29.06.2010 Detailed

7! libtiff multiple security vulnerabilities updated since 23.06.2010   Multiple memory corruptions on tiff files parsing. 6! D-Link DAP-1160 routers unauthroized access   Uhauthorized remote configuration is possible via DCC (D-Link Click'n'Connect) protocol and Web interface.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Nuance OmniPage multiple security vulnerabilities   Current versions of Microsoft Windows libraries are replaces with outdated ones during installation process.

28.06.2010 Detailed

Cisco Adaptive Security Appliance crossite scripting   Crossite scripting via ewsponse splitting.

26.06.2010 Detailed

9! Adobe Flash Player / Acrobat / Reader memory corruptions updated since 11.06.2010   Multiple vulnerabilities on Flash content parsing.

25.06.2010 Detailed

8! Mozilla Firefox / Seamonkey multiple security vulnerabilities   Multiple memory corruptions, integer overflow, use-after-free, information leak, buffer overflow, content filterinf bypass. 6! Novell iManager buffer overflows   Few different buffer overflows. 6! libneon library / svn buffer overflow   Buffer overflow in NTLM authorization implementation.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.06.2010 Detailed

6! Linksys WAP54G access point unauthroized access updated since 15.06.2010   Debug interface with hardcoded Gemtek/gemtekswd account is available.   AnNoText ADVOAkte multiple security vulnerabilities   Buffer overflow and files overwriting in ActiveX component.   Wing FTP Server DoS   Crash on PORT command parsing.

UFO: Alien Invasion code execution   Code execution on IRC server command parsing.

Codeorigin Sysax Multi Server DoS   Multiple buffer overflows in different FTP commands.

Skype for Mac OS X DoS   Crash on chat message with specific Unicode characters.

Weborf Web server DoS updated since 23.06.2010   Crash on invalid connection: header.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

fastjar archiver directory traversal   Directory traversal during file extraction.

Microsoft Windows CHM files protection bypass   It's possible to bypass CHM file locking protection for file downloaded from Internet.

20.06.2010 Detailed

7! Samba buffer overflow   Buffer overflow and DoS conditions on SMB request parsing. 6! HP OpenView Network Node Manager multiple security vulnerabilities updated since 09.06.2010   Memory corruption on HTTP and SNMP request processing.   Sudo protection bypass   It's possible to bypass PATH variable sanitization be setting few PATH variables.

pmount symbolis links vulnerability   Insecure creation of lock files.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

TitanFTP directory traversal updated since 17.06.2010   xcrc and comb commands directory traversal

17.06.2010 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   XnView buffer overflow   Buffer overflow on MBM images parsing.

16.06.2010 Detailed

7! UnrealIRCd IRC server multiple security vulnerabilities   Buffer overflow, backdoor code.

15.06.2010 Detailed

6! Cisco Unified Contact Center Express directory traversal   Directory traversal in TCP/6295 service, DoS.   Cisco Application Extension Platform privilege escalation   Privileged actions may be performed by unprivileged user via API.   Sophos Anti-Virus privilege escalation   Memory corruptio on system calls processing.

D-Link DI-604 router vulnerabilities   Crossite scripting, buffer overflow in administration interface.

McAfee UTM Firewall crossite scripting   Crossite scripting in administration interface.

14.06.2010 Detailed

8! Microsoft Internet Explorer code execution   It's possible to execute code via hcp:// handler. 7! Microsoft Office multiple security vulnerabilities updated since 09.06.2010   Code execution via embedded COM objects, multiple Excel memory corruptions 6! Multiple Sourcefire weak encryption vulnerability   Same private key is used in all devices.

6! Microsoft Windows win32k privilege escalation updated since 08.06.2010   Multiple memory corruptions.

pcsc-lite buffer overflow   PCSCD buffer overflow

Perl protection bypass   Safe.pm protection bypass

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cherokee Web-server DoS updated since 05.11.2009   Crash on DOS special device name.

11.06.2010 Detailed

9! Apple Webkit / Safari / Google Chrome multiple security vulnerabilities updated since 08.06.2010   Multiple memory corruptions, code execution.   Creative Software AutoUpdate Engine 2 ActiveX buffer overflow   Buffer overflow in BrowseFolder() method   ISC DHCP server DoS   Server stops on request with zero length client ID.

09.06.2010 Detailed

7! Code execution with multiple ActiveX components in Microsoft Windows updated since 08.06.2010       6! Microsoft .Net XML signing protection bypass   Only part of signature is compared in case of incomplete HMAC. 6! Microsoft SharePoint multiple security vulnerabilities   Crossite scripting, information leak, DoS.

6! Microsoft Windows OpenType Compact Font Format driver memory corruption   Memory corruption on IOCTL processing.

Microsoft IIS memory corruption   Memory corruption if Extended Protection for Authentication is enabled.

08.06.2010 Detailed

8! Microsoft Internet Explorer multiple security vulnerabilities   Crossite scripting, information leakage, multiple memory corruptions. 7! Microsoft Windows media files parsing memroy corruption   Memory corruption on JPEG / MJPEG parsing.   CA ARCserve Backup information leak

RSA Key Manager SQL injection   SQL injection during data decryption.

Exim hard links vulnerability   Hard links vulnerability on mail dirs and lock files handling.

Core FTP Server multiple security vulnerabilities   Multiple buffer overflows, directory traversals, DoS conditions.

07.06.2010 Detailed

6! HP StorageWorks Storage Mirroring unauthorized access         HP ServiceCenter crossite scripting         Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple browsers DoS updated since 20.05.2010   Mail program compose message window is created for avery frame with mailto:, news:, nntp:, etc URI.

03.06.2010 Detailed

7! SBLIM SFCB multiple security vulnerabilities   Buffer overflow and integer overflow in TCP/5988, TCP/5989 interfaces.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Wing FTP Server crossite scripting   Crossite scripting in administration interface.

02.06.2010 Detailed

7! Novell ZENworks buffer overflow   Buffer overflow on TCP/998 traffic parsing. 6! Netgear WG602v4 router buffer overflow   Buffer overflow during web access authentication. 6! Transmission torrent client buffer overflow   Buffer overflow on URL parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

EMC Avamar DoS   Crash on network messages parsing.

nano editor symbolic links vulnerability   Race conditions during temporary files creation.

Applicure dotDefender crossite scripting   Crossite scripting in administration interface.

01.06.2010 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 01.06.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   nginx information leak   It's possible to access page source code by adding %20 to URI.