30.06.2005 Detailed

7! Multiple Veritas Backup Exec backup solutions vulnerabilities updated since 24.06.2005   Multiple vulnerabilities, including remote buffer overflows and DoS. 7! Microsoft Message Queuing buffer overflow updated since 13.04.2005   Buffer overflow in RPC-based protocol. 6! Multiple ClamAV antivirus DoS vulnerabilities   Descriptors leak on MS-Expand and CAB files.

Soldier of Fortune II array index overflow   /ignore command array index overflow.

Nortel Communication Server FTP DoS

Adobe Reader for Linux symbolic links problem   Symbolic links problem on temporary files creation.

Cisco RADIUS authentication bypass   It's possible to bypass RADIUS authorisation is NONE is set at fallback authentication method.

FreeBSD ipfw packet filter race conditions   Because of insuddicient locking it's possible to corrupt cached lookup table on machines with threading PREEMPTIVE multitasking.

29.06.2005 Detailed

DSX Raritan Console Servers weak permissions   Executable files are writable by unprivileged users.

28.06.2005 Detailed

7! RealPlayer multiple vulnerabilities updated since 24.06.2005   Heap overflow on RealText format parsing. Heap overflow on AVI files parsing. Possibility to overwrite local files, ActiveX execution from MP3 file.   Infradig Systems Inframail Advantage Server mail and FTP server buffer overflow   Buffer overflow in SMTP MAIL FROM: and FTP NLST commands.   Dell computer Windows XP administrators weak password   During system installation Administrator account is created with empty password.

Nokia / Symbian mobile phones bluetooth DoS   0x09 0x0A characters in nickname causes bluetooth device to crasg on searching.

Adobe Acrobat Reader local files access updated since 17.06.2005   By using XML External Entity document script can access local files and have them sent to remote site.

27.06.2005 Detailed

6! PHP calendar functions buffer overflow   Buffer overflow in calendar functions, e.g. JDToGregorian() on large integer.   IA eMailServer IMAP format string vulnerability   IMAP mail server LIST command format strinb vulnerability.   TCP-IP Datalook socket sniffer buffer overflow   Buffer overflow on malformed request.

25.06.2005 Detailed

6! ClamAV antivirus Qantum compression DoS   Compression with small windows size causes anti virus to crash.   IBM DB2 universal database protection bypass   User with only SELECT permissions can can insert, update or delete records.   PHP, ASP, CGI web applications security vulnerabilities updated since 20.06.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

24.06.2005 Detailed

7! Linux kernel msync race conditions   Race conditions allow inject dynamic library into process space. 6! Sendmail clamav-milter antivirus DoS   By keeping client connection for a long time during database reloads it's possible to prevent server from accepting new connections.   HP VCRM (Version Control Repository Manager) information leak   A part of the password may be shown if one contains '@' sign.

SGI Irix arrayd authentication spoofing

Multiple Sun Solaris perl modules problems   Safe.pm protection bypass, CGI.pm crossite scripting.

Multiple Linux kernel vulnerabilities   DoS with signal handler, another one ptrace privilege escalation vulnerability.

23.06.2005 Detailed

IpSwitch WhatsUp network management solution SQL injection   SQL injection during Web interface authentication process.   Lotus Domino multiple vulnerabilities updated since 13.04.2005

22.06.2005 Detailed

Asterisk VOIP PBX software buffer overflow   Stack overflow on CLi commands processing.   Ruby object-oriented language protection bypass updated since 22.06.2005   Error in XMLRPC module.   tor anonymizing communication service information leak   Client can view arbitrary memory content.

PicoWebServer Web Server buffer overflow updated since 30.05.2005   Stack overflow on HTTP GET request parsing.

21.06.2005 Detailed

6! PeerCast p2p multimedia broadcasting format string vulnerability updated since 30.05.2005   Format string bug on HTTP request parsing. 6! Multiple tcpdump / ethereal sniffers vulnerabilities updated since 28.04.2005   Endless loops during handling RSVP, ISIS, BGP, LDP protocols, buffer overflows in ANSI A, GSM MAP, AIM, DISTCC, FCELS, SIP, KINK, LMP, Telnet, TZSP, WSP, BER, SMB, H.245, Bittorrent, Fibre Channel and many others.   Lyris List Manager multiple vulnerabilities

Enterasys Vertical Horizon switches backdoor accounts   There is undocumented backdoor account tiger/tiger123, in addition some privileged control character combination are available to unprivileged user from console or telnet session.

Novell Netmail weak permissons   uid/gid 500/500 is incorrectly set as file owner.

Multiple browsers dialog content spoofing   It's possible to spoof dialog window origin.

Novell Groupwise Client memory cleartext password   Cleartext password is stored in memory.

20.06.2005 Detailed

6! Sudo symbolic links race condition   If sudoers file contains specific records, race conditions exist to spoof command with symlink. 6! Sun Java / BlackDown Java sandbox protection bypass   Applet can bypass sandbox limitation to exefute privileged functions.   Cisco VPN 3000 groupname enumeration   Different bahaviour for valid and invalid groupname in IKE aggressive mode.

OpenBSD ip_ctloutput() DoS   Error in the "ip_ctloutput()" function can be exploited by using the "getsockopt()" to retrieve IPsec credentials for a socket.

Deep Freeze protection bypass updated since 17.06.2005   With debugging application it's possible to bypass system state protection.

RealVNC / WinVNC terminalservice information leak   Before authentication client receives information about operation system and platform.

18.06.2005 Detailed

JBoss application server information leak   Insuficcient request validation allows to obtain server installation, configuration and version information.   fig2vect drawing format convertor buffer overflow   Buffer overflow in pdf_encode_str() while converting text to PDF format.   PHP, ASP, CGI web applications security vulnerabilities updated since 14.06.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

17.06.2005 Detailed

Gentoo Linux webapp-config symbolic links problem   Symbolic links problem on temporary files creation.   Razor agent spam filtering network DoS   Few bugs causing application crash or infinite loop.   Sun Solaris lpadmin symbolic links problem

Yaws Webserver source code leak   %00 at the end of executable file allows to see it's content.

16.06.2005 Detailed

6! ViRobot anti-virus server buffer overflow updated since 21.08.2003   Multiple buffer overflows.   Finjan SurfinGate content filtering protection bypass   It's possible to bypass URL filtering by using escape sequences.

15.06.2005 Detailed

8! Microsoft Internet Explorer PNG images buffer overflow   Heap overflow on large specific PNG chunk. 8! Microsoft Windows HTML Help files parsing buffer overflow   Heap overflow on HTML help (.chm) files structure parsing. 8! Microsoft Windows SMB file system client buffer overflow updated since 09.02.2005   Buffer overflow on nework protocol parsing.

6! Microsoft ISA Server proxy / firewall multiple vulnerabilities   Cache poisoning problem, NetBIOS predefined filter vulnerability.

6! Microsoft Windows Web Client service (WebDav client) buffer overflow   Buffer overflow on client request parsing.

6! Microsoft Outlook Web Access crossite scripting updated since 08.07.2003   It's possible to inject script into message and to acces username/password.

Microsoft Agent content spoofing   Microsoft Agent ActiveX allows to spoof trusted site content.

Microsoft Step-by-Step Interactive Training buffer overflow   Buffer overflow on link files (.cbo, .cbl, .cbm) parsing.

Microsoft Outlook Express NNTP client buffer overflow   Buffer overflow on NNTP server reply parsing.

Multiple system telnet client information leak   Telnet server can request client's environment variables.

14.06.2005 Detailed

7! Multiple bugs in OpenSSL updated since 30.09.2003   Rpbolem with stack corruption, uninitialized memory references. 6! Sun Java Webstart virtual machine protection bypass   It's possible to bypass sandbox environment. 6! Multiple Macromedia products licensgin service privilege escalation   Ilcensing service file has weak permisions and may be spoofed by local user.

Novell eDirectory directory services special DOS device names DoS   Special devices access causes error in dhost.exe.

Multiple bluetooth devices DoS   Traffic or connection flood leads to denial of service.

12.06.2005 Detailed

Symantec PcAnywhere privilege escalation   By using "Caller Properties" it's possible to execute application with Local System privileges.   Adobe License Manager privilege escalation   It's possible to obtain Local System privileges.   Cisco switches protected Voice VLANs protection bypass   Malformed CDP (Cisco discovery protocol) message opens access to voice VLAN from data VLAN.

PHP, ASP, CGI web applications security vulnerabilities updated since 07.06.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

shtool shell tools set synbolic links problem updated since 26.05.2005   gen_tmpfile symbolic links problem.

Pico Server web server multiple vulnerabilities updated since 16.05.2005   Information leak, directory traversal.

10.06.2005 Detailed

6! Multiple AIX privilege escalations   invscout, diagTasksWebSM, getlvname utilities buffer overflows.   Pragma TelnetServer crossite scripting   Crossite scripting if log files are stored in HTML format.   SGI Irix rpc.mountd privilege escalation   Under some conditions write access is possible to read only exports.

C-JDBC clastered database access interface information leak   Vulnerability in caching mechanism allows to access cached data without access rights validation.

xmysqladmin MySQL administration utility symbolic links problem   Unsafe temporary files creation.

MacOS X launchd synbolic links race conditions   Unsafe temporary files creation.

tattle SSH attacks protection script shell characters problem   Insufficient filtering of command parameters during external program incovation allows remote code execution.

TFTPD 2000 TFTP Server DoS

Leafnode NNTP proxy DoS updated since 06.05.2005   DoS ifserver closes connection before all data received.

08.06.2005 Detailed

7! Multiple Linux kernel vulnerabilities   DoS and possible code execution on invalid mmap() arguments, ptrace problem rase again on amd64 platform. 6! Kaspersky Antivirus privilege escalation updated since 06.06.2005   klif.sys driver removes supervisor memory protection bit. It's code can be modified from user space application and to be executed in kernel mode. 6! IBM WebSphere Application Server administrative console buffer overflow updated since 03.06.2005   Buffer overflow during authentication process.

6! Multiple FTP servers path globbing DoS updated since 16.03.2001   Command like ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* causes server to hang.

silvercity lexical analysis application symbolic links problem   Symbolic links problem on temporary files creation.

07.06.2005 Detailed

Sun One application server directory traversal         FlexCast audio video streaming server authentication vulnerability         Sun Solaris libc privilege escalation

Raknet network library DoS   Endless loop with 100% CPU usage on empty UDP packet.

AOL Instant Messenged integer overflow   Integer overflow on signed type during buffy icon GIF file parsing.

ePSXe Sony PlayStation emulator buffer overflow   Buffer overflow on command line parsing.

06.06.2005 Detailed

LutelWall Linux firewall symbolic links problem   Symbolic links problem in update script.   Giptables firewall symbolic links problem   Symbolic links problem in startup script.   Everybuddy translation script symbolic links problem   Symbolic links problem during temporary files creation.

Crob FTP Server buffer overflow   Buffer overflow in different FTP commands.

FUSE Linux userland filesystem interface information leak   Memory page is not zeroed, it leads to information leak from kernel space.

Multiple Clavister Security Gateway Appliance Firewall vulnerabilities   DoS on IP packets handling. Weak authentication mechanism.

03.06.2005 Detailed

LiteWeb Web Server protection bypass   It's possible to bypass password protection by adding additional slashes to URL.   Fortinet Fortigate firewall backdoor account   maintainer/pbcpbn[serial number] account has local root access to device.   PHP, ASP, CGI web applications security vulnerabilities updated since 30.05.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

02.06.2005 Detailed

6! Microsoft ISA Server 2000 firewall DoS   Microsoft Internet Security and Acceleration Server's Firewall crashes when heavy network traffic is received from a SecureNAT client.   e-Post SPA-PRO mail server buffer overflow   Buffer overflow in IMAP login command.   HP OpenView RADIA management portal notify daemon buffer overflows   Buffer overflow on oversized RADEXECD process command.

01.06.2005 Detailed

6! Symantec Brightmail AntiSpam database unauthorized access   Static built-in password is used to access database.   Hummingbird InetD FTP Server, LPD server multiple vulnerabilities   Buffer overflows, DoS.   Ettercap network security analysis tool format string vulnerability   Format string bug on curses_msg() call.