31.08.2007 Detailed

7! Yahoo Messenger ActiveX buffer overflow   Buffer overflows in fvCom() and info() methods of YVerInfo.GetInfo.1. 7! postfix-policyd buffer overflow   Buffer overflow on SMTP commands parsing.   Linux aacraid driver IOCTL privilege escalation   Insufficient user's permissions check leads to denial of service conditions or privilege escalation.

Wireshark sniffer DoS   Infinite loop on DNP3 protocol parsing.

E-scan antiviral products weak permissions   Weak installation folder permissions.

Norman multiple antiviral products privilege escalation   Nvcoaft51 driver creates NvcOa device with out ACL with multiple vulnerabilities on IOCTLs processing.

Cisco CSS ssh DoS   More than 5 concurent ssh conenctions cause ssh service to crash.

Ubuntu linux tcpwrappers protection bypass   It's possible to connect to services configured to block connections.

Doomsday game multiple security vulnerabilities   Multiple buffer overflows and format string vulnerabilities.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

VMWare multiple security vulnerabilities updated since 27.08.2007   Multiple vulnerabilities allow unprivileged user of host system to control guest systems.

Cisco CallManager crossite scripting and SQL injection updated since 25.05.2007   Crossite scripting via /CCMAdmin/serverlist.asp. SQL injection with /CCMUser/logon.asp.

29.08.2007 Detailed

7! Timbuktu multiple security vulnerabilities   Multiple buffer overflows and directory traversal. 6! Helix DNA Server RTSP server memory corruption   Memory corruption on multiple RTSP (Real Time Streaming Protocol) "Require" headers. 6! HP OpenView Operations OVTrace buffer overflow updated since 10.08.2007   Multiple buffer overflows on request parsing.

IPSwitch WS_FTP crossite scripting   Crossite scripting with log file entries in Web interface.

EnterpriseDB code execution   Uninitialized function pointer call if any debugging function is called before pldbg_create_listener().

HP-UX get_system_info privilege escalation   It's possible to change system configuration with get_system_info if Ignite-UX or the DynRootDisk (DRD) are installed.

StarCraft memory corruption   Memory corruption on map preview received from server.

28.08.2007 Detailed

7! bind weak pseudo-random numbers generator updated since 24.07.2007   Weak PRNG creates predictable DNS request IDs and makes high success probability of DNS cache poisoning attack.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 28.08.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Thomson ST 2030 SIP phone DoS updated since 27.08.2007   Crash on invalid INVITE request Via: and To: headers and also on empty message.

27.08.2007 Detailed

7! clamav-milter shell characters vulnerability   Insecure popen() call with user-controlled value. 6! SIDVault multiple security vulnerabilities   Multiple buffer overflows in LDAP server authentication. 6! Sophos Antivirus multiple security vulnerabilities   Infinite loop on bzip parsing, integer overflow on UPX parsing.

BufferZone buffer overflow   Buffer overflow on FsSetVolumeInformation IOCTL.

Directory traversal and absolute path in multiple archivers updated since 11.07.2001   Directory traversal and absolute path allow to overwrite any file during archive extraction.

25.08.2007 Detailed

Skulltag game buffer overflow   Buffer overflow on UDP datagram parsing.   UnrealCommander file manager directory traversal   Directory traversal on archive extraction.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Soldat game multiple security vulnerabilities   Multiple DoS conditions.

23.08.2007 Detailed

6! Grandstream GXV-3000 SIP Phone eavesdropping   It's possible to take the phone off hook without user intervention.   Asura Game Engine buffer overflow         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

22.08.2007 Detailed

Asterisk VoIP server Skinny protocol resources aexhaustions   SIP dialog history is stored in memory regardless of settings, leading to memory exhaustion.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Microsoft Internet Explorer saved pages crossite scripting updated since 21.08.2007   Crossite scripting in context of local machine is possible on saving URL with address like http://site/--><script>alert("XSS")</script>

21.08.2007 Detailed

7! Mercury/32 / Mercury/NLM SMTP server buffer overflow   Buffer overflow on oversized CRAM-MD5 authentication string. 6! NVIDIA Linux drivers DoS   Invalid value sent to device may cause hardware damage. 6! Checkpoint ZoneAlarm multiple privilege escalations   Vsdatant.sys driver multiple IOCTLs buffer overflows. Weak permissions for executable files.

Cisco 7940 SIP IPPhones DoS   A sequence of malformed SIP requests causes device to crash.

EMC Legato Networker buffer overflow   Buffer overflow in SUNRPC (TCP/111) Networker Remote Exec Service.

Rsync off-by-one buffer overflow   Multiple off-by-on overflows.

Toribash multiple security vulnerabilities   Format string vulnerability, multiple buffer overflows, multiple DoS conditions.

rFactor game / gMotor2 engine multiple security vulnerabilities   Buffer overflow and multiple denial of service conditions.

Planet VC-200M DSL router DoS   Inaccessible administration interface on HTTP GET request with missed Host: header.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ICMP flood DoS against PalmOS updated since 15.05.2003   ICMP flood causes device to fail temporary.

18.08.2007 Detailed

6! IBM DB2 database multiple security vulnerabilities   Directory traversal, buffer overflow, shared libraries loaded from insecure locations, files and directories manipulation.   Diskeeper information leak   Anonymously accessible RPC functions allows to read higher addresses of processes address space.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.08.2007 Detailed

10! Microsoft Internet Explorer multiple security vulnerabilities updated since 14.08.2007   Memory corruption on ActiveX parsing, unsafe Visual Basic ActiveX execution, Visual Basic ActiveX memory corruption. 9! Microsoft Windows XML core services memory corruption updated since 14.08.2007   Memory corruption on XML parsing. 7! Lighttpd multiple security vulnerabilities   Multiple memory corruption on request headers parsing.

6! Multiple Linux kernel vulnerabilities   nf_conntrack_h323 NULL pointer dereference, invalid suid applications parent process termination signal handling, privilege escalation on Intel 965 chipset.

6! Cisco VPN client privilege escalation updated since 16.08.2007   Weak files permissions, code execution before logon with "Allow launching of third party applications before logon" and dialup networking.

MySQL multiple security vulnerabilities   CREATE TABLE LIKE privilege escalation, server crash on authentication.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Wireshark DoS updated since 28.06.2007   Endless loop on MMS and SSL parsing, off-by-one on iSeries and DHCP/BOOTP parsing.

Adonis privilege escalation   By using shell characters problem administrator can access device with root privileges.

16.08.2007 Detailed

6! ircu IRC server multiple security vulnerabilities   Multiple DoS conditions, channels hijacking, information leakage. 6! NetGear ReadyNAS RAIDiator default password   There are 3 default account, one of which is undocumented with root access.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Safari for Windows insecure files download   File of any type can be downloaded to desktop without intervation with user.

Streamripper stream to MP3 ripper buffer overflow   Multiple buffer overflow on HTTP headers parsing.

ESRI ArcSDE database server buffer overflow updated since 06.04.2007   Buffer overflow on oversied TCP/5151 port request.

McAfee VirusScan Antivirus for Linux / Unix buffer overflow   Buffer overflow on oversized filename in command line arguments.

2wire routers crossite request forgery   Referer is not checked on configuration form submission.

Multiple IRC NowPlaying scripts command injection   It's possible to inject IRC command thorugh unfiltered song titile.

dovecot privilege escalation   User can save message flags without having permissions.

15.08.2007 Detailed

10! Microsoft Windows VML parsing buffer overflow   Heap buffer overflow on compressed VML content. 7! Microsoft Virtual PC / Virtual Server buffer overflow   Heap based buffer overflow allows guest operation system user with administrative privileges to execute code on host operation system or another guest operation system. 7! Microsoft Windows Vista gadgets code execution   Code eexcution with "Contacts" and "Weather" gadgets.

6! Mozilla Firefox information leak   It's possible to read value of any internal variables.

6! Live for Speed car racing game multiple security vulnerabilities   Multiple buffer overflows and DoS conditions.

6! Microsoft Windows Media Player multiple security vulnerabilities   Multiple vulnerabilities on skin files parsing.

6! Microsoft Windows OLE Automation memory corruption updated since 14.08.2007   Memory corruption on embedded objects processing.

Babo Violent game multiple security vulnerabilities   Crash on UDP packet with malformed data. Format string vulnerability.

Zoidcom library DoS   Double free() vulnerability on malformed network request.

14.08.2007 Detailed

10! Microsoft Windows GDI code execution updated since 14.08.2007   Heap buffer overflow on Windows metafiles parsing. 7! Microsoft Excel memory corruption   Index value is not checked on Workspace parsing. 6! Apache Tomcat multiple security vulnerabilities   Information leak on session cookies with ' or ". Crossite scripting in Host Manager servlet.

Xfce terminal client unescaped shell characters vulnerability   Shell characters are not filtered on URL processing.

CounterPath X-Lite / WengoPhone SIP softphone DoS   Crash on missed Content-Type field in INVITE or MESSAGE request.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

13.08.2007 Detailed

9! Qbik WinGate format string vulnerability   Unsafe vsprintf() call on invalid SMTP command.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   OpenSSL cryptographic vulnerability   Montgomery multiplication for elleptic cryptography is not applied in BN_from_montgomery() functions, making it possible to retrieve RSA private key of different user.

10.08.2007 Detailed

6! Java screen content spoofing   It's possible to switch applet to full-screen mode.   Xvid array index overflow   Array index overflow in multiple get_intra_block() variants for different Video formats parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Zyxel Zywall crossite request forgery   Referer is not chacked on data submission.

09.08.2007 Detailed

6! Cisco VoIP routers multiple DoS conditions   Multiple vulnerabilities in implementation of SIP, MGCP, H.323 and RTP protocols. Device may be vulnerable even i protocol is not configured.   Cisco routers IOS IPv6 information leakage   IPv6 header contains 16 bytes of non-initialized memory from router's address space.   Cisco routers IOS Cisco Next Hop Resolution Protocol DoS   Crash on NHRP packets parsing.

08.08.2007 Detailed

7! Cisco IOS SCPauthentication bypass   Unprivileged user has full access to device, incpuding reading and writing it's configuration. 6! HP-UX HP Controller for Cisco Local Director daemon buffer overflow   Buffer overflow in ldconn on parsing TCP/17781 traffic. 6! Apple Mac OS X Bonjour mDNSResponder buffer overflow   Buffer overflow on malformed DNS request parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 08.08.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco Unified MeetingPlace Web Conferencing crossite scripting

bochs IA-32 emulator privilege escalation   Buffer overflow in network adapter emulation.

Asterisk Skinny (SIP) VoIP protocol DoS   CAPABILITIES_RES_MESSAGE integer array overflow.

07.08.2007 Detailed

6! Novell Netware client for Windows buffer overflow   Buffer overflow in NWSPOOL.DLL RPC function. 6! PHP msql_connect buffer overflow   Stack based buffer overflow on oversized function's argument.   Microsoft Windows explorer DoS   Crash on browsing windows folder with malformed JPEG file.

Astaro firewall DoS   Large amount of traffic with different connections causes CPU exhaustion.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 06.08.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

KDE Konqueror address bar spoofing   There are few possibilities for address bar spoofing.

Microsoft Internet Explorer DoS   Line <style>*{position:relative}</style><table><input></table> causes brower to crash.

Adonis TFTP directory traversal   User with privileges to manage TFTP configuration can upload system files.

05.08.2007 Detailed

6! gb and libgd library multiple security vulnerabilities   Multiple vulnerabilities on GIF parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 05.08.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Mozilla status bar text spoofing

03.08.2007 Detailed

6! XPDF / KOffice integer overflow   Integer overflow on PDF files parsing. 6! Qt format string vulnerabilities   Multiple format string vulnerabilities on format string bugs. 6! Multiple Panda Internet Security vulnerabilities updated since 07.09.2006   Weak installation folder permissions allow privilege escalation to LocalSystem on any logged in user account. Spam filtering can be controlled from malcrafted Web page.

Minimo password manager information leak   Crossite scripting in combination with form autofilling feature may cause password to be transmitted to different site.

Baidu Soba ActiveX code execution   Unsafe function allows to download and execute executable file.

gdm DoS   DoS on malformed GDM socket command.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

KDE Konqueror DoS   Crash on invalid sequences of open and close HTML tags.

01.08.2007 Detailed

7! Mozilla Firefox / Thunderbird URL processing code execution updated since 25.07.2007   It's possible to inject shell characters into mailto:, news:, nntp: IRLs if Thunderbird is used as URL handler.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 01.08.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Mozilla Firefox DoS   It's possible to create large number of unclosable pop-up windows.