30.06.2009 Detailed

6! Huawei D100 wireless router multiple security vulnerabilities   Undocumented unchangable telnet account admin:admin, information leakage.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. LinksExchanger - Crossite scripting. phpMyAdmin - Crossite scripting.

29.06.2009 Detailed

7! PHP memory corruption   Memory corruption on EXIF data parsgin from JPEG file via exif_read_data().   libpng information leak   During displaying of 1-bit image with width values that are not divisible by 8 data from non-initialized memory is used.

Baofeng Media Player buffer overflow   Buffer overflow on SMPL playlists parsing.

Ruby DoS   Crash on oversized string in BigDecimal.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS SiteLogic: SQL injection, crossite scripting, information leak.

27.06.2009 Detailed

7! Adobe Shockwave Player memory corruption   Memory corruption on Adobe Director 10 files parsing. 6! stardict information leakage   Clipboard content is broadcasted into network. 6! HP OpenView Network Node Manager SNMP code execution updated since 14.06.2009   Bufffer overflow in rping application.

Multiple MSN messengers SSL certificates vulnerabilities   Server certificate is not validated.

26.06.2009 Detailed

Motorola Timbuktu Pro remote control software buffer overflow   Buffer overflow via PlughNTCommand named pipe.   Samba security vulnerabilities   smbclient format string vulnerability, ability to change file permissions if file is already open.   Unisys Business Information Server buffer overflow   Stack-based buffer overflow on network request processing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 25.06.2009   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

25.06.2009 Detailed

Multiple OpenSSL DoS conditions   Multiple vulnerabilities on DTLS handling.   Cisco ASA Web VPN multiple security vulnerabilities   Crossite scripting, filtering bypass, information leak.   Cisco Physical Access Gateway DoS   Memory leaks on HTTPs processing.

Cisco Video Surveillance products security vulnerabilities   DoS, unauthorized camera access.

24.06.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   amule shell characters vulnerability   Shell characters vulnerability on video file filename.

23.06.2009 Detailed

7! WebKit / Apple Safari multiple security vulnerabilities updated since 09.06.2009   Multiple memory corruptions, local files access.

22.06.2009 Detailed

6! ToolTalk rpc.ttdbserverd buffer overflow   Buffer overflow in _tt_internal_realpath RPC procedure.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.06.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.06.2009   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.06.2009 Detailed

Edraw PDF Viewer ActiveX unauthorized access   FtpConnect() method allowd to upload any file to any location.   PHP safemode execution protection bypass   It's possible to bypass safemode protection by inserting few backslashes into command.

18.06.2009 Detailed

6! Apple iPhone functionality abuse   By using tel: URI it's possible to force phone to dial some number without user's confirmation.   Nokia 6212 multiple security vulnerabilities   DoS, URI spoofing.   Linux kernel DoS   Deadlog on splice calls handling.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.06.2009 Detailed

8! Apple java code execution   User-controlled pointer dereference in apple.laf.CColourUIResource() method.   irssi off-by-one buffer overflow   Off-by-one overflow on server data processing.

16.06.2009 Detailed

CA ARCserve Backup DoS   Crash on malfrmed TCP/6503 RPC messages parsing.   Netgear DG632 router multiple security vulnerabilities   Authentication bypass and DoS via web interface.   Link Logger syslogd DoS   Crash on syslog traffic flood.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

14.06.2009 Detailed

8! Mozilla Firefox multiple security vulnerabilities   Privilege escalations, crossite scripting, DoS, race conditions, SSL spoofing if HTTP proxy is used, multiple memory corruptions. 8! Microsoft Word buffer overflows updated since 11.06.2009   Fre different buffer overflows on document parsing. 8! Windows print spooler multiple security vulnerabilities updated since 10.06.2009   Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading.

7! Microsoft Active Directory multiple security vulnerabilities updated since 09.06.2009   Double free() vulnerability, memory leaks.

6! Microsoft Excel multiple security vulnerabilities updated since 10.06.2009   Multiple buffer overflows, memory and pointers corruptions.

6! Apache Tomcat multiple security vulnerabilities updated since 05.06.2009   Information leak, user enumeration, DoS, directory traversal.

DX Studio Player Firefox plug-in code execution   It's possible to execute system commands via Javascript API.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 14.06.2009   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FreeBSD IPv6 interface DoS   Unprivileged user can set options and disable interface.

FreeBSD information leak   Integer overflow on pipe implementation allows reading data from another process' memory.

F5 FirePass 4100 crossite scripting updated since 14.11.2007   SSL VPN download_plugin.php3, page backurl parameter, my.logon.php3, my.activation.php3 crossite scripting.

Google Chrome DoS   <script>location.hostname = "%";</script> causes endless loop.

11.06.2009 Detailed

8! Microsoft Internet Explorer multiple security vulnerabilities updated since 09.06.2009   Crossite data access, multiple memory corruptions. 7! Microsoft Power Point multiple security vulnerabilities updated since 12.05.2009   Multiple buffer overflows, memroy corruptions, integer overflows, etc.   Mozilla Firefox for Linux / Unix DoS   Crash on large size GIF used ad body background.

Mizilla Firefox / Opera DoS   Large number of netsted embedded elements leads to crash or resources exhaustion.

10.06.2009 Detailed

6! Microsoft Windows kernel multiple privilege escalation   Multiple vulnerabilities in different subsystems. 6! Microsoft Wordpad / Microsoft Works multiple security vulnerabilities updated since 14.04.2009   Buffer overflows and memory corruptions on different file formats conversions.   Microsoft Windows RPC privilege escalation   Uninitialized porinter dereference in RPC Marshalling Engine.

Microsoft Windows Search information leak   Crossite scripting on search results.

09.06.2009 Detailed

6! Microsoft IIS WevDAV authentication bypass   It's possible to access resources? requireing authentication anonymously. 6! Rasterbar / libtorrent / firetorrent / qBittorrent / deluge Torrent directory traversal   Directory traversal on .torrent files processing. 6! libpurple / Pidgin buffer overflow updated since 01.09.2008   Buffer overflow on MSN SLP messages parsing.

eCryptfs information leak   mount passphrase may be logged to installation log.

ImageMagick integer overflow   Memory corruption on TIFF dimensions procesing.

08.06.2009 Detailed

6! SAP GUI ActiveX buffer overflow   Buffer overflow in SAPIrRfc component Accept() method.   HP Discovery & Dependency Mapping Inventory unauthorized access

06.06.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   GStreamer Good Plug-ins DoS   Crash on malformed PNG image.

05.06.2009 Detailed

XM Easy Personal FTP Server DoS   Buffer overflow on HELP and TYPE commands.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Apache apr-util webDav DoS updated since 02.06.2009   Memory consuption on large number of Entity elements.

file utility buffer overflow   Buffer overflow on .msi, .doc, .mpp files analysis.

04.06.2009 Detailed

7! Apple iTunes multiple security vulnerabilities   Buffer overflow on different URIs handling. 7! Apple QuickTime multiple security vulnerabilities updated since 02.06.2009   Buffer overflows and memory corruptions on PICT, CRGN, FLC, PSD, AVI, Sorenson Video 3, JPEG2000 parsing. 6! Apple Mac OS X xterm memory corruption   Integer overflow on CSI[4 ESC-sequence.

CUPS DoS   NULL pointer dereference on IPP_TAG_UNSUPPORTED tag parsing.

02.06.2009 Detailed

8! Safenet SoftRemote buffer overflow   Buffer overflow in UDP/62514 port IKE service 6! Linux kernel multiple security vulnerabilities   CIFS client buffer overflow, Xen DoS, nfs4 files execution.   ASMAX AR 804 gu router commands execution   System commands execution via Web interface.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple ACDSee applications vulnerabilities   Buffer overflow on TIFF images and font parsing.

01.06.2009 Detailed

7! SonicWALL format string vulnerability updated since 27.05.2009   Format stirng vulnerability on server log parsing and during authentication.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.   Wireshark DoS   Crash on PCNFSD packet parsing.

Apache protection bypass   Invalid IncludesNOEXEC option processing allows code execution via included .shtml files.

VMWare DoS   DoS from virtual machine if Descheduled Time Accounting Service is installed.

Linksys WAG54G2 commands injection   It's possible to inject command via Web interface.