27.07.2015 Detailed

Cisco Videoscape Delivery System DoS   It's possible to reload device with HTTP request.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   libuser / userhelper security vulnerabilities   Unsafe files handling, insufficient characters filtering.

LXC directory traversal   Directory traversal on lock files creation.

Elastic Logstash directory traversal updated since 14.06.2015   Directory traversal in file output plugin.

26.07.2015 Detailed

8! Google Chrome / Chromium multiple security vulnerabilities   Restrictions bypass, multiple memory corruptions, crossite scripting.

6! EMC Avamar directory traversal   6! Cisco Unified MeetingPlace password reset   It's possible to change password without entering previous one and session validation.

6! FreeBSD DoS   Resources exhaustion via LAST_ACK state connections.

Cisco Application Policy Infrastructure Controller privilege escalation   It's possible to obtain root access.

Cisco IOS DoS   DoS in TFTP server.

20.07.2015 Detailed

8! Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities updated since 20.07.2015   Quarterly CPU fixed over 170 different vulnerabilities. 7! Elasticsearch security vulnerabilities   Code execution, directory traversal.   tidy security vulnerabilities   Buffer overflow and integer overflow on HTML parsing.

freexl library DoS   DoS on Excel document parsing.

Apache security vulnerabilities   DoS, few potential vulnerabilities.

TOTOLINK routers multiple security vulnerabilities   Code execution, backdoor account, CSRF, XSS.

19.07.2015 Detailed

9! Microsoft Windows multiple security vulnerabilities   Internet Explorer and VBScript multiple security vulnerabilities, RDP code execution, Hyper-V code execution, multiple privilege escalations. 8! Microsoft Office multiple security vulnerabilities   Memory corruptions, DLL planting, restrictions bypass. 8! Adobe Reader / Acrobat multiple security vulnerabilities   Buffer overflows, memory corruptions, information disclosure.

8! Adobe Flash Player multiple security vulnerabilities   Multiple memory corruptions, buffer overflows, information disclosure.

6! Adobe Shockwave Player security vulnerabilities   Memory corruptions.

14.07.2015 Detailed

6! libwmf multiple security vulnerabilities   Multiple memory corruptions. 6! Cisco ASA multiple security vulnerabilities   Multiple DoS conditions, commads injections, information disclosure, certificate validation bypass.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

VMWare applications privilege escalation   Weak executable file DACL.

ipTime routers code execution   Code execution via shell characters injection into DHCP request hostname.

AirLive IP cameras commands injection   Few commands injection possibilities.

AirLink101 SkyIPCam1620W commands injection   Commands injection, hardcoded credentials.

EMC RecoverPoint for Virtual Machines restriction bypass   Privilege escalation.

stunnel authentication bypass   Authentication is possible if redictions are used.

Android backup content spoofing   Malware application can spoof content of the adb backup.

13.07.2015 Detailed

8! PHP multiple security vulnerabilities   Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure. 8! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Multiple NSS cryptography vulnerabilities, memory corruptions, restriction bypasses, information disclosure, privilege escalation.   HAProxy information disclosure   Under some conditions, data from previous request can be obtained.

cups-filters buffer overflow   texttopdf buffer overflows.

pdns recursor DoS   CPU exhaustion and crash on processing name that refers to itself.

ntpd DoS   Crash is possible under specific conditions.

ISC bind named DoS   Crash on DNSSEC validation.

09.07.2015 Detailed

8! OpenSSL restrictions bypass   Certificate without CA flag can be validated as a valid signing certificate.

05.07.2015 Detailed

8! Apple Mac OS X / EFI multiple security vulnerabilities   Privilege escalation, information disclosure, multiple memory corruptions. 7! Apple iOS multiple security vulnerabilities   DoS, certificate trust vulnerabilities, multiple memory corruptions, information disclosure, weak cyphers, code execution. 7! Apple QuickTime multiple security vulnerabilities   Multiple memory corruptions on different formats handling.

7! Apple Safari / Webkit multiple security vulnerabilities   Multiple memory corruptions.

6! Apache Storm code execution   Code execution on the web server.

IBM Domino Web Server crossite scripting

Polycom RealPresence Resource Manager multiple security vulnerabilities   Information disclosure, privilege escalation, directory traversal.

Microsec e-Szigno / Netlock Mokka content spoofing   Signed content spoofing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 05.07.2015   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

unattended-upgrades man-in-the-middle   Under some conditions package spoofing is possible.

libcrypto++ timing attacks   Rabin-Williams algorithm timing attacks.

HP-UX privilege escalation   pppoec privilege escalation.

EMC Isilon OneFS code execution   Command injection in web administration.

ipTIME code execution updated since 19.04.2015   Code execution via web interface.