30.06.2006 Detailed

8! Multiple OpenOffice security vulnerabilities   BASIC macro auto launch without user intercation, Java applet sandbox protection bypass, XML parsing buffer overflow. 7! MacOS X launchd formatstring vulnerabilitiy   Format string vulnerability on syslog() call. 6! PatchLink Update Server / Novell ZenWorks multiple security vulnerabilities   SQL injections, unauthorized access.

6! Cisco wireless access points unauthorized access   It's possible reset access point security settings to defaults.

6! Novell GroupWise unauthorized access   Windows Client API allows non-authorized email access within the same authenticated post office.

6! lipbng buffer overflow

Apple OpenDirectory DoS   slapd assert() on malformed bind request.

Siemens Speedstream wireless routers unauthorized access   UPnP unauthorized access.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 30.06.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

mutt mail agent buffer overflow   Buffer overflow on parsing IMAP server reply.

Asterisk IAX2 VoIP PBX and multiple IAX clients DoS updated since 07.06.2006   DoS on IAX2 channel processing.

29.06.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   CA Integrated Threat Management, eTrust Antivirus, eTrust PestPatrol format string vulnerability updated since 28.06.2006   Format string bug in job description field.

28.06.2006 Detailed

6! Multiple Wireless Control System vulnerabilities   Configuration access, unauthorized device access, crossite scripting. 6! Lotus Domino DoS   Invalid vCal meeting request causes 100% CPU utilization.   Opera SSL certificate spofing   After file download dialog for SSL enabled site page is incorrectly shown as SSL protected with SSL certificate of downloaded file.

libgd /libwmf graphics library infinite loop   Infinite loop in GIF data LZW decoding.

MailEnable DoS   SMTP HELO command with non-ASCII character causes service to crash.

Quake 3 multiple vulnerabilities   Server can upload any file to client's home directory bypassing file sxtension limitations if Automatic Downalods function enable. Buffer overflow.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

27.06.2006 Detailed

6! HashCash antispam token generator array overflow   Heap array overflow.   BitchX / epic IRC client integer overflow   Integer overflow on parsing server banner.   OpenLDAP slurpd buffer overflow   Buffer overflow on oversized hostname during replication.

GlobeTrotter Mobility Manager security protection bypass   It's possible to bypass keylogging protection by making screenshots.

EnergyMech IRC bot DoS   Crash on empty CTCP NOTICE message.

ARX PrivateWire security toolbox buffer overflow   Online Registration Facility oversized GET request buffer overflow.

PHP Safe Mode protection bypass   error_log allows restricted files access.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

pinball privilege escalation   Shared library is loaded from current directory.

Mozilla Network Security Services library memory leak updated since 23.06.2006   256 bytes are leaked on every RSA cryptographic operation.

25.06.2006 Detailed

BotDetect ASP.NET CAPTCHA security protection bypass   It's possible to bypass protection by using replay attacks.   Trend Micro Control Manager crossite scripting   It's possible to inject script into username.   HP-UX DoS

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Windows Live Messenger buffer overflow   Heap overflow on .ctt file import.

23.06.2006 Detailed

6! Real Helix RTSP Server memory corruption   Heap memory corruption on HTTP headers parsing. 6! Opera integer overflow   Integer overflow leads to buffer overflow on space allocation for JPEG image.   Cisco Secure ACS weak authentication   After authentication user is redirected to dynamic port. Authentication is perfomed only by target port and client IP address.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

22.06.2006 Detailed

7! WinAMP buffer overflow   Buffer overflow on MIDI files playing. 6! Microsoft Internet Explorer filtering protection bypass   For ASCII codepage 8-bit text is converted to 7-bit. It makes it possible to bypass content filters with 8-bit characters within ASCII encoded text. 6! Multiple MailSweeper MIMESweeper mail filters security vulnerabilities   DoS conditions, filtering bypass.

6! Opera 9 buffer overflow   Buffer overflow on oversized HREF.

MiMMS streaming media download utility buffer overflow   Buffer overflow on reading data from server.

NetPBM pamtofits buffer overflow   Off-by-one buffer overflow on input file parsing.

Jaguarsoft JEdit ActiveX information leak   It's possible to retrieve sensitive information about user's computer.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

GnuPG memory corruption   Memory corruption on message packet with a large length.

21.06.2006 Detailed

6! Toshiba bluetooth stack buffer overflow   "BlueSmack" attack (L2CAP echo request large payload) causes buffer overflow.   Cisco CallManager crossite scripting         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.06.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.06.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Cisco Secure ACS crossite scripting   LogonProxy.cgi crossite scripting.   HP-UX Support Tools Manager

17.06.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 17.06.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.06.2006 Detailed

6! Microsoft Windows SMB/CIFS privilege escalation updated since 13.06.2006   MRxSmbCscIoctlOpenForCopyChunk buffer overflow. In additions, there are DoS vulnerabilities not covered by MS06-30.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.06.2006 Detailed

6! KDE kdm symbolic links problem   Suid root application tries to read configuration from ~/.dmrc file without checking for symbolic links. It makes it possible to read few trings from any file with symbolic link. 6! Kaspersky Antivirus multiple vulnerabilities   Unsafe kernel mode components implementation leads to Denial of Service and potentially to privilege elevation. Most serious problem is user mode code can access kernel memory. 6! Sendmail multipart messages DoS   High recurscion level in multipart MIME messages causes stack overflow (exhaustion, not overrun).

IBM DB2 Universal Database multiple denial of service conditions

Sun iPlanet symbolic links problem   pipe_master suid root application tries to read configuration from msg.conf file with relative path without checking for symbolic links. It makes it possible to read few trings from any file with symbolic link.

MySQL DoS   "select str_to_date( 1, NULL );" request causes database server to crash.

PicoZip zipinfo.dll buffer overflow   Buffer overflow on oversized filenames in different archivers formats.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

dhcdbd memory corruption   Invalid server response lead to memory corruption.

14.06.2006 Detailed

9! Microsoft Windows RRAS Service buffer overflow updated since 13.06.2006   Buffer overflows in service RPC interface. May be used by network worm. 9! Windows ICMP DoS (potential code execution) updated since 09.02.2006   Buffer overflow on ICMP packets with Loose Source and Record Route IP options. Short message translation: There are DoS conditions in Windows 2000 built-in NAT server. Tested configuration: Windows 2000 English Standard/Advanced Service Pack 4 + Update Rollup 1 for Service Pack 4 with NAT server enabled. While routing packets with options "Loose Source and Record Route" defined by RFC 791 through server, Windows crashes to BSOD with error in tcpip.sys or ntoskrnl.exe, or system hangs or system began instable work. It doesn't metter if packets are from internal or external networks. Use attached script to test vulnerability. On Windows 2003 problem doesn't present. It's also likely same problem to present in Windows 2000 + ISA 2000. Code execution is potentially possible. 8! Multiple Microsoft Internet Explorer security vulnerabilities updated since 13.06.2006   Multiple memory corruptions, address bar spoofing, cross-frame data access. May be used for hidden malware installation.

7! Windows Media Player PNG files buffer overflow updated since 13.06.2006   Buffer overflow on PNG files processing.

6! Microsoft Exchange Outlook Web Access crossite scripting updated since 13.06.2006   Crossite scripting on message reading.

Microsoft Windows 2000 RPC spoofed server attack   Mutual authentication is not actually performed.

Microsoft Windows 2000 AOL Image Support Update ART images buffer overflow updated since 13.06.2006   Buffer overflow on ART images processing.

13.06.2006 Detailed

9! Microsoft Word memory corruption updated since 20.05.2006   Malformóâ object pointer memory corruption is used in-the-wild for malware distribution. 8! Microsoft JScript (Internet Explorer) memory corruption   Memory corruption on objects release. May be used for hidden malware installation. 8! Symantec multiple security applications buffer overflow   Buffer overflow in remote management interface (TCP/2967).

7! Microsoft Power Point memory corruption   Memory corruption can be used for hidden malware installation.

Multiple FAST360 Appliance security vulnerabilities   DNS requiest processing DoS, HTTP filtering bypass.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.06.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Gentoo Linux JPEG library DoS   Compilation option to limit amount of available memory is not turned on allowing memory exhaustion attacks.

11.06.2006 Detailed

CesarFTP buffer overflow   Buffer overflow in MKD FTP command.   WinSCP URI handler command execution   scp:// and sftp:// URI handlers allow to transmit unsafe paramters via command line.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

10.06.2006 Detailed

Overkill game DoS   Zero byte to game server port leads to crash.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.06.2006 Detailed

HP-UX Secure Shell DoS         HP OpenView Storage Data Protector unauthorized access   Arbitrary command execution is possible.   gdm (Gnome Desktop Manager) privilege escalation   Unprivileged user can access gdm configuration if face browser feature is on.

Mathcad Password weak encryption   Area password is stored in base64.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Windows software restriction policy protection bypass   By using RunAs function it's possible to launch any application.

08.06.2006 Detailed

6! Courier mail server DoS   Infinite loop if recipient name contains '=' before '@'. 6! PostgreSQL / MySQL extended character sets SQL injections updated since 25.05.2006   It's possible to use character different from quote sign in different encodings.   Sun Grid Engine unauthorized access   It's possible to shut down grid service without authentication.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

07.06.2006 Detailed

7! WinGate proxy server buffer overflow   Buffer overflow on oversized POST request.   Multiple Ingate Firewall / SIParator vulnerabilities   Crossite scripting, denial of service.   TIBCO Rendezvous messaging software buffer overflow   Buffer overflow in web administration interface.

Microsoft NetMeeting memory corruption

Unauthorized D-Link DWL-2100ap wireless access points access   It's possible to retrieve configuration via Web interface with request like http://dlink-DWL-2100ap/cgi-bin/Intruders.cfg.

libgd graphical library DoS   gdImageCreateFromGifPtr() GIF decoding infinite loop.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 07.06.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

06.06.2006 Detailed

7! Spamassassin spam filtering engine code execution   Code execution is possible with malformed message if spamd is executed with options -v and -P.   SUN Storage Automated Diagnostic Environment weak permissions         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

05.06.2006 Detailed

Quake 3 game engine buffer overflow   Buffer overflow on oversized compressed packet.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.06.2006 Detailed

9! Multiple Mozilla / Firefox / Thunderbird / Netscape / Seamonkey security vulnerabilities updated since 02.06.2006   Localzone scripting with code execution, memory corruption, HTTP response splitting, array overflow, javascript filtering bypass.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   SNORT HTTP request rules bypass updated since 02.06.2006   It's possible to traverse all HTTP rules by using CR ('\r') as a space characters in requests.

02.06.2006 Detailed

6! FreeBSD ypserv NIS access protection bypass   /var/yp/securenets access control restrictions do not work. 6! Linux / FreeBSD kernel SMBFS/CIFSFS chroot restriction bypass updated since 28.04.2006   It's possible to traverse chroot directory.   Avast! antivirus code execution

F-Secure antiviruses Web console buffer overflow

IBM DCE Kerberos DoS

Weak xmcd security permissions   xmcdconfig creates workd-writable file allowing DoS attacks to fill file system.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

01.06.2006 Detailed

Secure Elements Class 5 AVR multiple security vulnerabilities   Sensitive information disclosure and spoofing, protection bypass, DoS, unauthorized system access.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.