30.07.2009 Detailed

8! ISC bind named DNS server DoS updated since 29.07.2009   Crash on dynamic update message with ANY type (disablind dynamic updates doesn't eliminate problem).   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

29.07.2009 Detailed

6! Cisco IOS BGP DoS   Few denial of service conditions on BGP updates with 4-bytes AS numbers. 6! Linux eCryptfs buffer overflow   Buffer overflows on parse_tag_11_packet and parse_tag_3_packet functions.

HP servers with LO100i (HP Lights Out 100) DoS

Linux kernel DoS   NULL pointer dereference on /dev/kvm call handling.

Firebird SQL DoS   op_connect_request request with invalid paramters causes server to shutdown listening socket end enter infinite loop.

28.07.2009 Detailed

6! OpenEXR multiple security vulnerabilities   Integer overflow, buffer overflow, uninitialized pointer. 6! Google Chrome crossite scripting   Crossite scripting with chrome://history/ and view-source:chrome://history/ 6! Squid multiplesecurity vulnerabilities   Multiple denial of service conditions.

27.07.2009 Detailed

7! Linux kernel privilege escalation updated since 20.07.2009   Error in NULL pointer dereference error handling. 6! Cisco Wireless LAN Controllers multiple security vulnerabilities   Buffer overflow on authentication in embedded Web-server, multiple DoS conditions, unauthorized access to some ocnfiguration commands.   The Movie Player / VLC Media Player integer overflow   Integer overflow on Real stream parsing.

NcFTPd privilege escalation   By symlinking .message file it's possible to obtain content of the file behind FTP root.

MySQL format string vulnerabilities   COM_CREATE_DB, COM_DROP_DB format string vulnerabilities

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Mozilla Firefox URL spoofing   It's possible to spoof error text on invalid URL.

24.07.2009 Detailed

8! Adobe Flash Plasyer memory corruption   Memory corruption on Flash parsing.   Communigate Pro crossite scripting   Crossite scripting on URLs inside message.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Asante FM2008 backdoor account updated since 16.12.2004   Undocumented superuser/asante account.

23.07.2009 Detailed

7! Apple iPhone memory corruption   Integer overflow on CSS processing leads to memory corruption. 6! Akamai Download Manager ActiveX code execution   It's possible to download and execute code without user intervation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

22.07.2009 Detailed

8! Multiple Mozilla Firefox security vulnerabilities   Multiple memory corruptions, crossite access, integer overflows, buffer overflows. 6! Novell Privileged User Manager code execution   It's possible to load dynamic libraries (including ones from network shares) by user's request.

21.07.2009 Detailed

NASA CDF library multiple security vulnerabilities   Memory corruptions in ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), CDFsel64() functions.   Multiple browsers DoS updated since 16.07.2009   select() method doesn't limie the number of selected elements, leading to resources exhaustion.

20.07.2009 Detailed

6! net-snmp multiple security vulnerabilities updated since 10.11.2008   Buffer overflow in snmp_get, integer overflow in SNMP agent.   Real Helix Server DoS   DoS on RTSP and SETUP requests handling.   dbus DoS   Denial of Service via dbus_signature_validate.

19.07.2009 Detailed

Multiple browsers DoS   Crash or resources exhaustion on oversized unicode string operations via Javascript.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.07.2009 Detailed

6! Terratec HomeCinema multiple security vulnerabilities   System libraries are replaced with outdated viersions during installation process in insecure manner. 6! PulseAudio race conditions   Race condition on temporary files creation allow symlink attack.   Android camera and audio control bypass   Access control is only checked on application request.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.07.2009 Detailed

Cisco Unified Contact Center Express multiple security vulnerabilities   Directory traversal and crossite scripting via administration page.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Microsoft Office Publisher uninitialized pointer dereference updated since 14.07.2009   Uninitialized pointer dereference on older Publisher format conversion.

15.07.2009 Detailed

9! Microsoft Video ActiveX code execution updated since 07.07.2009   ActiveX vulnerability is actively for hidden malware installation. 6! ISC DHCP client buffer overflow   Buffer overflow on network mask processing.   Microsoft Virtual PC / Microsoft Virtual Server privilege escalation   Acceess to certain privileged instructions is not checked within virtual machine.

14.07.2009 Detailed

7! Microsoft DirectShow multiple security vulnerabilities   Multiple DoS conditions and memory corruptions on Apple QuickTime formats processing. 7! Mozilla firefox memory corruption   Memory corruption during javascript processing. 6! HP ProCurve Threat Management Services zl Module multiple security vulnerabilities   DoS conditions, unauthorized access.

6! libtiff multiple security vulnerabilities updated since 07.07.2009   Crash on LZWDecodeCompat. Potantial integer overflows in tiff2rgba and rgb2ycbcr.

Microsoft ISA Server RADIUS authentication bypass   It's psosible to bypass form-based authntication if server is set to use RADIUS authentication with One Type passwords.

Novell eDirectory iMonitor buffer overflow   Off-by-one overflow on HTTP Accept-Language: header.

13.07.2009 Detailed

7! Wyse terminals buffer overflow   Buffer overflow in hagent.exe   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

12.07.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

10.07.2009 Detailed

HTC handheld PCs directory traversal   Bluetoth stack OBEX FTP directory traversal.   Mozilla Firefox / Microsoft Internet Explorer / Opera /Google Chrome DoS updated since 26.05.2009   Hang on circle with large radius value in SVG tags. Hang and memory leak on reload with keygen tag.

09.07.2009 Detailed

6! Symbian / Nokia N96 multiple security vulnerabilities updated since 06.07.2009   Memory corruption on different multimedia formats.   Apache DoS   Data exceeding Content-length value causes CPU exhaustion. mod_deflate doesn't break file compress operation if client disconnects.   Awingsoft Awakening Winds3D Viewer unauthorized access   Code execution, file system access.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

MySQL COM_CREATE_DB format string vulnerability   Format string vulnerability via databse name.

IBM Lotus Sametime Instant Messaging and Web Conferencing   Different reply timeings in case for invalid username and password.

08.07.2009 Detailed

6! Linux kernel multiple security vulnerabilities   RTL8169 driver DoS, deadlock in inode processing code.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

07.07.2009 Detailed

Avax Vector ActiveX buffer overflow   Heap buffer overflow via PrinterName property.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 07.07.2009   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   TekRADIUS privilege escalation

Pidgin instant messenger DoS   Memory exhaustion on OSCAR (ICQ) ICQWebMessage message processing.

Photo DVD Maker buffer overflow   Buffer overflow on .PDM files parsing.

06.07.2009 Detailed

7! Apple iPhone memory corruption   Memory corruption on SMS messages parsing.   Dillo browser integer overflow   Integer overflow on PNG parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

xscreensaver symbolic links vulnerability updated since 05.07.2009   It's possible to obtain content of any file via ~/.xscreensaver symlink.

05.07.2009 Detailed

Sun One WebServer source code disclosure   It's possible to obtains page source code via alternate NTFS streams (http://server/hello.jsp::$DATA)

03.07.2009 Detailed

7! FreeBSD multiple security vulnerabilities updated since 07.09.2008   mount / nmount syscall implementcation buffer overflow. amd64 CPU registers privilege escalation. DoS через ICMPv6. 6! Soulseek buffer overflow   Buffer overflow on file search functionality. 6! phion airlock Web Application Firewall multiple security vulnerabilities   DoS, code execution.

HP-UX nfs utilities DoS

Sourcefire 3D Sensor / Sourcefire Defense Center privilege escalation   Web interface privilege escalation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ModSecurity multiple security vulnerabilities   Few denial of service conditions.

Multiple Axesstel MV 410R wireless router security vulnerabilities   Crossite scripting, devica access from WAN, default account.

Artofdefence Hyperguard Web Application Firewall DoS   Denial of service via memory exhaustion.

01.07.2009 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.