31.08.2005 Detailed

6! Symantec Antivirus / Symantec Client Security privilege escalation updated since 26.08.2005   With help subsystem it's possible to execute code with LocalSystem privileges.   ELSA Lancom information leak   Administrative password can be obtained by remote user in cleartextwith Web interface.   BTDT BitTorent port DoS   Null HTTP header integer underflow.

Adobe Version Cue multiple vulnerabilities updated since 24.08.2005   Executable files are writable. It's possible to attach user's library to suid executable. Symbolic links problem.

29.08.2005 Detailed

Multiple BFCommand & Control Server Manager game servers management utility vulnerabilities   Authentication bypass, privilege escalation, DoS.

ntpd incalid gid usage   Invalid processing of -u parameter causes ntpd to start with invalid gid.

28.08.2005 Detailed

6! HP OpenView unfiltered shell characters updated since 26.08.2005   It's possible to execute code with request like http://[host]:3443/OvCgi/connectedNodes.ovpl?node=a| [your command] |   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 22.08.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Nokia Affix Bluetooth multiple vulnerabilities updated since 25.04.2005   Integer overflow on socket creation. Buffer overflow in btftp client. btsrv/btobex unfiltered shell characters problem. popen() unfiltered shell characters.

26.08.2005 Detailed

7! Sophos antiviral applications and libraries buffer overflow   Heap overflow on parsing Visio files data. 6! Apache web server DoS   Wide HTTP request byterange paramters for CGI application leads to memory exhaustion. 6! Sun Solaris DHCP utilities and DHCP client privilege escalation updated since 27.01.2005

CVS concurent versions system symbolic links vulnerability   cvsbug.in script symbolic links problem during temporary files creation.

simpleproxy proxy server format string vulnerability   Format string bug on parent HTTP proxy server reply parsing.

Quake 2 Lithium mode format string bug   Format string bug on parsing player's nickname.

HP-UX Veritas file system unauthorized access

libpam-ldap authentication bypass   Result of an attempt to authenticate against an LDAP server that does not set an optional data field is ignored.

Astaro security Linux default configuration multiple vulnerabilities   It's possible to access 127.0.0.1 with CONNECT proxy, Webmin directory traversal, crossite scripting.

LapFTP FTP client buffer overflow   Buffer overflow on .LSQ filees parsing.

BEA WebLogic crossite scripting   Crossite scripting in administration console.

Home FTP Server directory traversal   It's possible to obtain any file from remote system.

24.08.2005 Detailed

6! Hauri antiviral products buffer overflow   Buffer overflow on parsing ACE archives.   QNX inputtrap unauthorized files access   -e flag allows to specify input file, file ownership and privileges are not checked.   mplayer movie player buffer overflow   Buffer overflow on video file audio header.

ZipTorrent BitTorrent client information leak   Proxy server path is stored in local readable file.

Ventrilo VoIP sotware DoS   DoS on parsing incoplete UDP message of status service (UDP/3784).

23.08.2005 Detailed

7! Multiple Computer Associates software vulnerabilities updated since 22.08.2005   CA Message Queuing service buffer overflow, DoS and privilege escalation. 6! Microsoft IS error pages information leak   Request variable SERVER_NAME controllable by client is used to validate server access. 6! mutt mail agent buffer overflow updated since 18.08.2005   Buffer overflow on parsing messages from mailbox.

slocate file search utility DoS   updatedb fails to handle long directory paths.

Cisco Intrusion Prevention System privilege escalation   Users with OPERATOR or VIEWER privileges can gain full administrative control.

Cisco Monitoring Center for Security / CiscoWorks Management Center SSL certificate spoofing   Bug in certificate validation allows to spoof IDS / IPS certificate.

22.08.2005 Detailed

7! Multiple MacOS X vulnerabilities updated since 18.08.2005   Apple Mac OS X Directory Services contains a buffer overflow, Apple Mac OS X Server servermgrd authentication vulnerable to buffer overflow, Apple Mac OS X AppKit vulnerable to buffer overflow via the handling of maliciously crafted rich text files, Apple Mac OS X AppKit vulnerable to buffer overflow via maliciously crafted Microsoft Word files, Apple Mac OS X Safari vulnerable to arbitrary command execution via URLs in PDF files, Apple Safari fails to perform security checks on links in rich text content. 6! elm mail agent buffer overflow   Buffer overflow on oversized Expires: e-mail header. 6! Linux kernel multiple vulnerabilities   Multiple DoS conditions, code execution while mounting compressed ISO file system, IPSec protection bypass by local user.

6! Lotus Domino weak files permissions updated since 14.08.2005   Database names.nsf with password hashes is world readable.

LM Sensors symbolic links problem   Unsafe temporary files creation.

ProcessExplorer system monitoring tool buffer overflow   Buffer overflow during parsing of CompanyName and VersionInfo PE file headers of running process.

21.08.2005 Detailed

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 15.08.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.08.2005 Detailed

6! Hauri antivirus directory traversal   Directory traversal during archive antiviral checking. 6! tor anonymity, integrity and confidentiality loss   DH handshake flaw causes situation first hop malicious server can lear all keay of client negotiation for the rest of the circuit.   Multiple OpenVPN DoS conditions   Problem with OpenSSL errors handing, memory exhaustion, race conditions.

Unauthorized Cisco Clean Access virus isolation solution API access updated since 17.08.2005

libtiff TIFF graphics library DoS updated since 29.07.2005   Crash on zero YCbCr subsampling value.

18.08.2005 Detailed

9! Multiple Microsoft Internet Explorer vulnerabilities updated since 09.08.2005   Memory corruption on JPEG files parsing, memory corruption on COM object installation, crossite scripting with Web folders. 6! Adobe Acrobat / Adobe Acrobat Reader buffer overflow   Buffer overflow in plugin module. 6! Unauthorized Linksys wireless access points access   Clients without WPA Personal/TKIP authentication can access device with authentication enabled.

Multiple Xerox Document Centre web interface vulnerabilities   Unauthorized access, DoS, crossite scripting.

Juniper Netscreen VPN user enumeration   Different reply for existing user in IKE.

Open DC Hub buffer overflow   $RedirectAll command buffer overflow.

SafeHTML content filtering bypass   It's possible to bypass content filtering by using UTF-7 encoding.

bluez-utils unauthorized bluethooth access updated since 17.08.2005   Improper validation of bluetooth device name.

Sun StorEdge 6130 disk array unauthorized access updated since 13.05.2005

osh restricted shell buffer overflow updated since 17.02.2005   Buffer overflow during command parsing.

Novell GroupWise client memory cleartext passwords   Cahed password is stored cleartext in memory.

17.08.2005 Detailed

World Poker Championship game buffer overflow   Buffer overflow on oversized player's name.   Multiple HP Ignite-UX deployment tool vulnerabilities   /etc/passwd copy is available via TFTP, TFTP filesystem is world writable.   ifenslave / iwconfig network device management utilities buffer overflow   Buffer overflow on parsing command lines arguments.

Hummingbird FTP client weak encryption   Profiles are "encrypted" by XOR'ing with fixed byte value (0x7d).

15.08.2005 Detailed

KDE langen2kvtml symbolic links problem   Insecure temporary file creation.   Multiple MindAlign instant messenger vulnerabilities   Information leak, authentication bypass, crossite scripting, weak encryption, DoS.

14.08.2005 Detailed

6! Veritas Backup Exec unauthorized access updated since 13.08.2005   It's possible to retrieve any file from TCP/10000.   Grandstream Budge Tone IP phone DoS   Large datagrame to UDP/5060 port causes device to hang.   Multiple Mentor ADSL router vulnerabilities   Undocumented Web-interface TCP/5678, no passwords in default configuration, DoS, cleartext passwords in configuration file.

JaguarControl ActiveX buffer overflow   Buffer overflow on Jtex paramters on Jtex paramter.

Whisper passwords manager cleartext password   Passwords are visible in cleartext in process memory. Password for password store is not used in ecnryption, allowing to restore passwords from password file.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 08.08.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

13.08.2005 Detailed

6! Kaspersky Antivirus for Unix / Linux weak default file permissions   Weak folder permissions allow to overwrite any system file with symlink attack.

12.08.2005 Detailed

6! Novell eDirectory iMonitor for Windows buffer overflow   Buffer overflow in dhost.exe process. 6! Linux NFS Network File System buffer overflow   Buffer overflow on parsing nfsacl protocol XDR data. 6! Nortel Contivity VPN Client privilege escalation updated since 11.08.2005   File open dialog exllows to execute file with LocalSystem privileges.

6! Microsoft Windows Plug and Play service buffer overflow updated since 09.08.2005   Stack overflow on named pipes request processig.

Wise WinTerm thin client windows terminal DoS   Device crash on zero IP options.

Network Associates ePolicy Orchestrator Agent privilege escalation   By creating junction point (NTFS hard link) it's possible to access files with privileges of local system.

11.08.2005 Detailed

6! Linksys WLAN Monitor privilege escalation   It's possible to execute application with LocalSystem privileges from Help system.   HP Proliant Server ILO unauthorized access   Unuathorized access is possible through Integrated Lights Out firmaware if server is powered off but power cord is unplugged.

10.08.2005 Detailed

6! Gaim instant messenger buffer overflow   Buffer overflow on away message displaying. 6! Multiple Evultion e-mail agent and groupware client format string vulnerabilities   Format string bugs on vCard format parsing, LDAP server reply parsing, remote server tasks displaying. 6! Microsoft Windows RDP protocol DoS updated since 09.08.2005   Bug in RDP protocol parsing causes system to crash and restart.

Sun Solaris printd print daemon unauthorized files access   It's possible to remove arbitrary files with printd user's privileges.

Veritas NetBackup backup suite DoS (fake) updated since 23.07.2005   Crash with NULL-pointer reference on invalid timestamp value. Because error occures is child process it doesn't affects any functionality.

09.08.2005 Detailed

6! Microsoft Windows print Spooler service buffer overflow   Buffer overflow on named pipes request processing. 6! Multiple Microsoft Windows Kerberos service vulnerabilities   DoS on protocol parsing. Ability so spoof server on smart card authentication. 6! Microsoft Windows Telephony service privilege escalation

6! MySQL user defined functions multiple vulnerabilities   Buffer overflow on oversized user defined function name. DoS, directory traversal and privilege escalation on external functions invocation.

Linux kernel keyring management DoS   System crash on attempt to delete uninstantiated keyring. Semaphore leakage on KEYCTL_JOIN_SESSION_KEYRING operation.

FFTW symbolic links problems   fftw-wisdom-to-conf.in symbolic links problem on temporary files creation.

Wine Windows Windows on Unix emulator symbolic links problem updated since 14.03.2005   Unsafe temporary files creation.

06.08.2005 Detailed

EMC Navisphere Manager Directory Traversal Vulnerability   Web interface directory traversal.   NetworkActiv Web Server Cross-Site Scripting   Crossite scripting with error messages on requests like http://[host]/?">[code].   SUN McDATA switches broadcast storm   Device replyes to the packets with broadcast source address making it possible to DoS network with broadcast strom.

Linux kernel XFRM array overflow

PHP, ASP, CGI web applications security vulnerabilities updated since 01.08.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple Lantronix SecureLinx console server vulnerabilities updated since 08.07.2005   SSH keys and log files are accessible through Web interface. Unsfae file permissions. Directory traversal. Privilege escalations, buffer overflows.

05.08.2005 Detailed

nCipher Cryptographic Hardware Interface Library cryptographic weakness   On process forking random bytes cache is not clearing, leading to same (pseudo)random sequence is generated with few child processes.

04.08.2005 Detailed

Metasploit Framework Defanged mode protection bypass   It's possible to overwrite _Defanged environment variable with StateToOptions() function.   Debian Linux apt-cacher code execution         GXT Editor buffer overflow   Buffer overflow on oversized string in text file.

03.08.2005 Detailed

6! Computer Associates BrightStor ARCserve Backup agent buffer overflow   Buffer overflow on malformed TCP/6070 data.   Quick 'n Easy FTP Server buffer overflow   Buffer overflow on oversized FTP command

02.08.2005 Detailed

7! Jabberd Jabber instant messaging server buffer overflow   Multiple buffer overflows on JID string parsing in jid.c.   Norton GoBack authentication protection bypass   It's possible to bypass authentucation check by using debugging mechanism.   nbSMTP SMTP client format string bug   Format string bug on server reply parsing.

Microsoft ActiveSync multiple vulnerabilities   During synchronization with broadcast media (LAN or Wi-Fi) all data, including authentication is sent cleartext and it's possible to spoof client or server. It's possible to access device without password, DoS.

01.08.2005 Detailed

HP NonStop server kernel DCE DoS         Business Objects Enterprise / Crystal Reports Denial of Service         Trillian instant messenger cleartext passwords leak   Yahoo Mail passwords are stored in common place with in cleartext.