31.07.2008 Detailed

6! RealPlayer multiple security vulnerabilities updated since 25.07.2008   Buffer overflow on SWF files parsing. ActiveX memory corruption. ActiveX arbitrary files deletion.

30.07.2008 Detailed

6! ffmpeg library code execution   Memory corruption on STR files parsing.   Unreal Tournament multiple security vulnerabilities   Memory corruption, NULL pointer dereference on network packet parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: crossite scripting, automation protection bypass.

poppler library DoS   Problem with PDF file widgets initialization.

29.07.2008 Detailed

6! AVG antivirus DoS   Division by zero on UPX files parsing. 6! Multiple DNS servers and clients DNS records spoofing updated since 12.07.2008   DNS poisoning attack may be used to spoof query results.   DoS through HP OpenView Internet Services Probe Builder   It's possible to terminate any system process through TCP/32968

Axesstel CDMA-routers unauthorized access   It's possible to access configuration pages directly without password.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 26.07.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FireStats WordPress plugin: crossite scripting, automation protection bypass, DoS, information leak, unauthorized access.

26.07.2008 Detailed

Apple Safari memory corruption   memory corruption on stylesheets parsing.   Cygwin setup packages spoofing   Package source authentity is not checked during installation procedure.

24.07.2008 Detailed

Asterisk multiple security vulnerabilities   Traffic amplification, DoS with resouurces exhaustion.   Wireshark sniffer DoS   Application crash on network traffic parsing.   Agnitum Outpost protection bypass   File protection bypass with special characters in filenames.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Nucleus: information leak, SQL injection, crossite scripting, automation protection bypass.

22.07.2008 Detailed

6! EMC Dantz Retrospect backup server and lcient multiple security vulnerabilities   Password recovery from hash for both server and client, memory corruption, DoS.   ZDaemon games server DoS   NULL pointer dereference on malformed network packet.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PostNuke: crossite scripting, automation protection bypass.

SmbClientParser shell characters vulnerability   Shell characters vulnerability with shared folder names.

19.07.2008 Detailed

6! HP Select Identity unauthorized access   Unauthorized access via Active Directory Bidirectional LDAP Connector.   afuse shell characters problem   Privilege escalation with shell characters in filenames.   F-Prot antivirus DoS   Out-of-bound memory access on CHM files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contrexx CMS: crossite scripting, registration automation.

Oracle SQL injection lateral attacks updated since 27.04.2008   SQL injection into uncontrolled PL/SQL procedires is possible with e.g. modification of data format with ALTER SESSION.

18.07.2008 Detailed

7! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Array index overflow on CSS parsing, crash on GIF processing under Mac OS X, code execution on command-line launch with URI. 6! PCRE buffer overflow updated since 18.07.2008   Buffer overflow on regular expression compilation.   Velocity Web Server directory traversal

vim Netrw plugin code execution   Directory name shell characters vulnerability.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 18.07.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CNCat: crossite scripting.

bluez bluetooth stack memory corruption   Memory corruption on SDP packet parsing.

15.07.2008 Detailed

Simple DNS Plus DoS   Server crash on receiving few responses to single request.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. phpWebSite: automated registration, crossite scripting.

12.07.2008 Detailed

7! Sun Java multiple security vulnerabilities   8 different vulnerabilities, including privilege escalation, sandbox protection bypass and code excutions. 6! Novell eDirectory multiple security vulnerabilities   Integer overflows, memory corruptions. 6! Apache multiple DoS conditions   mod_proxy requests recursion, mod_ssl memory leak.

Apple Core Image Fun House buffer overflow   Buffer overflow on .funhouse files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

vsftpd FTP server memory leak updated since 12.07.2008   Memory leak on invalid authentication attempt leads to memory exhaustion.

Microsoft Outlook Web Access crossite scripting updated since 09.07.2008   Crossite scripting on different pages.

10.07.2008 Detailed

6! libpoppler library uninitialized pointer updated since 09.07.2008   Uninitialized pointer dereference on PDF parsing. 6! Microsoft SQL Server multiple security vulnerabilities updated since 09.07.2008   Buffer overflows, memorry corruptions, information leak.   WeFi information leak updated since 04.07.2008   Log files are stored in world-readable folder.

09.07.2008 Detailed

7! Microsoft Windows Explorercode execution   Problem while parsing saved search files .search-ms. 6! HP OpenView Network Node Manager multiple security vulnerabilities   Unauthorized access, code execution. 6! Microsoft Windows DNS server and DNS client DNS reply spoofing updated since 14.11.2007   Weak pseudo-random generator is used to generate DNS request ID.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 09.07.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RavenNuke: CAPTCHA bypass.

F5 FirePass SNMP DoS   Crash on 1.3.6.1.2.1.25.6 traversing.

07.07.2008 Detailed

7! PCRE library buffer overflow   Buffer overflow on regular expression compiling.

05.07.2008 Detailed

6! Microsoft Outlook information leak (callback)   By setting CA certificate URL field in certificate used for message signing, it's possible to force Outlook to issue HTTP request without user intervation.   Novell GroupWise Messenger Client buffer overflow   Buffer overflow on MSN server response parsing.

04.07.2008 Detailed

Mercurial version control system unauthroized access   Directory traversal.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. SLAED CMS: CAPTCHA bypass, crossite scripting.

03.07.2008 Detailed

9! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Multiple memory corruptions, code execution, certificate spoofing, .jar files signature spoofing, etc. 6! Ruby multiple security vulnerabilities updated since 27.06.2008         QNX phgrafx privilege escalation   suid root utility buffer overflow on .pal files parsing.

SÖLDNER - Secret Wars games server DoS   CPU exhaustion on network packet parsing.

- HP System Management Homepage crossite scripting

02.07.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

01.07.2008 Detailed

6! S.T.A.L.K.E.R. game server multiple security vulnerabilities   Integer overflows, buffer overflows.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke 8.1.1 Discontrol - automation protection bypass.