26.07.2011 Detailed

7! libpng library multiple security vulnerabilities   Multiple vulnerabilities on PNG parsing. 6! Apple iWork multiple security vulnerabilities   Memory corruptions on Word and Excel files processing. 6! Shibboleth / opensaml signature wrapping attacks   It's possible to spoof signed content.

6! Cisco ASR 9000 DoS   Crash on IP packet processing.

D-link DPH 150SE/E/F1 IP Phones multiple security vulnerabilities   Multiple web interface unauthorized access possibilities.

libsndfile buffer overflow   Buffer overflow on Ensoniq PARIS Audio Format (PAF) parsing.

opie security vulnerabilities   Privilege escalation, off-by-one buffer overflow.

Securstar DriveCrypt multiple security vulnerabilities   DoS, information leakage, privilege escalation.

HTC Android devices directory traversal   OBEX FTP bluetooth request directory traversal.

Likewise Open SQL injection   Privilege escalation is possible.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Apple iOS (iOS) security vulnerabilities updated since 18.07.2011   Privilege escalation, code execution via PDF documents.

kvm code execution updated since 06.07.2011   virtio commands processing code execution.

logrotate multiple security vulnerabilities updated since 06.04.2011   Race conditions, unfiltered shell characters vulnerability, DoS.

FreeRADIUS OCSP vulnerability   Revoked certificate may be used due to validation error.

Elitecore Cyberoam UTM crossite scripting   Crossite scripting in Web interface.

Wireshark sniffer DoS   Infinite loop on Lucent/Ascend files parsing.

22.07.2011 Detailed

9! Microsoft Internet Explorer multiple security vulnerabilities updated since 15.06.2011   mhtml handler cross application scripting, VML processor memory corruption, multiple internet explorer memory corruptions, information leakage.   Apache mod_authnz_external module SQL injection   SQL injection via username.   libvirt integer overflow

CA Gateway Security / Total Defense memory corruption   Memory corruption on TCP/8080 HTTP request parsing.

18.07.2011 Detailed

9! Oracle / Sun / Peoplesoft applications multiple security vulnerabilities updated since 13.10.2010   CPU closes nearly 90 of different vulnerabilities in different applications. 7! EMC Documentum eRoom   HummingBird Client Connector buffer overflow and code execution   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 18.07.2011   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Citrix Access Gateway ActiveX buffer overflow   Buffer overflow on server data parsing.

Alice 1111 ADSL modem security vulnerabilities   DoS, crossite scripting.

Apache Tomcat information leakage   Some security limitations are not checked for sendfile().

Torque Server buffer overflow   Buffer overflow on oversized job name.

Dell IT Assistant ActiveX information leakage   readRegVal allows registry values access.

14.07.2011 Detailed

6! apt GPG signature check vulnerability   GPG sugnatures are incorrectly validated. 6! PalTalk messenger ActiveX insecure methods   It's possible to save files into arbitrary locations.   OpenOffice memory corruption   Memory corruption on .lwp files import.

Sybase Advantage Server buffer overflow updated since 04.07.2011   Off-by-one overflow on TCP/6262, UDP/6262 traffic parsing. Format string vulnerability on TCP/5001 traffic processing.

13.07.2011 Detailed

7! Microsoft Windows multiple security vulnerabilities   Uninitialized memory reference in Bluetooth stack, multiple memory handling vulnerabilities in Windows kernel, multiple privilege escalations in CSRSS. 6! TrendMicro Control Manager security vulnerabilities   Integer overflow on TCP/20801 request handling. SQL injection.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Visio insecure DLL loading   Unsafe DLL loading on associated files opening.

11.07.2011 Detailed

7! Apache Santuario library buffer overflow   Buffer overflow on oversized key. 6! Blue Coat Authentication and Authorization Agent buffer overflow   Buffer overflow during TCP/16102 authentication process.   HP OpenView Communication Broker arbitrary files deletion   Arbitrary files deletion via TCP/383 service.

HP-UX Dynamic Loader Privilege Escalation

IDrive Online Backup ActiveX unsafe method   Unsafe SaveToFile() method

Aruba Airwave / ArubaOS crossite scripting   Crossite scripting with SSID.

Cisco Content Services Gateway DoS   Device may be crashed via ICMP packets.

aTube Catcher ActiveX insecure method   Isnecure ChilkatCrypt2.ChilkatOmaDrm.1 method allows to corrupt files.

09.07.2011 Detailed

7! ISC bind named DNS server DoS updated since 06.07.2011   Crash on request processing.   foobar2000 integer overflow   Integer overflow on WAV parsing.

06.07.2011 Detailed

8! OpenSSH buffer overflow   Buffer overflow on oversized username if pam_opie is enabled. 8! Apple Mac OS X multiple security vulnerabilities updated since 04.07.2011   DoS conditions, buffer overflows, information leaks, code execution in different subsystems. 7! PHP directory traversal   Directory traversal in RFC 1867 files upload.

6! Novell ZenWorks Handheld Management directory traversal   Directory traversal on TCP/2398 request processing.

6! NetBSD network functions buffer overflow   Buffer overflow on oversized argument in getservbyname() and getservbyport().

HP Intelligent Management Center User Access Manager code execution   Buffer overflow on TCP/9090 data processing.

HP OpenView Storage Data Protector multiple security vulnerabilities   Multiple vulnerabilities in TCP/5555 service.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco VPN client weak permissons   Weak installation permissions allow unprivileged user to overwrite executable.

WinAmp multiple security vulnerabilities updated since 04.07.2011   Multiple vulnerabilities on FLV and MIDI files parsing.

04.07.2011 Detailed

8! Apple QuickTime multiple security vulnerabilities updated since 12.12.2010   Memory corruptions on MPEG, Sorenson, AVI, JP2, FlashPix, GIF, PICT, QTVR and another video formats parsing. 7! Citrix EdgeSight buffer overflow   Buffer overflow on TCP/18747 request parsing. 6! Novell File Reporter Engine buffer overflow   Buffer overflow on TCP/3035 HTTPs response parsing.

Asterisk user account enumeration   Different replies on mismatched usernames and passwords.

pidgin instant messenger DoS   Memory exhaustion on GIF icons parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

smallftp DoS   Connection flood causes server to hang or crash.

Ashampoo 3D CAD ActiveX unsafe method   Unsafe SaveData method allows to create files.