30.09.2005 Detailed

6! Helix Player / Real Player format string bug updated since 27.09.2005   Format string bugs on .rt / .rp files parsing.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 26.09.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

29.09.2005 Detailed

AIX getconf buffer overflow         AbiWord buffer overflow   Buffer overflow on RTF files parsing.

Multiple NateOn Messenger vulnerabilities updated since 12.07.2005   Directory listing leakage, DoS.

28.09.2005 Detailed

7! Multiple Linux kernel vulnerabilities updated since 10.09.2005   Remote DoS with netfilter ipt_recent module. Privilege escalation with sendmsg() for amd64 platform. Reading kernel memory and IO ports with raw_sendmsg(). Memory leaks with procfs for SCSI drivers. USB DoS.   Polipo web server directory traversal         Sun Solaris XSun / Xprt privilege escalation

Multiple antiviruses file scanning bypass and format string bug   It's possible to bypass file scanning by using special characters (for example \01) in filename. Format string bug perenset while parsing filename in BitDefender.

27.09.2005 Detailed

8! Multiple MacOS X vulnerabilites   ImageIO GIF files parsing buffer overflow, Mail.app information leakage, QuickDraw Manager PICT files parsing buffer overflow, Java virtual machine quick time extensions safe mode protection bypass, Safari crossite scripting. 6! Bluetooth headset hijacking   It's possible to pair headset with RFCOMM connection even if headset is not in pairing mode.   RSyslog SQL injection   SQL injection on syslog message.

Sony PlayStation Portable buffer overflow   Buffer overflow on TIFF files parsing.

FL Studio music sequencer buffer overflow   Buffer overflow on parsing .flp files.

Sun Solaris UFS file system driver DoS   It's possible to cause "soft hang" if UFS logging is enabled.

Nokia smartphones Nobex service DoS   Server stops responding after receiving archive with special characters in the filename.

26.09.2005 Detailed

7! MacOS X malloc() privilege escalation   With MallocLogFile it's possible to overwrite any system file with application which uses malloc() function. 7! Qpopper poppassd shared library privilege escalation   User can specify shared library path for suid application. 6! Mozilla / Netscape / Firefox browsers buffer overflow   Buffer oveflow on "zero-width non-joiner" sequence of Arabic Unicode characters.

6! wzdftpd unfiltered shell characters problem   popen() unfiltered characters on SITE EXEC command.

Ruby safe level protection bypass   Error in eval.c in enforcing safe level protection.

HylaFax symbolic links problem   Symbolic links problem on temporary file creation in xferfaxstats script.

Linux kernel fget() DoS   sockfd_put() call is missed in routing_ioctl(), leading to resource consumption and system crash.

Multiple MultiTheftAuto game server vulnerabilities   DoS (unallocated memory access), anonymous message-of-the-day (mod) modification.

SecureW2 weak encryption   Weak PRNG generation algorithm for TLS pre-master key.

Stoney FTPd buffer overflow   Buffer overflow in PORT FTP command.

Courier mail server crossite scripting   Internet Explorer Conditional Comments crossite scripting with sqwebmail.

7-Zip archiver buffer overflow   Buffer overflow on parsing ARJ archives.

PowerArchiver buffer overflow   Buffer overflow on ARJ and ACE archives parsing.

Acer TravelMate notebooks smart cards protection bypass   It's possible to bypass screen locking with help system.

Microsoft Windows win32k.sys DoS   WM_CLOSE event for active drop-down menu causes system to crash.

21.09.2005 Detailed

7! Multiple ClamAV antivirus vulnerabilities updated since 21.09.2005   Buffer overflow on checking UPX-packed files, infinite loop on checking FSG-packed files. 6! Multiple Opera Mail agent vulnerabilities   Attached files are opened from local cache making it's possible to execute javascript in context of "file://". By adding ',' character to file extension it's possible to bypass content filtering.   Rational ClearQuest crossite scripting

Sun Solaris tl driver DoS

BNBT / CBTT / XBNBT DoS

Checkpoint VPN-1 DoS   Flood with specific spoofed packets from local network causes firewall to hang.

Multiple masqmail vulnerabilities   Unfiltered shell characters in the From: address, symbolic links problem during log file creation.

Safari browser memory corruption updated since 21.09.2005   Invalid address reference on address like data://<h1>crash</h1>.

HP Tru64 Unix ftpd DoS

bacula symbolic links vulnerability   Temporary files are created insecurely.

Sybari Antigen e-mail content filtering protection bypass   Messages with "Antigen forwarded attachment" in the Subject are not checked.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 21.09.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.09.2005 Detailed

p2play game engine code execution   It's possiblt to execute code thorugh object pickles.

17.09.2005 Detailed

Arc symbolic links problem   Insecure temporary files creation.   YaST packages management system weak permissions   /var/adm/YaST/InstSrcManager/IS_CACHE_0x0000000X/DATA/descr file is world writable. There is a buffer overflow on oversized package location while parsing this file.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 12.09.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.09.2005 Detailed

6! Multiple Ahnlab V3 Antivirus vulnerabilities   Privilege escalation with v3flt2k.sys driver, buffer overflow and directory traversal on archives scanning.   ncompress symbolic links problem   Symbolic links problem on temporary file creation.   gwcc symbolic links problem   Symbolic links problem on temporary file creation.

FileZilla FTP client information leak   Configuration including FTP sites access passwords is stored in public directory.

vxFtpSrv FTP server for Pocket PC buffer overflow   Buffer overflow on oversized USER command.

vxWeb Web server for Pocket PC buffer overflow   Buffer overflow on oversized request URI.

vxTftpSrv TFTP server for Pocket PC buffer overflow   Buffer overflow on oversized file name.

SimpleCDR-X symbolic links problem   Insecure temporary files creation.

NuMega SoftICE Driver Studio authentication bypass   It's posible to access DriverStudio Remote Control with NTLM Null session.

Avocents CCM console server protection bypass   It's possible to bypass port access control.

Orion / Compaq HTTP Server crossite scripting   Crossite scripting with error messages.

Turquoise SuperStat Fidonet / Usenet statistics utility buffer overflow   Buffer overflow on NNTP server reply parsing.

15.09.2005 Detailed

6! Multiple Centericq vulnerabilities   Integer signedness errors and integer overflow on different platforms.   Lotus Domino crossite scripting         GNU Texinfo symbolic links problem   texindex symbolic links problem during temporary file creation.

LineControl Java Client information leak   User's password is visible in log file.

Oracle Reports SQL injection   It's possible to inject SQL to report if it uses lexical references without parameter validation.

gtkdiskfree symbolic links problem   Symbolic links problem on temporary files creation.

VisualBoyAdvanced Nintendo emulator buffer overflow   Buffer overflow on command line arguments parsing.

14.09.2005 Detailed

6! Avira antivirus buffer overflow   Buffer overflow on parsing ACE archives.   common-lisp-controller privilege escalation   It's possible to inject code into the cache to be executed by another user on the first run of application.   Multiple Linksys WRT54G router vulnerabilities   Buffer overflow and possibility for unauthorized configuration / firmware modification, static HTTPs key, DoS.

Mozilla Firefox cleartext password leak updated since 20.07.2005   Weak authentication algorithm may be choosen by browser even if stronger one is supported by server.

13.09.2005 Detailed

6! Squid proxy server DoS updated since 03.09.2005   Error in sslConnectTimeout() function causes server to crash. Aborted request causes assert() in proxy server.   Ingate Firewall / Ingate SIParator crossite scripting   Administrative Web interface crossite scripting.   rdiff-backup protection bypass   Directory access restrictions do not work.

TMSNC Textbased MSN Client format string bug   wprintw() format string bug.

Snort Intrusion detection system DoS   Crash on parsing TCP options in verbose mode.

pam_per_user authentication module privilege escalation   Having valid credentials on the system, it's possible to login with any account.

12.09.2005 Detailed

7! XFree86 / X.ORG X server integer overflow   Integer overflow on huge pixmap images.   COOL! Remote Control DoS   DoS on handling malformed data to TCP/11980 port.

10.09.2005 Detailed

7! Netscape / Mozilla / Firefox buffer overflow updated since 09.09.2005   Buffer overflow on the links with international domain names (IDN).   IBM OS/400 multiple certificate handling vulnerabilities   Multiple vulnerabilities in certificates storing and validation.   IBM OS/400 SNMP agent DoS   Malformed SNMP message causes SNMP Agent and Trap Manager service to fail.

Sun Java System Web Proxy Server DoS   Three different vulnerabilities leading to server crash.

Zebedee encrypted tunnel server DoS   Some internal protocol header parameters lead to assert() in server application.

KillProcess administration utility buffer overflow   Buffer overflow on oversized process PE FileDescription field.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 05.09.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.09.2005 Detailed

7! Multiple GNU mailutils mail server and client tools vulnerabilities updated since 26.05.2005   imap4D IMAP server heap overflow, format string bug and DoS conditions, 'mail' and imap4d buffer overflows. 6! NOD32 antivirus buffer overflow   Heap overflow on the processing of ARJ with oversized filenames inside archive.   Cisco Content Services Switch authentication bypass   In case of SSL authentication client can be granted access on SSL reauthentication.

Checkpoint NGX rule definition vulnerability   "CIFS" rule includes all traffic.

Cisco IOS buffer overflow   Buffer overflow in FTP / telnet proxy authentication option.

SecureOL VE2 virtual environment protection bypass   It's possible to address physical memory directly from NTVDM subsystem.

CUPS Unix print system DoS   HTTP GET request with ..\.. in the path causes infinite loop in service.

DC++ dirrect connect protocol client DoS   During transfer of bzip2 compressed filelist decompressed list size is not controlled leading to possibility of resource exhaustion.

07.09.2005 Detailed

6! Apache mod_ssl unauthenticated access updated since 05.09.2005   Client can access path with "SSLVerifyClient require" without authentication in global settings for vurtual host have "SSLVerifyClient optional".   Symantec Brightmail Antispam DoS   CPU exhaustion on deeply neted archives, crash on TNEF messages processing.   KDE kcheckpass privilege escalation   Symbolic links problem within /var/lock directory.

WebArchiveX ActiveX component unaauthorized access   Insecure methods are available through 'safe for scripting' component.

Microsoft IIS 5.1 source code leak   Special WebDAv request to script located at FAT volume allows to retrieve source code.

06.09.2005 Detailed

OpenTTD game (Transport Tycoon Deluxe clone) format string bug   Format string bug on network data parsing.   Multiple Oracle 10g client vulnerabilities   Vulnerable versions of third party utilities are installed to system path location.

05.09.2005 Detailed

6! PCRE regular expressions library integer overflow updated since 22.08.2005   pcre_compile.c {} regexp parameter integer overflow. 6! ICMP and TCP timestamp attacks to reset TCP connections updated since 13.04.2005   By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease.   Rediff Bol 7.0 ActiveX information leak   With FullAddressBook method of Fetch.FetchContact.1 ActiveX control it's possible to obtain whole Windows address book.

Free SMTP Server open relay   Restriction to localhost relaying only doesn't work in default configuration.

Microsoft Windows keyboard events design flow   Application with diferent user's credentials may send keyboard events to applications running in the same desktop emulating user input.

Urban game buffer overflow   Bufer overflow during environment variables parsing allow to obtain egid games.

03.09.2005 Detailed

Few OpenSSH vulnerabilities   GatewayPorts option can be incorrectly activated during dynamic port forwarding if no external interface is specified. If GSSAPIDelegateCredentials option is activated user who used different logon type can be delegated with GSSAPI credentials.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 29.08.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   BusinessMail email server buffer overflow updated since 01.08.2005   Buffer overflow in multiple SMTP commands.

SlimFTPD buffer overflow updated since 11.11.2004   Buffer overflows in different FTP commands.

02.09.2005 Detailed

9! 3COM Network Supervıser directory traversal       6! Barracuda Spam Firewall Appliance directory traversal   Directory traversal in cgi-bin/img.pl requires no authentication. 6! Multiple Linux kernel bugs

6! Novell Netmail integer overflow   Integer overflow on continuation request processing leads to heap overflow.

silc symbolic links problem   Symbolic links problem on tempoarry files creation.

Polygen systemwide DoS   Precompıled grammr objects fıles are created workld wrıtable.