30.09.2002 Detailed

6! Unauthorized access in WatchGuard   Format string bugs and insufficient username checks allows administrative access. 6! Buffer overflow in Microsoft FrontPage SmartHTML   Buffer overflow in shtml.dll   Buffer overflow in WN   Buffer overflow on oversized GET request.

OpenVMS WASD multiple bugs   Weak default configuration, protection bypass, CGI execution in server's content.

Crossite scripting в acWeb   http://www.victim.com/%db<script>alert('Illegal%20Instruction%20Labs%

28.09.2002 Detailed

6! Unuathorized Webes file access

6! Buffer overflow in Null HTTPd   Heap overflow because of signed/yubsugbed cibversion.   Information leakage in Shana   Document may contain sensitive rendom data from memory.

Unauthorizaed Apache Tomcat JSP source code disclosure   org.apache.catalina.servlets.DefaultServ let allows to access any JSP code.

Unauthorized HP Procurve reboot   It's possible to reboot device via http://<IP ADDRESS>/sw2/cgi/device_reset? URL without authorization.

Apache stderr DoS   Large CGI application stderr output causes Apache to hang.

19.09.2002 Detailed

7! Mozilla multiple bugs   A number of bugs corrected. 6! Multiple bugs in Cisco VPN client updated since 12.08.2002   Buffer overflows and DoS during IKE packet parsing.   IBM WebSphere DoS   There is no limit for HTTP headers.

Buffer overflow in ISS scaner   Buffer overflow on HTTP server reply parsing.

Windows NT/2000/XP 16 bit executables protection bypass   16 bit application may be launched from another 16 bit application without have execution right.

Microsoft Windows XP Remote Desktop DoS and information leakage updated since 18.09.2002   There bug in protocol commands protection causing service to crash.

18.09.2002 Detailed

8! Multiple bugs in NetBSD   Multiple vulnerabilities in different utilities were fixed.   Unsafe file descriptors handling in FreeBSD libkvm   Launched user supplied application still have access to file descriptors.   Buffer overflow in Opera/Konqueror   Buffer overflow on large image scaleling.

17.09.2002 Detailed

Protection bypass in Sygate Personal Firewall   IP packets with source IP 127.0.0.1 will bypass protection.   ICQ weak encryption   Predefined key encryption

13.09.2002 Detailed

6! Obtaining root in MacOS X updated since 18.10.2001   A sequence of applications launch can lead to obtaining root privileges.   Enterasys SSR8000 DoS   nmap scanning causes system to crash.   Символьные линки в Bru (symbolic links) updated since 28.01.2002

12.09.2002 Detailed

Slackware efstool buffer overflow   Buffer overflow on command line arguments parsing.

11.09.2002 Detailed

9! Multiple bugs in HP Tru64 UNIX updated since 02.09.2002   Buffer overflows in multiple utilities, unsafe signal handling in ping.   Buffer overflow in ssldump   Buffer overflow on SSL packets analysis.   Secure cookie access in Knoqueror   Cookie with secure flag may be sent via unsecured channel.

Internet explorer and Konquerror frames crossite scripting updated since 10.09.2002   For sites with frame it's possible to execute script by spoofing location of one of frames.

10.09.2002 Detailed

CGI bugs

09.09.2002 Detailed

6! Buffer overflows in multiple browsers x.509 certificates parsing

07.09.2002 Detailed

7! GIF buffer overflow in Mozilla/Netscape updated since 07.09.2002   Heap overflow on zero width GIF images. 6! Crossite scripting in Internet Explorer and Konqueror updated since 04.09.2002   It's possible to spoof domain by using %sF in URL's username: http://secretcookie.com%2F@hacker.com/   Long filenames buffer overflow in PGP   Buffer overflow on filenames longer than 192 bytes.

06.09.2002 Detailed

Multiple bugs in SMALL HTTP Server   FTP access to whole disk is open by default, passwords are stored in cleartext, password submission attemps are not limited.   Amavis tar DoS   Malcrafted tar file causes program to hang.

05.09.2002 Detailed

Code execution via Microsoft Visual FoxPro   .app files are open without any warning.   Multiple bugs in Polycom ViewStation         Buffer overflow in afd   Buffer overflow on long path in suid utils.

Multiple CGI bugs updated since 02.09.2002

04.09.2002 Detailed

Crossite scripting in Aestiva's HTML/OS         Firewall-1 usernames detection   PKI aggressive mode replies are different for existing and non-existing usernames.

03.09.2002 Detailed

ScrollKeeper symbolic links   Insecure temporary files handling.

02.09.2002 Detailed

NullHTTPD crossite scripting   http://localhost/a?x=<SCRIPT>alert(document.URL)</SCRIPT>   Buffer overflow in Trillian   Buffer overflow on skin file parsing.