31.08.2002 Detailed

7! Buffer overflow in Windows 2000/NT SMB protocol updated since 23.08.2002   Malcrafted SMB quiery into port 139/445 causes server to crash.

29.08.2002 Detailed

Privelege escalation in Webmin   User with Webmin admin priveleges can obtain root access.

28.08.2002 Detailed

6! Переполнение буфера в mIRC (buffer overflow) updated since 04.02.2002

Buffer overflow in linuxconf   Buffer overflow in environment variable parsing.   pipe problems in xinetd   Child process can access pipe descriptior used for internal signal handling.

mIRC buffer overflow   Buffer overflow in $asctime macro.

26.08.2002 Detailed

Belkin F5D6130 DoS   Number of SNMP GetNext Request packets causes AP to crash.   Kerio Personal Firewall DoS   SYN flood causes host to hang.   Multiple bugs in OmniHTTPD   Crossite scripting, information spoofing.

CGI bugs updated since 06.06.2002

25.08.2002 Detailed

Utstarcom backdoor   Builtin priveleged accounts field/*field and guru/*3nouguru.   CGI bugs updated since 15.08.2002         PHP safe mode bypass updated since 02.07.2001   Shell metacharcters are not checked in mail command

23.08.2002 Detailed

6! Microsoft Office Web Components unauthorized access   A number of unsafe functions.   Code execution via Light   If client connects to channel with special characters in name built in command may be executed.   Unixware ndcfg buffer overflow   Command line buffer overflow.

Multiple bugs in LG routers

Few bugs in linux kernel updated since 23.08.2002   Few bugs in different drivers and in /proc fs.

22.08.2002 Detailed

9! Solaris telnetd buffer overflow       6! Novell Netware rconj unauthorized access   During access via SSL user's password is not verified.   Multiple problems with Pingtel xpressa SIP Phones updated since 13.07.2002   Multiple problems leading to full remote access.

Crossite scripting in Apache Tomcat updated since 11.07.2002   It's posible to insert script in request to different servlett classes.

21.08.2002 Detailed

Tiny Personal Firewall DoS   DoS against audit subsystem on large amount of audit info, problem hadling spoofed packets with IP's from FW itself.   Internet Explorer/Mozilla/Opera local zone script execution via FTP folders updated since 07.06.2002   It's possible to script on local securty zone if FTP folder presentation is enabled.

20.08.2002 Detailed

6! Novell NetBasic multiple bugs   Buffer overflow, directory traversal. 6! Proxy error messages crossite scripting updated since 27.10.2000   In error message URL is not escaped, it makes it possible to inject javascript into URL.   Multiple bugs in Kerio Mail Server

Format string bug in WebEasyMail   Format string bug in SMTP command parsing.

Windows Apache directory traversal updated since 12.08.2002   It's possible to leave web rot folder by using backslash.

16.08.2002 Detailed

8! Windows 2000 Network Connection Manager privelege escalation   Callback function is called with system priveleges.   Cisco Content Service Switch unauthorized access   It's possible to access administrative interface without authentication.   Unauthorized file upload via Internet Explorer   It's possible to download file in known location or to determine location of cache by using htm files download or Web folders.

Unauthorized access via Google Toolbar updated since 08.08.2002

Buffer overflow in MyWebServer updated since 09.07.2002   Buffer overflow on oversized GET request.

15.08.2002 Detailed

6! Multiple bugs in Oracle Listener   Format string bug, DoS.

13.08.2002 Detailed

7! Signed/unsigned conversion bug in OpenBSD select() call   By passing negative argument to select() function it's possible to overwrite the fragment of kernel memory. 7! Multiple bugs in CDE ToolTalk updated since 11.07.2002   Incomplete input validation in different remote calls.   Buffer overflow in i4l   Buffer overflow in ipppd.

12.08.2002 Detailed

Unauthorized access in midicart   It's possible to obtain full user's database in file midicart.mdb.   Crossite scripting in Falcon   HTML symbols are not filtered in error messages.

09.08.2002 Detailed

8! iPlane chunked encoding buffer overflow   chunk-encoding POST request heap overflow.

08.08.2002 Detailed

6! Buffer overflows in Content Managment Server   Multipel buffer overflows 6! Buffer overflow in Eudora   Buffer overflow on MIME headers parsing.   Citrix MetaFrame DoS   Requesting large window size in javainterface causes server to crash.

iSCSI weak permissions   File /etc/iscsi.conf is open for writing.

BSD NFS DoS   Empty RPC packet causes cycling.

Unauthorized disk blocks access in FreeBSD ffs   Bug in maximum file size calculation allows to access disk blocks behind the file because of integer overflow.

FreeBSD kqueue DoS   Pipe with one end closed causes system panic after applying EVFILT_WRITE filter.

Buffer overflow in qmailadmin   Buffer overflow on environment variables parsing.

602Pro Lansuite DoS updated since 27.03.2001   Buffer overflow in GET-request, DOS-devices access.

Problems with different C-compilers.

Cisco RADIUS PAP-authentication cleartext password   In case of failed authentication password is sent in cleartext.

Argosoft Mailserver Pro DoS   User can cause message storm by using autoresponder.

03.08.2002 Detailed

Buffer overflow in Windows HELP   Buffer overflow during ActiveX companent invocation.   Buffer overflow in IBM U2 UniVerse ODBC         CGI bugs updated since 29.07.2002

SUN Answer Book buffer overflow updated since 21.05.2002   Buffer overflow in CGI and format string bug in dwhttpd.

bypassing kstat via linux kernel   It's possible to hide process from kstat