30.09.2004 Detailed

7! AIX libXm.a multiple bugs       7! Multiple IRIX bugs   TCP connections spoofing, DoS. 7! IceCast array overflow   Large number of headers in request leads to array overflow.

7! Multiple PHP request parsing bugs updated since 16.09.2004   Invalid request parameters parsing leads to leakage of memory content and rewriting of internal variables.

PeopleSoft HRMS session spoofing

Computer Associates Unicenter default password   Database access password is stored in installation batch files as cleartext.

freenet6 weak permissions   tspc.conf file with login and password is world readable.

MS SQL Server 7 buffer overflow

HP StorageWorks protection bypass   Protection bypass in Command View XP.

ParaChat directory traversal   Directory traversal with ..%5C/.

28.09.2004 Detailed

7! Multiple LessTif bugs       6! .Net server form authentication protection bypass   By using backslash in the request path it's possible to access protected file.   Linux CD protection bypass   user with read-only access can bypass these permissions and perform write and erase operations on media in a drive.

Multiple Emulive Server4 bugs   DoS, protection bypass.

Multiple DNS4ME bugs   Crossite scripting, DoS.

Multiple MyWebServer bugs   DoS, administration interface protection bypass.

AIX ctstrtcasd privilege escalation   User can overwrite any file with -f option.

Sendmail relaying   Predefined user account is used to initialize SASL database.

YahooPOPS buffer overflow   Buffer overflow on oversized POP3 USER command and any SMTP request.

27.09.2004 Detailed

7! MDaemon buffer overflows   Buffer overflows in multiple SMTP and IMAP commands. 6! Symantec Enterprise Firewall/Symantec Gateway Security multiple bugs   DoS, UDP filtering bypass, SNMP information leakage.   OpenBSD wuth RADIUS authorization module unauthorized access   Response authenticator is not checked, it allows to spoof response from RADIUS server.

Motorola Wireless Router WR850G unauthorized access   Authentication bypass through web interface.

Zinf buffer overflow   Buffer overflow on parsing .jpg files.

Canon imageRunner unauthorized access   Printer accepts and prints SMTP messages.

Multiple ActivePost bugs   Buffer overflows, directory traversal, weak password encryption.

FreeRADIUS DoS   Multiple bugs on malcrafted packet handling.

Sophos Small Business Suite special DOS devices access   By using special device name as a filename it's possible to access DOS device and bypass protection.

Pinnacle ShowCenter DoS   Web interface DoS with non-existant skin.

PopMessenger DoS   Program crashes on large number of characters outside base64 allowed range.

jabberd DoS   Server crashes on UTF8 data.

Multiple getmail bugs   Problems with file handling if application is executed with superuser privileges.

ON Command CCM default pasword   Few accounts with default passwords for Sybase database.

19.09.2004 Detailed

10! Buffer overflow in multiple OS telnetd updated since 19.07.2001   It's possible to overflow buffer with AYT telnet protocol command.   CGI bugs updated since 06.09.2004

18.09.2004 Detailed

RSyncX privelege escalation   Elevated privileges are not fully dropped.   HP WebJetadmin code execution         sdd/librmt bulnerability

17.09.2004 Detailed

6! Sudo symboli links problem   Unsafe temporary fiels access in sudo -u. 6! Google Toolbar Local zone scripting   By using resource from GoogleToolbar1.dll it's possible to execute scripting in local zone. 6! Microsoft Word WordPerfect filter buffer overflow updated since 15.09.2004   Buffer overflow on WordPerfect format parsing.

Pigeon Server DoS   Oversized username causes server to hang.

Business Objects WebIntelligence protection bypass   Access control is implemented on the client-side by only displaying the permitted actions in the browser.

WhatsUp Gold special DOS device access

Windows XP SP2 dangerous content filtering protection bypass   Comment in predefined format causes content to bypass protection.

multiple browsers cookie spoofing updated since 25.08.2004   It's possible to spoof cookies for few 3rd level domains.

16.09.2004 Detailed

7! Multiple BeaWeblogic bugs   Weak JNDI trees protection, insufficient authorization for few weblogic.Admin methods, weak resource protection thorugh web.xml on case-insensitive filesystems, utilities passwords stored in cleartext, cleartext password leaked during reboot, technical information leak, logon with disabled accounts, important information sent in cleartext. 6! IBM Windows XP OEM version backdoor account   During installation backdoor account is created with administrative privileges and empty password. 6! Multiple Apache bugs   mod_dav DoS, local buffer overflows during config files parsing, potential buffer overflows in apr-util library.

6! squid buffer overflow updated since 09.06.2004   Buffer overflow if NTLM authentication is compiled.

GNU Rarius SNMP integer overflow   Integer overflow leads to unallocated memory access.

MyServer multiple bugs updated since 23.06.2003   Multiple buffer overflows, directory travrsal, etc.

15.09.2004 Detailed

SUS (extended su) format string bug   Format string bug on syslog() call.   Inkra 1504GX DoS   Invalid IP options handling.

14.09.2004 Detailed

6! Multipel QNX utilities bugs   Buffer overflow in Photon, format string in FTP client, race conditions in crrtrap. 6! Lexar JumpDrive Secure protection bypass   It's possible to extract cleartext passwords.   ZyXel Prestige information leak   Memory fragments are leaked in ARP packets.

Pingtel Xpressa DoS   DoS through web interface.

Multiple Samba bugs   DoS against NetBIOS name service (nmbd), endless loop in SMBD.

Mozilla Firefox weak permissions   Weak permissions for executable files.

13.09.2004 Detailed

Twin FTP Server directory traversal         Serv-U DOS devices access   STOUD command allows to access DOS devices.   Gadu-Gadu buffer overflow   Heap overflow in image send feature.

StarOffice/OpenOffice symbolic links vulnerability updated since 20.02.2001   symlink problem during temporary files creation.

11.09.2004 Detailed

6! Multiple Axis products unauthorized access updated since 25.08.2004   It's possible to obtain or change administrative account anonymously.

10.09.2004 Detailed

F-Secure Internet Gatekeeper DoS

08.09.2004 Detailed

7! Qt/imlib buffer overflow updated since 22.08.2004   Buffer overflow on BMP files paring. 6! Multiple Safari bugs   Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access. 6! Usermin crossite scripting   Crossite scripting with HTML messages.

Net-Acct symbolic links problem   Symbolic links problem on temporary files creation in "write_list()" and "dump_curr_list()" functions

Serverview weak permissions   Weak permissions for configuration file allow to change SNMP MIBs structure.

multi-gnome-terminal information leak   Keystrokes are logged to user's home in debugging mode.

star privilege escalation

cdrecord privilege escalation   Privileges are not dropped on user specified program invocation.

mpg123 buffer overflow updated since 14.01.2003   Stack overflow on mp3 frame processing in sync_stream() function.

RKDetect - behaviour based rootkit detection utility updated since 12.05.2004   Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender. Tool very simply. It enumerates services on remote computer through WMI (user level) and Services Control Manager (kernel level), compare result and display difference. In this way we can find hidden services which usual used to start rootkit. Similar approach can be used to enumerate processes, files, registry keys and anything that rootkits can to hide. Rkdetect available here: Updated on 08.09.2004: Support for localized systems added. http://www.security.nnov.ru/files/rkdetect.zip

07.09.2004 Detailed

6! QNX PPPoEd buffer overflows   Multipel buffer overflows on arguments parsing. 6! Engenio/LSI Logic Storage controllers DoS updated since 06.09.2004   Malcrafted TCP packet cause device to crash.

06.09.2004 Detailed

8! Multiple Microsoft Internet Explorer crossite scripting bugs updated since 13.07.2004   Same name function redirection crossite scripting, ADODB.Stream vulnerability variant (Shell.Application), mouse click hijacking with Popup.show(), Media Preview crossite scripting, drag-n-drop files to shell:Startup. 6! Solaris in.named DoS   DoS during dynamic update handling.   OpenCA crossite scripting

Ruby symbolic links problem   CGI::Session unsecurely creates temporary file.

Multiple gnubiff bugs   Buffer overflow and DoS in POP3 implementation.

Dynalink routers backdoor account   Built in account userNotUsed with userNotU password

04.09.2004 Detailed

6! Kazaa/Grokster Altnet download manager buffer overflows   Buffer overflow in Altnet Download Manager.   Multiple IMail DoS conditions   Multiple bugs are fixed.   CGI bugs updated since 30.08.2004

BadBlue DoS   Number of concurrent connections is hardcoded.

03.09.2004 Detailed

Multiple Xedus bugs   Directory traversal, crossite scripting, DoS.   Weak SSH default ocnfiguration   TCP forwarding is allowed by default, it creates security problem for anonymous SSH access (for example with CVS).   Apache mod_ssl DoS   Child process goes to infinite loop on SSL connection abort.

02.09.2004 Detailed

Multiple WinZip buffer overflows

01.09.2004 Detailed

6! Linux kernel integer overflows   integer overflow on write() in kNFSd and XDR decoding.   Cerbere Proxy DoS   Oversized Host: header causes infinite loop.   Keene Digital Media Server directory traversal   Directory traversal with escape sequences.

Player versus Player Gaming Network buffer overflow   Buffer overflow in "/watchall" and "/unwatchall" commands.

TYPSoft FTP Server DoS   RETR . causes server to crash.

WS_FTP DoS   Malformed CD causes server to crash.

D-Link DCS-900 unauthorized IP address change   Device is configured with broadcast packet without authentication.

Debian calendar privilege escalation   Privileges are not dropped on executing program specified by user.

WFTPD DoS   MLST command causes server to crash.

SuSE memory cleartext passwords   Cleartext passwords in memory are never wiped out, it leads to cleartext passwords visible in swap files.