30.07.2005 Detailed

7! Cisco routers IOS IPv6 vulnerability   Bug during IPv6 packets parsing leads to router crash and potentially to code execution. 6! Novell eDirectory NMAS unauthorized access   Forgotten password recovery option allows to recover password without answering secret question. 6! Opera 8 multiple security vulnerabilities updated since 16.06.2005   Crossite scripting on message generation if automatic redirection is disabled. javascript: crossite scripting. XMLHttpRequest object crossite access. Download dialog spoofing. Crossite scripting on image dragging.

29.07.2005 Detailed

gopher symbolic links problem   Symbolic links problem on temporary files creation.

PHP, ASP, CGI web applications security vulnerabilities updated since 25.07.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

28.07.2005 Detailed

6! Sophos Antivirus buffer overflow       6! McAfee WebShield applience backdoor account   There is built-in account with predefined login and password. 6! HP OpenView Radia Management Agent code execution updated since 30.04.2005   Directory traversal on external application invocation.

27.07.2005 Detailed

8! Multiple Mozilla / Firefox / Funderbird browsers and mail agent vulnerabilities updated since 13.07.2005   Multiple crossite scripting vulnerabilities, bypassing scripting protection, code execution. 7! MDaemon attachments directory traversal   Directory traversal on attachment saving in content filtering option.   Multiple eMule vulnerabilities   DoS on Kad protocol parsing. Vulnerable version of zlib protocol is used.

Microsoft Windows USB drivers buffer overflow   Buffer overflow on USB device response parsing.

FreeBSD IPSec authentication bypass   Static key is used for AES-XCBC-MAC algorithm.

SCO Unixware RPC request DoS   Invalid bind request causes RPC portmapper service to hang.

IBM Access information leak   Critical data is stored in shared memory segment, open for reading and writing.

ekg Gadu Gadu client / libgadu multiple vulnerabilities updated since 05.07.2005   Symbolic links problem on temporary files creation. Unfiltered shell characters. Libgadu integer overflow. Multiple platform-specific problems.

26.07.2005 Detailed

6! ProFTPD format string vulnerabilities   Format string in directory name on shutdown message.   Sun Solaris libmle privilege escalation         Hauri antivirus updates and antiviral databases content spoofing   Files integrity is not checked during update process.

FTPShell FTP Server DoS   Few FTP connections terminated without QUIT command cause service to crash.

Apache SSL buffer overflow   Buffer overflow on ssl_callback_SSLVerify_CRL( ) function.

3com office connect wireless access point information leak

Hobbit Monitor DoS   Denial of Service during network message parsing.

netpbm / pstotext PostScript code execution updated since 25.07.2005   -dSAFER option is not used while calling GhostScript.

25.07.2005 Detailed

7! Multiple ClamAV antivirus integer overflows   Integer overflows on multiple file formats ( TNEF, CHM, FSG) parsing lead to heap corruption.   Gentoo Linux sandbox portage package management system utility symbolic links problem   Race conditions during temporary files creation.   Multiple Siemens Santis 50 wireless router vulnerabilities   DoS, local network administration backdoor access.

SAP R/3 Internet Graphics Server directory traversal   Directory traversal on accesing htdocs folder.

Unfiltered shell characters in vim editor   modelines mode shell characters problem on file open.

24.07.2005 Detailed

GoodTech SMTP Server for Windows DoS updated since 08.06.2005   Incomplete e-mail addres in RCPT TO: command causes server to crash. Oversized RCPT TO: causes buffer overflow.

22.07.2005 Detailed

6! Multiple MySQL database management system vulnerabilities   Multiple DoS, vulnerable zlib version is used. 6! Multiple Avast! antivirus ACE archives vulnerabilities   Directory traversal, buffer overflow.   Greasemonkey Firefox extension information leak   Privileged functions are available with GM_xmlhttpRequest().

Multiple DNRD Domain Name Relay Daemon vulnerabilities   Multiple buffer overflow

Small HTTP Server FTP Server directory traversal

KF Webserver protection bypass   By requesting resource like http://[victim_address]/All%20Disk%20Drives/C:/ it's p[ossible to access protected directory.

Mozilla XPCOMM Race Conditions   Race conditions on object deletion prior to complete page download laed to application crash.

PHP, ASP, CGI web applications security vulnerabilities updated since 18.07.2005

BIG-IP multiple problems updated since 13.07.2005   Certificates handling problem allows to bypass authentication process.

Xerox WorkCentre Pro multiple vulnerabilities updated since 08.07.2005   Multiple Web interface vulnerabilities: authentication bypass, DoS, crossite scripting.

21.07.2005 Detailed

6! FreeBSD defvs jail restrictions bypass   It's possible to access restricted hidden device nodes from kailed environment.

20.07.2005 Detailed

PeanutHull Dynamic DNS client privilege escalation   Help subsystem is launched with local system privileges.

19.07.2005 Detailed

6! Multiple MDaemon mail server vulnerabilities   DoS on incomlete CRAM-MD4 handshake, buffer overflow on IMAP CREATE command. 6! Novell GroupWise WebAccess multiple bugs updated since 17.01.2005   Crossite scripting, unauthorized access.   Multiple Race Drivers game vulnerabilities   Buffer overflows, format string bugs,

MRV InReach console server restrictions protection bypass   If SSH key is used for authentication ports restrictions are not applied.

18.07.2005 Detailed

Shoreline Firewall (ShoreWall) protection bypass   If MAC addres authentication is used, all security rules and policies are bypassed.   Futuresoft TFTP Server multiple vulnerabilities updated since 01.06.2005   Directory traversal, buffer overflow.

17.07.2005 Detailed

9! Microsoft Windows Color Management module buffer overflow updated since 13.07.2005   Buffer overflow during ICC tags processing in different graphics formats, including JPEG. 9! Sun Solaris LD_AUDIT privilege escalation updated since 28.06.2005   LD_AUDIT environment variable allows to attch external dynamic library compiled with ld.so library. In addition, there is buffer overflow while parsing this variable.   Multiple PowerDNS bugs   LDAP questions are not properly escaped, leading to deadlock with LDAP server. Race conditions then clients with recursion allowed are unable to perform recursive query after query from the client with recursion denied.

Microsoft Outlook special DOS device names DoS   Microsoft Outlooks gangs on the messages with attachment with special device name.

PHP, ASP, CGI web applications security vulnerabilities updated since 11.07.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.07.2005 Detailed

7! Multiple Internet Explorer JPEG parsing problems   Multiple problems including memory corruption on JPEG parsing.   Skype communicator symbolic links problem   Symbolic links problem on temporary files creation.   Sybase EAServer buffer overflow   Buffer overflow in TreeAction.do CGI.

JRun authntication token race conditions   Race conditions lead to situation same token is issued to few clients.

DG Remote Control Server DoS   Malcrafted network packet causes service to crash.

Belkin wireless routers multiple vulnerabilities   Default admin account with no password, passwords in cleartext.

15.07.2005 Detailed

6! Remote Windows XP DoS   Access behind allocated memory on network packets handling. 6! WinAmp MP3 files ID3v2 tags buffer overflow   Buffer overflow on oversized ID3v2 tag fields.   Sophos antivirus ZIP files Denial of Service   Infinite loop while parsing ZIP files with BZIP2 comperssion and invalid archive length.

Multiple SquirrelMail vulnerabilities updated since 14.07.2005   Crossite scripting, possibility to verwrite other user settings.

14.07.2005 Detailed

6! Cisco Security Agent IP packet DoS   If a crafted IP packets with certain characteristics are sent to a Windows platform running CSA 4.5, Windows will halt with a blue screen and system crash.   Cisco ONS telnet service DoS   Sending a specially crafted stream of data to a telnet session can cause the session to lock up.   OpenLdap pam_ldap / nss_ldap weak password change encryption updated since 04.07.2005   TLS is not used with LDAP server during password change, password is transmitted in cleartext.

13.07.2005 Detailed

8! Multiple MIT krb5 Kerberos 5 vulnerabilities   krb5_recvauth() double free() problem. Buffer overflow and memory corruption in KDC. 8! Microsoft Internet Explorer buffer overflow updated since 29.06.2005   Buffer overflow while parsing document with embedded non-ActiveX <object> elements. 7! Multiple MacOS X vulnerabilities   System wide denial of service on parsing malcrafted TCP packet. Possibility to overwrite system widget.

6! Microsoft Word buffer overflows   Stack overflow on font information parsing.

Apple Darwin Streaming Server special device name DoS   DoS with Web interface while requesting document with special DOS device name.

Electronic Mail Operator symbolic links problem   stats_dump() symlink problem during temporary file creation.

Heartbeat symbolic links problem   Smlink problems on temporary files creation in different code fragments.

Multiple SoftiaCom wMailServer vulnerabilities   Users passwords are stored in unsafe place. Buffer overflow on oversized SMTP command.

MailEnable mail server multiple vulnerabilities updated since 07.04.2005   DoS on extended ASCII characted in EHLO command. Multiple IMAP buffer overflows. Authorization HTTPS buffer overflow.

12.07.2005 Detailed

6! Multiple Cisco Call Manager vulnerabilities updated since 12.07.2005   Memory corruptions, memory leaks and DoS. 6! Linux kernel ia32 compatibility for 64 bit platforms race condtions   Race conditions with heap memory corruption in execve() syscall. 6! Squid proxy server DNS reply spoofing   Blind DNS server reply spoofing is possible.

SMS symbolic links problem   Symbolic links problem during insecure tamporary files creation in mpl.sh.

xpvm symbolic links problem   Symbolic links problem in xpvm.tcl during temporary files creation.

MMS Ripper Microsoft Media Services streams buffer overflow   Heap overflow on MMST stream ID parsing.

Microsoft IIS RCP/Encoded SOAP services DoS   Infinite loop on complex arrey parsing.

dhcpcd DHCP client DoS   Size conformance between datagrame size and data size is not controlled.

Hardware Cisco IP phones SIP messages spoofing updated since 07.07.2005   Due to insufficient data validation an attacker can send Messages-Waiting message to phone.

Multiple McAffee Intrushield IPS (intrusion prevention system) vulnerabilities updated since 07.07.2005   Multiple web interface vulnerabilities including crosssite scripting and privilege escalation.

Sukria backup manager weak repository permissions updated since 10.06.2005   Repository is world readable. Insecure temporary files creation.

10.07.2005 Detailed

PHP, ASP, CGI web applications security vulnerabilities updated since 04.07.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

09.07.2005 Detailed

IBM Tivoli Management Framework DoS   lcfp process allows only 1 connection in 5 minutes before authentication. It makes it possible to deny access to service for 5 minutes.   PrivaShare Peer-to-Peer Chat and File Sharing Application DoS   Denial of service on invalid network message.   Novell NetMail crossite scripting   Crossite scripting on attached HTML files.

Debian Linux apt-setup weak permissions   apt.conf file is created world readable.

Multiple Bugzilla bug tracking system vulnerabilities   It's possible to change bug flag and, under rare condition to view private bugs by unprivileged user.

07.07.2005 Detailed

6! Solaris unprivileged port hijacking updated since 20.04.2005   It possible to bind a process to a non-privileged network port, which already has been bound   Lotus Notes mail server crossite scripting   HTML attachment content is not filtered in Web interface.   Access Remote PC weak password encryption   Proxy server password is stored in cleartext in registry.

net-snmp TCP DoS   Error during connection-oriented protocols parsing.

TCP Chat DoS   DoS on invalid message format.

Windows XP / 2000 / 2003 / NT named pipes usernames information leak updated since 09.02.2005   It's possible to retrieve usernames of the users accessing network resources.

06.07.2005 Detailed

6! Adobe Acrobat Reader for unix buffer overflow   Buffer overflow in UnixAppOpenFilePerform() on /FILESPEC tag parsing. 6! Mozilla / Furefox / Thunderbird browsers GIF files buffer overflow updated since 24.03.2005   Buffer overflow on GIF file parsing.   gnats (GNU problem report management system) privilege escalation   By using -o option it's possible to overwrite local file with 'gnats' or 'root' user's privileges depending on installation.

05.07.2005 Detailed

6! Windows XP memory information leak   If WMI is used a part of RPC cache memory is not cleaned, making sensitive information leakage.   Centericq symbolic links problem   Symbolic links problem on temporary files creation.   KDE popper Windows messenged compatible message sender symbolic links problem   Symbolic links problem on temoprary file creation.

SpamAssassin and Vipul's Razor antispam filters DoS updated since 17.06.2005   CPU exhaustion on malcrafted e-mail headers.

ppxp ppp dialup client privilege escalation updated since 19.05.2005   Elevated privilieges are not dropped than external aplication is executed or log file is open.

Buffer overflow in PlanetWeb updated since 17.09.2002   Heap overflow on oversized GET request. Buffer overflow on oversized FTP request.

04.07.2005 Detailed

6! Courier Mail Server memory coruuption   Memory corruption on SPF DNS records processing.   log4sh symbolic links problem   Symbolic links problem during temporary files creation.

02.07.2005 Detailed

NetBSD audio drivers ioctl DoS   Division by zero during ioctl() processing fo few audio cards types.   PHP, ASP, CGI web applications security vulnerabilities updated since 27.06.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

01.07.2005 Detailed

6! Multiple hardware platforms hyper threading technology systems information leak updated since 13.05.2005   Unprivileged thread can read data from privileged thread memory from CPU cache memory.   Avaya Call Management System symbolic links problem   lpadmin symbolic links problem.   Hitachi Hibun privilege escalation   PCMCIA hard disks are treated as internal devices without copying limitations. Hibun Viewer allows privileges beyond View permissions.

Weak SSH Tectia Server key permission   Server's private key is open for reading.

PrevX Pro Intrusion Prevension System multiple vulnerabilities   Protection bypass be using memory mapping and internal syscalls, DoS.

Windows XP Service Manager race conditions updated since 22.04.2003   On some race conditions confidential information may appear in the files open by system services during system shutdown.