30.07.2004 Detailed

DansGuardian protection bypass   URL escaping allows to bypass URL filtering.   OpenFTP format string bug   Format string bug in SITE msg send command.   CGI bugs updated since 26.07.2004

29.07.2004 Detailed

9! Check Point VPN-1 buffer overflow   Buffer overflow on parsing ASN.1 notation.

SoX multiple buffer overflows   Few buffer overflow on parsing .wav files.

Multiple personal firewall protection bypass   By using scripting and crossite scripting malware script can bypass protection against access to external sites and bypass sites restriction.

28.07.2004 Detailed

8! HP-UX CIFS (Samba) buffer overflow   Buffer overflow leads to unauthorized remote access.   FTP Glide cleartext passwords   Passwords are stored in puvlic folder in cleartext.

26.07.2004 Detailed

6! eSeSIX Thintune backdoor   Backdoor on port TCP/25702, it's possible to obtain ICA and RDP usernames/passwords. 6! MacOS X Internet Connect symbolic links   ppp.log is created in /tmp in unsafe way. 6! Microsoft Systems Management Server client memory corruption updated since 15.07.2004   Malcrafted data to TCP/2702 port causes memory corruption.

6! HP-UX Xfs buffer overflow updated since 14.07.2004   Buffer overflow on oversized line in configuration file (sgid bin).

Mozilla Firefox certificate spoofing   By using onunload() method it's possible to use certificate of any site.

APC PowerChute DoS   It's possible to prevent access to server or agent.

23.07.2004 Detailed

7! Samba SWAT buffer overflow   Buffer overflow in Base64 decoding functions. 6! HP Tru64 UNIX/OpenVMS/HP-UX DCE server buffer overflow updated since 26.06.2004   Buffer overflow on RPC parsing.   Conceptronic CADSLR1 buffer overflow   Buffer overflow on oversized HTTP Authorization: header.

Flash FTP directory traversal

XITAMI invalid request endless loop updated since 21.11.2003   If HTTP header doesn't contain ':' server goes into endless loop.

21.07.2004 Detailed

Cisco ONS DoS   Malformed packet causes device to crash.   Lexmark T522 buffer overflow   Buffer overflow on oversized HTTP Host: header.   WWW File Share Pro buffer overflow   Buffer overflow on oversized path in GET request.

CGI bugs updated since 19.07.2004

20.07.2004 Detailed

6! SCO MMDF multiple buffer overflows   Multiple buffer overflows.   Whisper FTP buffer overflow   Buffer overflow on oversized filename.

19.07.2004 Detailed

6! L2TPd buffer overflow

17.07.2004 Detailed

CGI bugs updated since 14.07.2004

14.07.2004 Detailed

8! Microsoft HTML Help buffer overflow   Buffer overflow on CHM format parsing. 6! Microsoft Windows Task Scheduler buffer overflow   Buffer overflow during .job files parsing. 6! 4D Webstar multiple bugs   Buffer overflow, information leakage, symbolic links.

6! PHP memory corruption   Invalid exceptional conditions handling allows memory corruption leading to code execution.

6! IBM AIX Inventory Scout symbolic links problem   Unsafe temporary dirs usage.

Windows Shell file type spoofing   By using class id in content-disposition it's possible ti spoof file type. Content-Disposition: attachment; filename=malware.{3050f4d8-98B5- 11CF-BB82-00AA00BDCE0B}fun_ball_gites_pie_throw%2Empeg"

Microsoft Internet Information Server buffer overflow   Buffer overflow on oversized URL to redirected site.

Windows POSIX subsystem buffer overflow   POSIX subsystem overflow allows privilege escalation.

Mozilla crossite scripting   By using local cache it's possible to access local files.

PHP strip_tags protection bypass   Insertion null character into tag allow protection bypass for few browsers.

FoxMail buffer overflow updated since 14.07.2004   Buffer overflow on oversized From:

Microsoft Outlook Express DoS   Invalid mail headers processing.

13.07.2004 Detailed

6! Bugzilla multiple bugs   SQL injection, shell escaping problems, information leakage.   Adobe Acrobat Reader buffer overflow   Buffer overflow on filename parsing.

12.07.2004 Detailed

6! Multiple bugs in Ethereal updated since 31.05.2002   DoS and buffer overflows on different protocols parsing.   wvWare buffer overflow   Buffer overflow on parsing MS Word document DateTime filed.

09.07.2004 Detailed

6! Mozilla Network Neighbourhood code execution   By using shell:NETHOOD\ URL it's possible to execute file from any Network Neighbourhood host.   Shorewall symbolic links problem   Temporary files and directories are created in unsafe manner.   Norton AntiVirus DoS   Programs hangs with 100% on malcrafted executable file.

SSLTelnet format string bug   Format string on syslog() in ssltenetd SSL_set_verify().

CGI bugs updated since 05.07.2004

08.07.2004 Detailed

Nokia 3560 DoS   It;s possible to cause denial of service by sendimng malcrafted message.   DiamondCS Process Guard protection bypass   Untrusted process widh administrative permissions can disable protection system using direct memory access.   Passid EasyDisk protection bypass   If EasyDisk was accessed from same system in previous session, authentication is not required to access EasyDisk encrypted files after reboot.

07.07.2004 Detailed

6! Multiple browsers security dialogs race conditions   By forcing user to type predictable characters, key sequences or mouse clicks it's possible to conduct situation user event will be received by shortly appeared security dialog (for example "Save file" dialog can apper then user is about to press Y key).

06.07.2004 Detailed

7! MySQL unauthorized access   During password check length of the user-supplied password is used.   XFree XDM TCP port protection bypass   XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0.   Multiple Webmail systems crossite scripting updated since 31.05.2004   Crossite scripting via Content-Type.

05.07.2004 Detailed

6! Multiple Fastream Netfile bugs   Directory traversal, DoS. 6! Enterasys XSR DoS   Router crashes on packet with RR option.   Linux Virtual Server procfs DoS   Virtual machine users can change /proc permissions.

Unreal ircd ip cloacking protection bypass   To hide real IP hash of IP address with simple hashing algorithm is used.

03.07.2004 Detailed

7! Multiple linux kernel bugs   chown: users can change the group affiliation of arbitrary files to the group they belong to, missing DAC check in chown(2): local privilege escalation, overflow with signals: local denial-of-service, pss, mpu401 sound driver: read/write to complete memory, airo driver: read/write to complete memory, ALSA: copy_from_user/copy_to_user confused, acpi_asus: read from random memory, decnet: write to memory without checking, e1000 driver: read complete memory   Esearch symbolic links problem   eupdatedb creates files in /tmp without checking for symbolic links.   Multiple Netegrity products crossite scripting   Web interface crossite scripting.

IBM WebSphere Edge DoS   Server crashes on incomlete HTTP request.

CGI bugs updated since 28.06.2004

BrightMail information leak   Message classified as SPAM are available without authentication.

Dr.Web for OpenBSD failure updated since 02.07.2004   Small stack size causes daemon fail to start if LocalScan = no configured whth message stack overflow in function int scanMail(int, time_t *, int, int, const char *)

02.07.2004 Detailed

6! Wingate unauthorized access   wingate-internal virtual deirectory of HTTP proxy server allows to download any file located on server.   Domino Web Access DoS   Message with large broken image causes server to crash on message reading.

01.07.2004 Detailed

6! FreeBSD Linux compatibility subsystem privilege escalation   It's possible to access kernel memory via system calls. 6! Cisco Collaboration Server unauthorized access   Unauthorized users can upload any file and gain administrative privileges   Lotus Domino quota settings change   By using IMPAP setquota command it's possible to change quota settings.

HP-UX ObAM WebAdmin unauthorized access

ZyXel Prestige 650 buffer overflow   Buffer overflow on oversized password.