29.06.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

27.06.2008 Detailed

Motion video monitoring program buffer overflow   Buffer overflow in HTTP server.

26.06.2008 Detailed

6! Gnome / Evolution HTML parsing memory corruption   Memory corruption on HTML parsing, including HTML messages in Evolution.

6! Pidgin memory corruption   Memory corruption on malcrafted filename in MSN protocol. 6! Rhythmbox media player buffer overflow   Buffer overflow on .pls files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: Crossite Scripting. ExpressionEngine: Crossite scripting.

25.06.2008 Detailed

6! Cisco Unified Communications Manager multiple security vulnerabilities   Computer Telephony Integration Manager DoS (TCP/2748) The Real-Time Information Server SOAP interface (TCP/2556) unauthorized access.   5th street game client formatstring vulnerability   Format string vulnerability on messages parsing.   ClamAV antivirus DoS   Uninitialized memory reference on Petite-copmpressed files parsing.

World in Conflict game server DoS   NULL pointer dereference on zero data block.

Call of Duty game server DoS   Few vulnerabilities lead to server crash.

23.06.2008 Detailed

6! XnView / NConvert / GFL SDK buffer overflow   Buffer overflow on oversized Sun TAAC files 'format' field.   PHP safe_mode protection bypass   Protection bypass with posix_access(), chdir(), ftok() functions.   Jscape Secure FTP Applet sessions spoofing   SSH key is not checked.

Diigo Toolbar crossite scripting   Crossite scripting with publiñ comments.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

exiv2 / libexiv2 DoS   Division by zero on zero Nikon lens metadata parameter.

19.06.2008 Detailed

6! Cisco Intrusion Prevention System DoS   Problem on jumbo-frames parsing.   CA ARCserve Backup Discovery Service DoS   Malformed request causes service to crash.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.06.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   cbrPager shell characters vulnerability   Shell characters vulnerability in archive filenames.   fetchmail multiple security vulnerabilities   NULL pointer dereference, uninitialized pointer dereference.

Skulltag game server DoS   Server hangs on malcrafted packet.

Crysis games server DoS   NULL pointer dereference on oversized request to HTTP/XML-RPC interface.

16.06.2008 Detailed

DUC NO-IP weak encryption   Password is stored in world-readable registry entry in reversable encryption form.   S.T.A.L.K.E.R. game server DoS   Crash on player name longer than 64 characters.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger - information leak, crossite scripting. Simple Machines - crossite scripting.

GSC privilege escalation   Privileges are only checked on client side.

Returnil Virtual System protection bypass   Configuraiton file encryption password is stored in cleartext in process memory.

14.06.2008 Detailed

6! mt-daapd buffer overflow   Buffer overflow on POST request processing. 6! HP OpenView Network Node Manager code excution   Integer overflow on TCP/8886 request parsing. 6! Microsoft Windows PGM DoS   Infinite loop on PGM packet parsing.

Apple Safari for Windows multiple security vulnerabilities   Code execution through DLL spoofing, filename spoofing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Active Directory DoS   Uninitialized memory reference on LDAP processing.

Microsoft Windows WINS privilege escalation   Memory corruption on packet parsing.

13.06.2008 Detailed

7! X Server multiple security vulnerabilities   Inteer overflows, memory corruptions, information leak in different extensions.

11.06.2008 Detailed

7! Microsoft DirectX code execution   MJPEG format AVI and ASF files parsing vulnerability, SAMI files parsing vulnerability. 7! Apple QuickTime buffer overflow updated since 10.06.2008   Buffer overflow on PICT images, INDEO video parsing. 6! Microsoft Internet Explorer multiple security vulnerabilities   Crossite scripting, information leak.

6! Microsoft Wndows Bluetooth stack code execution   The Windows Bluetooth Stack does not correctly handle a large number of SDP requests.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

uTorrent / BitTorrent DoS   Web UI HTTP request Range: header DoS.

Citect CitectSCADA memory corruption   Memory corruption in TCP/20222 ODBC service.

Microsoft Vista speech recognition unauthorized access updated since 03.02.2007   Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound.

10.06.2008 Detailed

7! FreeType2 library multiple security vulnerabilities   Multiple integer overflows, buffer overflows, memory corruptions. 6! OpenOffice integer overflow   Buffer overflow in rtl_allocateMemory() on different file formats parsing. 6! Multiple SNMPv3 authentication implementations bypass   User-supplied number of signature bytes are checked on signature validation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.06.2008 Detailed

8! Linux kernel multiple security vulnerabilities   Buffer overflow in CIFS and SNMP ASN.1 parsing code. Buffer overflow in DCCP. 6! Akamai Red Swoosh crossite scripting   Crossite request forgery to embedded web server is possible.   Network General Enterprise Administrator privilege escalation   Administrative access doesn't require authentication.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

07.06.2008 Detailed

NASA BigView buffer overflow   PNM images parsing buffer overflow.   Asterisk voice server DoS updated since 05.06.2008   SIP protocol parsing NULL pointer dereference in pedantic mode. Uninitialized memory reference on in ooh323 channel driver.

06.06.2008 Detailed

F5 Firepass crossite scripting   Crossite scripting via crossite scripting protection management page.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 06.06.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   VMWare multiple security vulnerabilities updated since 05.06.2008   Multiple privilege escalation in guest OS.

05.06.2008 Detailed

8! Cisco PIX / ASA multiple security vulnerabilities   TCP ACKs DoS, TLS DoS, instant messenger DoS, HTTPs request parsing DoS, Control-plane ACLs feature bypass. 8! Sun Java System Active Server Pages multiple security vulnerabilities   Information leaks, commands injection, directory traversals, buffer overflows, authentication bypass. 7! CA ETrust Secure Content Manager Gateway multiple security vulnerabilities   Buffer overflow on FTP PASV and LIST commands.

6! HP ActiveX code execution   HPISDataManager.dll code execution.

6! Kaspersky Antivirus IOCTL privilege escalation   IOCTL 0x800520e8 buffer overflow.

6! HP StorageWorks Storage Mirroring buffer overflow   TCP/1100, TCP/1106, UDP/1105 authentication buffer overflow.

6! Akamai Download Manager ActiveX code execution updated since 01.05.2008   Undocumented properties allow code download and execute.

Linksys WRH54G wireless router DoS   Web-interface crash on invalid HTTP request.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Skype protection bypass   Dangerous file protection dialog bypass.

04.06.2008 Detailed

6! C6 Messenger Installation Url Downloader ActiveX code execution   It's possible to download and execute file. Vulnerability is used in-the-wild for hidden trojan code installation. 6! libxslt memory corruption   XSL file parsing memory corruption. 6! libvorbis multiple security vulnereabilities   Multiple integer overflows and denial of service.

Linux kernel multiple security vulnerabilities   fcntl() race conditions, tehuti driver privilege escalation.

Apache Tomcat crossite scripting   host-manager username crossite scripting.

02.06.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phloger: SQL injection.

01.06.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.