30.09.2010 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

29.09.2010 Detailed

Synology Disk Station crossite scripting   Crossite scripting on FTP commands logging.   FFmpeg libavcodec / MPlayer buffer overflow   Buffer overflow on flic format parsing.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 29.09.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

27.09.2010 Detailed

6! PHP multiple security vulnerabilities   phar extension information leaks, SPLObjectStorage information leaks, error messages information leaks, variables spoofing.   HP OpenView Network Node Manager DoS         Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP System Management Homepage multiple security vulnerabilities updated since 17.09.2010   Crossite scripting, information leak.

Cisco Unified Presence / Cisco Unified Communications Manager DoS updated since 30.08.2010   Crash on SIP messages parsing.

24.09.2010 Detailed

7! Cisco IOS multiple security vulnerabilities   DoS via SIP, DoS via ICGMP, SSL information leak, DoS in voice protocols application layer gateway for NAT. 6! Opera crossite access   Crossite scripting via @import url().

23.09.2010 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

20.09.2010 Detailed

6! Squid proxy server DoS   Crash on request with empty header strings. 6! bzip2 integer overflow   Integer overflow on bz2 archive decompressing. 6! Linux kernel multiple security vulnerabilities updated since 11.09.2010   DoS conditions, CIFS client privilege escalation, do_anonymous_page privilege escalation, information leak in XFS, privilege escalation in compat_alloc_user_space().

Alcatel OmniVista 4760 buffer overflow   Buffer overflow in built-in HTTP proxy.

Alcatel CCAgent unauthorized access   Server does not provide any authenticaiton, password is stored on the client site in reversible encryption.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.09.2010 Detailed

7! cvsnt unauthorized access   Directory traversal via branch name.   BACnet OPC client buffer overflow   Buffer overflow on SCADA data parsing.   Flock browser crossite scripting   Multiple crossite scripting vulnerabilities.

3Com OfficeConnect Gigabit VPN Firewall crossite scripting

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

HP Data Protector Express privilege escalation updated since 11.09.2010   Buffer overflow in DtbClsLogin

Nokia E72 smartphone protection bypass   Keyboard is not locked during password validation.

16.09.2010 Detailed

9! Microsoft Internet Information Services multiple security vulnerabilities   Authentication bypass, buffer overflow, DoS. 9! Microsoft Office multiple security vulnerabilities updated since 15.09.2010   Buffer overflow in Microsoft Outlook message parsing, memory corruption on fonts parsing. 9! Microsoft Windows multiple security vulnerabilities updated since 15.09.2010   Privilege escalation and code execution in spooler services,memory corruption in MPEG-4 codec, memroy corruption in RPC, privilege escalation in LSA, privilege escalation in CSRSS subsystem, WordPad memory corruption.

9! Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities updated since 10.09.2010   Multiple memory corruptions, integer overflows, buffer overflows, code execution, crossite scripting.

7! SAMBA buffer overflow   Buffer overflow on share SID parsing.

6! IBM Lotus Domino buffer overflow   Buffer overflow on oversized mailto within iCalendar.

6! Novell PlateSpin Orchestrate shell characters vulnerability   Shell characters vulnerability on graphs rendering.

6! Google Message Security SaaS multiple security vulnerabilities   Crossite scripting, SQL injection.

14.09.2010 Detailed

7! Apple WebKit / Safari multiple security vulnerabilities   Code execution, memory corruptions. 6! IBM Proventia Mail Security System multiple security vulnerabilities   Crossite scripting, code execution, request spoofing. 6! Novell Netware SSH buffer overflow updated since 06.09.2010   Buffer overflow on oversized SCP GET request.

MailEnable SMTP server DoS conditions   Uninitialized memory reference during logging on MAIL FROM / RCPT TO commands.

rpm hard links vulnerability   Race conditions for file spoofing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Wireshark sniffer multiple security vulnerabilities updated since 14.06.2010   Multiple DoS conditions, buffer overflow.

12.09.2010 Detailed

quagga BGP daemon DoS   Few DoS conditions on BGP traffic parsing.   LVM2 unauthorized access   Access to management commands is not authorized for local socket.   sudo privilege escalation   Under some conditions, user can execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group

couchdb code execution   Ralative path for dynamic library loading.

Apple Safari code execution   Under some conditions, explorer.exe is executed with relative name.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 11.09.2010   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.09.2010 Detailed

Your Own Personal Server Web-Server buffer overflow   Buffer overflow on request headers parsing.

10.09.2010 Detailed

Internet Download Accelerator ActiveX buffer overflow   Buffer overflow in NotSafe method.

09.09.2010 Detailed

6! EMC Celerra Network Attached Storage appliance unauthorized access updated since 16.08.2010   Full NFS access from predefined list of IP addresses is enabled by default.   HP Insight Diagnostics Online Edition crosisite scripting         HP-UX Software Distributor privilege escalation

HP ProLiant G6 Lights-Out 100 DoS

mountall privilege escalation   udev rule file unsafe permissions.

RSA Access Manager Server / Agent vulnerabilities   Few restriction bypass vulnerabilities

08.09.2010 Detailed

6! Cisco Wireless LAN Controller multiple security vulnerabilities   DoS conditions, privilege escalations, restrictions bypass.

06.09.2010 Detailed

6! HP Operations Agent security vulnerabilities   Code execution, privilege escalation.   barnowl uninitialized memory reference   libzephyr library functions return code is not checked.

05.09.2010 Detailed

6! Google Chrome memory corruption   Memory corruption on focus events processing.

02.09.2010 Detailed

7! Apple QuickTime code execution   Memory corruption in ActiveX control. 6! libwww-perl directory traversal   Directory traversal on file downloading in lwp-download.   Apple WebKit / Safari DoS   Crash on SGV style parameters parsing.

libHX library buffer overflow   Hep buffer overflow in HX_split function.

OpenSSL library double free vulnerability   Double free() in ECDH code.

bogofilter DoS   Crash on message parsing.

libgdiplus / Mono multiple integer overflows   Multiple integer overflows on BPM, JPEG, TIFF parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.