31.08.2006 Detailed

8! Multiple libtiff library vulnerabilities updated since 02.08.2006   Multiple buffer overflows on TIFF images parsing, endless loop, integer overflows, memory corruption.   IBM AIX dtterm privilege escalation         HP OpenVMS information leak   Under some condition user's pasword may be logged by NET$SESSION_CONTROL module.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Lyris ListManager privilege escalation   Administrator of any mail list can assign any user as an addministrator of any different mail list.

30.08.2006 Detailed

7! Microsoft Windows DHCP client buffer overflow updated since 11.07.2006   Buffer overflow on DHCP server response parsing.

6! SAP-DB / MaxDB database WebDBM buffer overflow   Buffer overflow on oversized database name.   Weak xbiff 2 file permissions   .xbiff2rc is world-readable, making it's possible to retrieve POP3 / IMAP account password.

gtetrinet game array index overflow   Multiple index overflows.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

29.08.2006 Detailed

6! Sendmail long mail header DoS   Verry long message header causes access to free'ed memory.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

28.08.2006 Detailed

Sun Solaris pkgadd weak permissions   755 or 777 access mode is set if "mode" field of package contains any ?.   Citrix Metaframe privilege escalation   Weak permissions for registry key allow user defined DLL to be attacjed to system level process.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple Fuji Xerox Printing Systems security vulnerabilities   FTP bounce attack, unauthorized Web interface access.

Streamripper buffer overflow updated since 25.08.2006   Buffer overflow on HTTP headers parsing.

FreeBSD sppp buffer overflow updated since 24.08.2006   Buffer overflow on synchronous PPP LCP option parsing.

25.08.2006 Detailed

6! SSH Tectia Manager privilege escalation   User can start unprivileged 'sshd', after "Restart" GUI button is pressed application is restarted with root privileges.   Sun Java System Content Delivery Server directory traversal         AIX mpvg privilege escalation   External applications are executed with relative path.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

24.08.2006 Detailed

6! Asteriks PBX / VoIP solution buffer overflow   Buffer overflow in MGCP inplementation on AUEP message parsing.   Multiple Wireshark (Ethereal) sniffer security vulnerabilities   Multiple DoS conditions IPSec ESP dissector off-by-one overflow.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.08.2006 Detailed

7! Alt-N MDaemon POP3 server buffer overflow   Buffer overflow on oversized username with '@' character in USER/APOP command. 6! Multiple Sun Solaris security vulnerabilities   Privilege escalation with Role-Based Access Control, privilege escalation with 'format' if granted "File System Management" or similar role. 6! Cisco VPN 3000 unauthorized FTP access   It's possible to remove files and execute some FTP commands without authentication.

6! Linux SCTP privilege escalation

Cisco PIX / Adaptive Security Appliances / Firewall Services Module password reset   Under some conditions user password can be reset to some known value.

PowerZip buffer overflow   Buffer overflow on ZIP archive parsing.

Cool Messenger Server SQL injection   SQL injection with username.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

DoS против Symantec Enterprise Security Manager   Malcrafted request can be used to lockup server and agent.

AK-Systems terminal unauthorized access   Passwordless VNC access to device is possible.

Alt-N WebAdmin directory traversal   Directory traversal in few applications of administration server.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.08.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.08.2006 Detailed

8! Multiple Microsoft Windows Server service security vulnerabilities updated since 11.07.2006   Kernel mode heap overflow on mailslots processing. Information leak from SMB buffers. 6! Multiple WFTPD FTP server buffer overflows   Buffer overflows in multiple commands.   2wire gateways DoS   Incomplete HTTP request for Web-interface causes device to crash.

Ichitaro Document Viewer buffer overflow

honeyd honeypot demon DoS   ARP packets processing DoS.

Multiple Linux kernel DoS condiotions   DoS with SG driver, HID0[31] bit clearing problem on PPC970 processors.

Easy File Sharing FTP Server buffer overflow   Buffer overflow on oversized USER command.

RealVNC integer overflow   Integer overflow in clipboard processing functions readClientCutText()/readServerCutText().

Apache mod_rewrite buffer overflow updated since 28.07.2006   Off-by-one overflow on mod_rewrite LDAP schema if "RewriteEngine on".

18.08.2006 Detailed

6! Mac OS X XSan filesystem driver buffer overflow   Buffer overflow on oversized path.   IBM AIX setlocale() privilege escalation         HP-UX LP Subsystem DoS

AOL weak permissions   Application folder has Everyone:Full Control permission.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

DoS против IBM DB2 updated since 11.07.2001

GNU assembler buffer overflow   Buffer overflow on assembler file compilation.

17.08.2006 Detailed

6! Multiple MySQL security vulnerabilities   Privilege escalation with stored routine, privilege escalation with creating a database with the name different only in case from existing one. 6! IBM eGatherer ActiveX buffer overflow   Buffer overflow on oversized RunEgatherer method's parameter. 6! Shockwave crossite scripting updated since 24.07.2006   Crossite access to cookies and document data is possible.

Multiple Globus Toolkit grid toolkit vulnerabilities   Race conditions. Symbolic links problem.

XFree86 / X11.org integer overflow   Integer overflow on PCF fonts parsing.

Multiple Sony Vaio Media Integrated Server security vulnerabilities   Buffer overflow, durectory traversal.

Solaris race conditions   Race condition on netstat or SNMP query during ifconfig causes DoS.

Multiple Novell eDirectory security vulnerabilities   Remote Denial of Service, cleartext password in log files.

Multiple 04WebServer security vulnerabilities   Crossite scripting, user identification bypass.

Symantec Veritas NetBackup 6.0 PureDisk Remote Office Edition authentication bypass

HP-UX DoS   Support Tools Manager DoS, Trusted Mode DoS.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ShockwaveFlash ActiveX buffer overflow   Stack overflow (stack memory exhaustion) on oversized hostname in AllowScriptAccess property ftp:// URL.

16.08.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.08.2006 Detailed

7! Multiple Informix security vulnerabilities updated since 14.08.2006   Buffer overflow on oversized username. Information leak. Cleartext passwords. Buffer overflows, DoS. CREATE DATABASE privilege escalation. Multiple code execution vulnerabilities. File access. 6! HP OpenView Storage Data Protector code execution         Unauthorized SmartLine DeviceLock disk access   In specific configuration local user can access content of any logical drive.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ibmusicbrainz multiple buffer overflows   Buffer overflow on oversized HTTP hostname and during RDF data parsing.

Kaspersky Anti-Hacker protection bypass   Few kinds of ICMP messages are still accepted and replied in stealth mode. It makes it possible system fingerprinting.

14.08.2006 Detailed

6! Symantec Backup Exec buffer overflow   Buffer overflow in internal RPC-based protocol. 6! SquirrelMail WebMail unauthorized access   By changing internal compose.php variables it's possible to access files of settings of different users.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.08.2006 Detailed

Multiple SAP Internet Graphics Service security vulnerabilities updated since 11.08.2006   Buffer overflow and DoS conditions on HTTP requests parsing.   Netgear FVG318 wireless router with VPN/firewall DoS   Device crash on large number of TCP packets with invalid checksum.   Apache for Windows script source code leak   It's possible to access script code if cgi-bin is within DocumentRoot.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

10.08.2006 Detailed

8! Microsoft Office code execution updated since 16.06.2006   hlink.dll and Excel styles vulnerability, vulnerabilities in different record types processing are used to install malicious software in-the-wild. 6! Multiple ArcSoft MMS Composer for PocketPC security vulnerabilities   Multiple vulnerabilities with DoS and code execution impacts on MMS receiving. 6! MIT Kerberos / Heimdal privilege escalation updated since 09.08.2006   setuid()/seteuid() return code is not checked, allowing user to bypass protection by exhausting user limits.

Sun Solaris DoS   System panic in drain_squeue() on large number of TCP connections.

Sun Ray Server Software utxconfig privilege escalation

Macromedia ColdFusion authentication bypass   Some AdminAPI API functionality is available without authentication.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple MODPlug Tracker/OpenMPT security vulnerabilities   Few heap and stack based buffer overflows.

Multiple AlsaPlayer security vulnerabilities   Multiple buffer overflows.

ncompress buffer overflow   Buffer overflow on data extraction.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 08.08.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.08.2006 Detailed

9! Microsoft Windows DNS client buffer overflows updated since 08.08.2006   Buffer overflows in Winsock API and DNS client code. 8! Microsoft Power Point code execution updated since 14.07.2006   mso.dll vulnerability is used for silent malware installation. 8! Microsoft Windows Explorer buffer overflow updated since 01.06.2006   Buffer overflow during right-click on .url file with oversized mhtml://mid: URL. Vulnerability can be used for hidden malware installation.

7! Microsoft Windows crossite MMC access updated since 08.08.2006   Script from Internet/Intranet zone site can access any Microsoft Management Console's object.

7! ClamAV antivirus buffer overflow updated since 07.08.2006   Buffer overflow on parsing UPX-compressed PE files.

7! Barracuda Spam Firewall multiple security vulnerabilities updated since 02.08.2006   Login.pm Web-interface hardcoded guest account password, /cgi-bin/preview_email.cgi directory traversal.

7! Internet Explorer HTML Help ActiveX buffer overflow updated since 04.07.2006   Buffer overflow on oversized 'Image' property. Vulnerability can be used for hidden trojan installation.

7! Multiple Microsoft Internet Explorer and Windows security vulnerabilities updated since 28.06.2006   Cross-domain page content access, MSHTA code execution.

6! Linux Ext3 file system NFS DoS   On malformed UDP packet filesystem is marked as corrupted and is switched to read-only mode.

6! Microsoft Visual Basic for Applications buffer overflow updated since 08.08.2006   Buffer oveflow on VBA script parsing.

6! eIQNetworks Enterprise Security Analyzer multiple security vulnerabilities updated since 26.07.2006   License manager, syslog server, topology server buffer overflows.

Novell Groupwise Webaccess crossite scripting

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

08.08.2006 Detailed

7! McAfee Subscription Manager ActiveX buffer overflow   Buffer overflow in McSubMgr.dll marked safe for scripting. 7! RealVNC remote administration unauthroized access updated since 15.05.2006   Server doesn't check authentication type choosen by client is allowed. 6! liblesstif symbolic links vulnerability   Insecure debug files handling in libXm.

6! PHP memory corruption   sscanf() function past the end of aray writing.

6! CA eTrust Antivirus WebScan ActiveX element buffer overflow updated since 07.08.2006   Buffer overflow in "WScanCtl Class" ActiveX object installed during free online antiviral check.

Imendio Planner format string vulnerability   Format string vulnerability in filename.

07.08.2006 Detailed

6! PHP invalid has table value deletion vulnerability   Wrong element with same hash value but different class may be removed from hash table. 6! Microsoft Windows GDI32 library integer overflow   CreateBrushInderect integer overflow on WMF files parsing.   LHAZ archiver buffer overflow   Buffer overflow on oversized filename during JZH archives parsing.

Festalon Nintendo music files player memory corruption   Memory corruption on playing HES files.

DConnect Daemon chat server multiple security vulnerabilities   DoS conditions, format string vulnerabilities.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Eremove mail agent buffer overflow   Buffer overflow on oversized message.

04.08.2006 Detailed

DHCP daemon DoS         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Ruby Safe Level security bypass updated since 12.07.2006   "alias" can be exploited to replace safe function, directory access protection bypass. Few potentially dangerous methods are not limited.

03.08.2006 Detailed

Hobbit Monitor directory traversal   TCP/1984 Hobbit network daemon directory traversal.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Simpliciti Locked Browser protection bypass   It's possible to escape from jail environment to Windows by using javascript methods.

Weak PC Tools antivirus permissions   Permissions for "PC Tools AntiVirus" folder are set to Everyone:Full Control during installation.

CFS cryptographic file system DoS   Integer overflow causes daemon to crash.

HP ProCurve switches DoS

02.08.2006 Detailed

9! Multiple Mozilla / Firefox / Seamonkey / Thunderbird security vulnerabilities updated since 27.07.2006   Multiple vulnerabilities allow unrestricted code execution. Can be used for hidden malware installation. 6! PHP ip2long protection bypass   Function can return positive result on malformed argument, it can be used to bypass argument validation. 6! Microsoft Windows graphics subsystem DoS   Gdiplus.dll division by zero on .ICO files parsing.

6! VMWare ESX Server crossite scripting and password leak updated since 02.06.2006   Management Interface crossite scripting. Additionally, cleartext password is contained in session cookie and server log files.

6! Fetchmail buffer overflow updated since 25.07.2005   Buffer overflow on oversized POP3 UIDL reply.

Sun Fire T2000 protection bypass   Incorrect DSA signature verification.

Safari memory corruption   Memory corruption in KHTMLParser::popOneBlock().

Sun Grid Engine buffer overflow

lhaplus buffer overflow   Buffer overflow on LZH archive header parsing.

Open Cubic Player buffer overflow   Multiple buffer overflows.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Symantec On-Demand Agent / Symantec On-Demand Protection protection bypass   It's possible to access encrypted data.

ISS BlackICE protection bypass   It's possible to inject fake pamversion.dll into BlackICE service.

MySQL MERGE tables privilege escalation   User may retain acces to MERGE table after access to original table is revoked.