31.07.2002 Detailed

10! Buffer overflows in OpenSSL   4 different buffer overflows. 6! perl getpwuid problem   Getpwuid call doesn't clode /etc/shadow, it leaves the possibility to access file descriptor after privelege are dropped. 6! Privelege escalation in util-linux chfn   Unchecked race conditions under file decriptors leaves ability to modify /etc/passwd.

6! Buffer overflow in IPSwitch IMail updated since 21.05.2002   Buffer overflow in LDAP and webmail subsystem.

6! Microsoft Mediaplayer ediaplayer .ASX/.NSC/.ASF buffer overflow, .WMS code execution updated since 15.11.2000   Oversized tag in .asx file causes buffer overflows. Skins allow code execution on client side with .WMS files.

Symbolic link problem in pppd   It's possible to change file permisions via symbolic link by using it as a tty device.

Buffer overflow in fake ident   Off-by-one buffer overflow

Directory content leakage in Abyss   Using URL with number of /// it's possible to obtain directory listing.

mm temporary files handling problems   User with Apache web server priveleges can obtain root access.

Format string bug in hylafax updated since 13.04.2001   Format string bug gives euid uucp

Protection bypass in adobe eBook updated since 21.07.2002   It's possible to bypass some protection working with book.

29.07.2002 Detailed

6! Multiple bugs in different hardware         Microsoft Internet Explorer cash path leakage via XML   It's possible to obtain path of loaded document by using XML exception handlers.

26.07.2002 Detailed

7! Buffer overflow in Novell GroupWise updated since 26.07.2002   Buffer overflow in RCPT SMTP command. 6! Multiple bugs in JanaServer updated since 22.07.2002   Multiple vulnerabilities including buffer overflows.   Unauthorized access to confixx   Server may be accessed via default account mysqlshell-user.

CGI bugs

Kazaa DoS updated since 24.02.2002   Large number of messages or message of large size causes DoS

25.07.2002 Detailed

9! Buffer overflow in Microsoft Exchange   Buffer overflow on EHELO reply parsing. 7! Buffer overflow in codeblue. updated since 18.02.2002   Buffer overflows on SMTP response parsing. 6! Directory traversal in Cobalt Qube Admin

6! Buffer overflow in Pegasus Mail   Buffer overflow on large message headers.

6! Protection bypass in Microsoft Metadirectory Services   It's possible to obtain LDAP access.

Crossite scripting in Mailman updated since 29.11.2001

24.07.2002 Detailed

6! Code execution via Eudora   Using META REFRESH it's possible to launch mhtml file.   Weak encryption in VNC   Duplicated challenges are generated during challenge-response authentication.   pine DoS   Empty boundary field causes pine to crash.

CPU exhaustion in ICQ   Large number of smiles in messages cause CPU exhaustion.

Cookie protection bypass in Mozilla   It's possible to obtain cookie by spoofing valid hostname in javascript: URL. For example f.location = "javascript://www.google.com/\n"+ "'<body onload=alert(document.cookie)>'";

DoS against Windows and other systems updated since 20.05.2000   A number of fragmented packet cause host to freeze during the attack.

23.07.2002 Detailed

Buffer overflow in VanDyke SecureCRT   Buffer overflow in ssh client code.   Buffer overflow in Mailmax   Buffer overflow in USER command.   Directory traversal in Pablo's FTP server

22.07.2002 Detailed

Pyramid BenHur Firewall protection bypass   By using TCP/20 as a source port it's possible to bypass firewall protection.   Directory traversal in Aquonics File Manager

19.07.2002 Detailed

Buffer overflow in WWW Offline Explorer   Buffer overflow on negative Content-Length.   CGI bugs updated since 12.06.2002         File locking DoS in üãäåøçäó ãåøäøåøóû updated since 25.05.2002   It's possible to cause DoS by putting locks to required files.

Information leak in Oracle Reports Server   It's possible to obtain system data.

Protection bypass in linux   setgid() call doesn't change saved gid.

18.07.2002 Detailed

Crossite scripting in Macromedia Sitespring   Crossite scripting via 500error.jsp   Multiple bugs in Python   Input validation problems in pickle module.   Multiple problems in Jigsaw   DOS-device DoS, path disclosure.

CGI bugs updated since 15.07.2002

Multiple bugs in Resin updated since 18.06.2002   Directory traversal in demo JSP-pages, DoS.

15.07.2002 Detailed

6! Buffer overflows in IBM Tivoli   Multiple buffer overflows.

13.07.2002 Detailed

6! Buffer overflow in MFC ISAPI   Buffer overflow on HTTP request parsing. 6! RealONE Player Gold / RealJukebox2 multiple bugs   Buffer overflow and local zone scripting during skin file processing.   FreeBSD ktrace problem   It's possible to obtain sensitive data from suid process's memory after dropping privileges.

Different software bugs

CGI bugs updated since 11.07.2002

Mail relaying via IIS SMTP service   Unauthorized mail relayin then using speciall address format.

12.07.2002 Detailed

Multiple bugs in popcorn   Buffer overflows, DoS, etc.

11.07.2002 Detailed

6! Buffer overflow in PGP Outlook Encryption Plug-in   heap overflow on message decoding.   Sharp Zaurus multiple bugs   Remote filesystem access, weak pseudo-random numbers generation.   Crossite scripting in Microsoft Internet Explorer   It's possible to get full access to OBJECT's elements.

CGI bugs updated since 17.06.2002

10.07.2002 Detailed

7! Buffer overflow in iPlanet Web Server updated since 09.07.2002   Buffer overflow and directory traversal in NS-rel-doc-name header if search capabilities are turned on.   Unreal3.2-rus.b ircd DoS against users   It's possible to kick any user by selecting nickname different in 1 cyrillic character.   Multiple bugs in icecast. updated since 27.06.2001   It's possible to cause server's DoS and access mp3 files in any directory.

09.07.2002 Detailed

Watchguard Firebox DoS   Specially crafted data sent to TCP/4110 causes Dynamic VPN Configuration Protocol service to crash.   Directory content leakage in KF Web Server   Invalid processing of %00 in URLs.

08.07.2002 Detailed

Connection flood DoS against BEA Weblogic   If Performance Pack installed server crashes on connection flood .   MacOS X autoupdate weak protection   Digital signature is not checked during update process.   artswrapper format string bug   Format string bug in command line parsing.

WinAmp autoupdate feature buffer overflow   Buffer overflow during www.winamp.com response parsing.

05.07.2002 Detailed

Worldspan DoS   Invalid request causes server to hang.   Format string bug in nn   Format string bug in server replyes printing.

04.07.2002 Detailed

6! Directory traversal in Argosoft Mail Server Plus/Pro   Webmail companent directory traversal. 6! Buffer overflows and multiple bugs in squid updated since 21.02.2002   Buffer overflow on ftp:// URLs, memory leaks, etc.   Traffic amplifying via Unreal Tournament   In reply to single UDP packet server will send multiple UDP packet with payload.

Weak encryption in SunPCi II VNC   Password is DES encoded with random key generated by server and moved over the wire.

Multiple buffer overflows in Microsoft Commerce Server updated since 27.06.2002   Buffer overflows in Profile Service

03.07.2002 Detailed

7! Root directory access in Cisco Secure ACS   By adding additional slah to URL after hostname it's possible to address root folder.   Inktomi Traffic Server buffer overflow   traffic_manager buffer overflow during command line parsing.   CGI bugs updated since 01.07.2002

Multiple bugs in OpenSSH ssh-keysign   Vulnerable to Kocher timing analysis attack, some programming errors.

Directory content leakage in CommunigatePro   By adding . or .. to the path it's possible to obtain directory listing.

02.07.2002 Detailed

Sitespring Server DoS   Sending predefined byte sequence to TCP/2500 causes database engine to crash.   Source code leakage in JRun   Adding some sequences to request it's possible to obtain JSP source code.   OmniHTTPd buffer overflow updated since 16.05.2001   Buffer overflow on long POST request, on long HTTP version.

Buffer overflows in AnalogX Proxy updated since 26.07.2000   Multiple buffer overflows in different protocols

01.07.2002 Detailed

Shell metacharacters in Simple WAIS 1.11   '|' is not commented during external program execution.   2fax buffer overflow   Buffer overflow in -bpcx command line option.