26.08.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: crossite scripting.   PartyGaming PartyPoker updates spoofing   Cryptography is not used to validate update authenticity.

25.08.2008 Detailed

7! Xine multiple security vulnerabilities   5 buffer overflows in real Audio parsing, vulnerabilities in mng, mod, qt, matroska formats handling. 7! Microsoft .Net framework multiple security vulnerabilities updated since 10.07.2007   Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte.

6! Trend Micro multiple application authentication bypass   Weak PRNG generator is used to generate session cookie.

libxml library DoS   DoS through CPU and memory exhaustion.

vim multiple security vulnerabilities updated since 14.06.2008   Code execution on file open.

24.08.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: SQL injection, information leakage.

23.08.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. osCommerce: crossite scripting.

21.08.2008 Detailed

6! Linux kernel multiple security vulnerabilities   IPSec ESP pacjet parsing DoS, multiple local DoS conditions, kernel memory data leak, privilege escalation. 6! Cisco IOS embedded FTP server multiple security vulneraiblities updated since 12.05.2007   DoS, unauthorized access, directory traversal.   Anzio Web Print Object ActiveX buffer overflow   Buffer overflow with mainurl parameter.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

yelp format string vulnerability   Format string vulnerability via URI.

20.08.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 20.08.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: crossite scripting, information leak.

19.08.2008 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: crossite scripting, automation protection bypass.

18.08.2008 Detailed

6! MicroWorld MailScan multiple security vulnerabilities   Durectory traversal, authenticatio bypass, crossite scripting, informaiton leak via Web admin page (TCP/10443).   Nokia 6131 phones multiple security vulnerabilities   URI spoofing, device crash.   Amarok symbolic links vulnerability   Unsafe temporary files creation.

Cisco WebEx Meeting Manager ActiveX buffer overflow   atucfobj.dll buffer overflow

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm for WordPress: Spamming, Envolution: crossite scripting, informaiton leak.

15.08.2008 Detailed

7! HP-UX unauthorized access with ftp server       6! CA CA Host-Based Intrusion Prevention System SDK multiple security vulnerabilities   Invalid IOCTL processing. 6! Microsoft Messenger unauthorized ActiveX access updated since 12.08.2008   Messenger.UIAutomation.1 ActiveX allows access to applciation functionality.

6! Symantec VERITAS Storage Foundation multiple security vulnerabilities updated since 22.02.2008   DoS on TCP/4888 request parsing, buffer overflow on UDP/3207 parsing.

Ventrilo voice chat server DoS   NULL pointer dereference.

git buffer overflow   Buffer overflow on oversized repository path.

VMWare VirtualCenter information leak   It's possible to obtain username information.

14.08.2008 Detailed

8! Microsoft Internet Explorer multiple security vulnerabilities updated since 12.08.2008   Multiple memory corruptions, MHTML crossite scripting.

13.08.2008 Detailed

8! Microsoft Office / Word / Excel / Power Point multiple security vulnerabilities updated since 12.08.2008   Multiple memory corruptions, protection bypass. 7! Microsoft Windows color management system memory corruption updated since 12.08.2008   Memory corruption on ICCM management.

12.08.2008 Detailed

7! Microsoft Access ActiveX file download updated since 09.07.2008   SnapShot Viewer ActiveX allows file download to any location. 6! Microsoft Windows privilege escalation   Invalid event handling allows code execution in system context.   Microsoft Windows IPSec policies vulnerability   Under certain conditions rules are not applied after Windows 2003 domain is migrated to Windows 2008.

hMailServer IMAP server DoS   Memory leak on command execution leads to buffer overflow.

Sun Solaris snoop format string vulnerability   Format string vulnerability on SMB traffic parsing.

Alcatel OmniSwitch switches buffer overflow   Buffer overflow on oversized Cookie: header in embedded web server.

UUDeview symbolic links vulnerability   Insecure temporary files creation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contact Form ][: crossite request forgery, crossite scripting.

08.08.2008 Detailed

WinGate Mail Server DoS   IMAP LIST command resources exhaustion.   NoticeWare Email Server DoS   Crash on oversized IMAP LOGIN command.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contact Form ][: antiautomation protection bypass, crossite scripting.

stunnel protection bypass   Revoked certificate status is incorrectly checked.

07.08.2008 Detailed

8! Nokia series 40 phones multiple security vulnerabilities   Multiple J2ME implementation vulnerabilities allow complete device compromization. 7! OpenVMS fingerd buffer overflow   Buffer overflow on oversized username. 6! Wireshark multiple security vulnerabilities   Multiple vulnerabilities in protocol dissectors, causing application to crash.

Sun xVM privilege escalation   VBoxDrv.sys driver kernel mode code execution.

Apache mod_proxy_ftp crossite scripting   Crossite scripting on FTP server content displaying.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress ME for XOOPS: crossite scripting.

Ingres database server multiple security vulnerabilities updated since 04.08.2008   Weak file permissions, insecure shared library loading, buffer overflow in different utilities.

Microsoft Halo: Combat Evolved game DoS updated since 25.05.2005   Endless loop on malformed data.

8e6 Technologies R3000 Internet Filter URL filtering bypass updated since 17.01.2008   Stateful-filtering is not used. X-DecoyHost header may be used to bypass filtering.

05.08.2008 Detailed

8! Oracle multiple security vulnerabilities updated since 18.07.2008   New Critical Patch Update patches nearly 50 different vulnerabilities in all Oracle products.

04.08.2008 Detailed

7! Apple Mac OS X multiple security vulnerabilities   Integer overflows and buffer overflows in graphics API and fonts API.   OpenSC smart cards unauthrorized access   It's possible to change smrtcard PIN code.   America's army game server DoS   Invalid assert() on network traffic parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Smeego: automation protection bypass, crossite scripting.

03.08.2008 Detailed

OpenLDAP slapd DoS   Crash on ASR.1 BER data processing.

01.08.2008 Detailed

6! CA ARCserve Backup for Laptops and Desktops buffer overflow   LGServer server process buffer overflow. 6! HP-UX System Administration Manager unauthorized access       6! Python multiple security vulnerabilities   Integer overflows, buffer overflows, cryptographic problems in multiple functions.

6! libxslt multiple security vulnerabilities   Heap buffer overflow, invalid digital signature check.

httrack buffer overflow   Buffer overflow on oversized URL.

pan newsreader buffer overflow   Buffer overflow on .nzb files parsing.

SAP MaxDB privilege escalation   It's possible to obtain sdb:sdba privileges via dmbsrv process because of untrusted path usage.

newsx buffer overflow   Buffer overflow on the article with large number of lines beginning with period.

Blue Coat K9 Web Protection buffer overflow   Buffer overflow on Referer header parsing. Buffer overflow on control server response parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Citrix Metaframe Privilege escalation   Autorun item path is not fully specified.