30.08.2004 Detailed

9! Netscape NSS libraries buffer overflow updated since 25.08.2004   Buffer overflow during SSL negotiation. 6! Gaucho buffer overflow   Buffer overflow on oversized Content-Length: field. 6! Cisco IOS telnet DoS   Specially crafted telnet or reverse telnet connection causes all TCP based services to fail.

6! Cisco Secure ACS multiple bugs   TCP requests flood DoS, LEAP DoS, anonymous access if Novell Directory Service with anonymous account enabled is used, weak protection against connection hijacking.

6! Heimdal ftpd/tnftpd/lukemftpd signal handling race conditions updated since 19.08.2004   Problem with OOB data processing.

6! CDE libDtHelp buffer overflow updated since 05.11.2003   Buffer overflow on DTHELPUSERSEARCHPATH/LOGNAME variable parsing.

Samba Printer Change Notification DoS   DoS on FindNextPrintChangeNotify request processing.

a2ps shell characters code execution

ignitionServer DoS   Insufficient restrictions on the "SERVER" command can be exploited by clients to introduce non-existing servers to the network.

linux kernel information leak   /proc problems hit again

zlib DoS updated since 30.08.2004

Top Layer Attack Mitigator IPS 5500 DoS   2000 concurrent HTTP sessions causes 100% CPU usage.

OpenBSD bridging ICMP DoS   If bridging is used, ICMP echo packet causes system to crash.

Ipswitch WhatsUp buffer overflow   Buffer overflow in _maincfgret.cgi

Microsoft Outlook Express information leak   Bcc: header may not be stripped for partial multipart MIME message.

NtRegMon DoS   NULL pointer dereference during ZwSetQueryValue hook processing.

27.08.2004 Detailed

7! Entrust libKmp buffer overflow   Buffer overflow during incoming ISAKMP request processing. 6! JRE/JDK/WINAMP/ICQ/MediaPlayer sound schema files download updated since 17.07.2002   ICQ sound schemas are downloaded without user's intervation. It allows to upload file to known location.   D-Link DI-624/NetworkEverywhere NR041 crossite scripting updated since 03.07.2004   Information from DFHCP request is shown on web administration page without filtering.

25.08.2004 Detailed

icecast crossite scripting   Crossite scripting in User-Agent.   imwheel symbolic links problem   PID file is created in /tmp directory   MusicDaemon unauthorized access   It's possible to obtain any file remotely.

Bird Chat DoS

Solaris dtmail format string bug   format string bug in argv[0] allows privilege escalation to gid group.

CGI bugs updated since 17.08.2004

Hafiye terminal characters injection   It's possible to inject terminal ESC sequences.

22.08.2004 Detailed

&RQ buffer overflow   Authorization request buffer overflow.   sarad buffer oveflow   Multiple buffer overflows.

19.08.2004 Detailed

8! glibc LD_DEBUG privilege escalation   glibc allows LD_DEBUG to be applied to suid binaries. 6! Cisco IOS OSPF DoS   Malformed OSPF packet causes router to reboot.   HP-UX network applications DoS

CVS information leak   By using undocumented -X key for 'cvs history' command it's possible to check existance of system files.

aGsm buffer overflow   Bufer overflow during Half-Life server reply analisys.

IPD NULL pointer DoS   ZwOpenSection hook NULL pointer dereference problem.

Courier-imap debugging format string   Pre-authentication format string bug in debugging function.

IPSwitch Imail password decryption   Password are stored with reversable encryption as required for secure authentication.

17.08.2004 Detailed

6! rsync directory traversal updated since 02.05.2004   It's possible to bypass directory traversal protection by adding few slashes into path.   NETGEAR DG834G unauthorized access   It's possible to switch router to debug mode with unauthorized root access.   Multiple Adobe Acrobat Reader bugs   Shell metacharacters problem, uudecode buffer overflow.

13.08.2004 Detailed

Nessus symbolic links problem   adduser temporayr files symlink problem.   Multiple vpopmail bugs   Buffer overflows, SQL injection in SyBase access module.

12.08.2004 Detailed

6! Multiple GAIM bugs   Buffer overflows on parsing MSN protocol.   Multiple KDE bugs   Multiple symbolic links problems, Konqueror frame spoofing.   Clearswift Mimesweeper directory traversal

ISS BlackIce buffer overflow   Buffer overflow on configuration reading.

CGI bugs updated since 09.08.2004

11.08.2004 Detailed

Sygate Enforcer broadcast protection bypass and DoS   Broadcast packets are not filtered. It's possible to cause device shutdown by sending malformed broadcast packet to UDP/39999.   Sygate Secure Enterprise replay attacks   Weak cryptography in communications between server and client doesn't protect against replay attacks.   Port80 Software ServerMask protection bypass   Multiuple remote server type detection methods are available.

HP-UX PRM data corruption

10.08.2004 Detailed

7! cfengine memory corruption   Heap corruption during authentication.   Spamassassin DoS   Malcrafted message can cause service to crash.   JAVA XSLT processor XML sniffing   It's psosible to sniff XML data from different application domain.

09.08.2004 Detailed

AOL Instant Messenger buffer overflow   Buffer overflow in aim:goaway URI handler.   VentaFax Privilege escalation   VentaEngine (available via systray) runs with Local System privilege. On double click file selsction meny is open. It allows "Execute" command to be choosen for executable files.   Serv-U privilege escalation   With SITE EXEC command from local interface it's possible to execute any command with system privileges.

06.08.2004 Detailed

BlackJumboDog buffer overflow   Buffer overflow in FTP PASS command.   CGI bugs updated since 02.08.2004

05.08.2004 Detailed

Linux kernel integer types conversion problems.   It's possible to access kernel memory because of inters conversion bug in 64bit file API (for example llseek).   PUTTY/PSCP buffer overflows updated since 04.08.2004   Few buffer overflows.

04.08.2004 Detailed

6! thttpd for Windows directory traversal   Directory traversal by using backslash.   Datakeys tokens/smart cards weak encryption   All data between computer and device are transmitted unencrypted.   StackDefender DoS   Invalid pointer dereference on few API hooks.

03.08.2004 Detailed

6! Netscape/Mozilla SOAP integer overflow   Integer overflow in SOAPParameter object constructor.   USRobotics USR8054 buffer overflow   Buffer overflow on oversized GET request to builtin HTTP server.

02.08.2004 Detailed

7! Multiple Internet Explorer vulnerabilities   Integer overflow on .BMP parsing, double free() on GIF parsing, new ms-its: vulnerability variant. 6! UnixWare/OpenServer/Open Unix XSco buffer overflow   Buffer overflow on fonts aliases reading. 6! Citadel/UX buffer overflow   Stack overflow on oversized USER command to citadel (TCP/504) port.

Webbsyte Chat DoS   DoS on large number of connections.

MailEnable HTTPMail buffer overflow   Buffer overflow on oversized Content-Length.

Windows XP/Windows 2003 DoS   Flood with WinKey+U from consoles or via RDP before logon causes memory exhaustion.

Mozilla XUL interface spoofing   By using XML based language it's possible to spoof browser interface.