handler allows to save file to known location. Crossite scripting with modal dialogs. 6! Subversion/Chora buffer overflow updated since 19.05.2004   Stack overflow on parsing svn*:// IRIs, heap overflow on stack parsing.

11.06.2004 Detailed

7! HP-UX FTP code execution   It's possiblt to execute application on server by specifing '|' in filename. 6! Multiple RealPlayer buffer overflows   Buffer overflow during displaying URLs in .ram, buffer overflow during constructing mem: URLs on error page. Buffer overflows during parsing different file formats.   ksymoops symbolic links   Symlink problem during temporary files processing.

Edimax 7205APL privilege escalation   User can retrieve configuration including cleartext administration password.

NetBSD swapctl DoS

Multiple ISA server bugs   ISA SP2 closes few security holes: buffer overflow during redirect from denied resource, basic credentials may be sent over an External HTTP connection when SSL is required for published server, FTP bounce attack, handles leak in message screener, etc.

CGI bugs updated since 08.06.2004

10.06.2004 Detailed

6! Trendmicro Officesscan privilege escalation   During virus detection help is launched from local system.   Cisco CatOS incomplete TCP session DoS   Invalid packet on 3rd TCP handshake stage causes device to fail if telnet, ssh or HTTP are enabled.   smtp.proxy format string bug   syslog() sender address format string bug.

09.06.2004 Detailed

7! Multiple CVS bugs   Buffer overflows, format strings, double free(). 6! Crystal Reports directory traversal   Web service directory traversal. 6! Oracle E-Business Suite SQL injection updated since 05.06.2004   Multiple SQL injection conditions.

US Robotics Broadband Router 8003 unauthorized access   Password is checked on client side.

Microsoft DirectPlay DoS   Invalid network packets parsing.

08.06.2004 Detailed

6! Multiple MacOS X bugs updated since 08.06.2004   Problems with launching of download application. 6! PHP for Windows shell characters filtration protection bypass   escapeshellcmd()/escapeshellarg() do not work under Windows. 6! FreeBSD jailed process routing table protection bypass   Jailed process can manipulate with routing table.

Linksys Web Camera directory traversal

Linksys BEFSR41 information leak   DHCP reply contains random information from memory.

07.06.2004 Detailed

6! PostgreSQL ODBC buffer overflow         Trend Micro Internet Security crossite scripting updated since 04.06.2004   Web browser component is used for warning message and filename is not filtered.

05.06.2004 Detailed

CGI bugs updated since 31.05.2004

04.06.2004 Detailed

log2mail unfiltered shell characters         NetGear WG602 backdoor account   Backdoor account 'super' with password '5777364' allow web interface access.   Orenosv buffer overflow updated since 26.05.2004   Buffer overflow on parsing GET request.

03.06.2004 Detailed

7! Firebird buffer overflow updated since 10.05.2003   Buffer overflows in gds_inet_server, gds_drop, and gds_lock_mgr during environment and command line processing, in database name. 6! Apache OpenSSL buffer overflow   Buffer overflow if SSLOptions +FakeBasicAuth is used.   TinyWeb Executable code leak   By using /./ it's possible to access file from /cgi-bin

Tripwire format string bug   Format string bug during e-mail report generation.

Linksys multiple routers buffer overflow   Buffer overflow during Web interface authentication.

MIT Kerberos 5 buffer overflow   Buffer overflow in krb5_aname_to_localname

01.06.2004 Detailed

LinkSys Wireless-G administrative access   Web administration interface is available from external network even if turned off administratively.