31.10.2002 Detailed

6! Windows 2000/XP PPTP buffer overflow updated since 01.10.2002   Malformed PPTP packets causes service to crash.   SmartMail DoS         Windows 2000 system partition weak default permissions updated since 03.08.2002   Everyone/Full Control permission allows to change initiall boot files regardless of individual file permissions.

30.10.2002 Detailed

Multiple compilers "erased" memory reading   Multiple secure programs use something like memset(buf, 0, len) to erase keys, passwords, etc from memory. The problem is this code can be eliminated by compiler during optimization process.

syslog-ng buffer overflow updated since 10.10.2002   Buffer overflow in parsing $HOST variable in configuration file.

29.10.2002 Detailed

7! Buffer overflow in Macromedia Flash updated since 03.05.2002   Buffer overflow on oversized "movie" and "SWRemote" paramters for ActiveX component.   Cisco AS5350 DoS   nmap -dinsane -p 1-65535 ip.of.as5350 causes router to hang.   CGI bugs

Crossite scripting in AN HTTPD   AN HTTPD shows an error page if a client sends a request containing ":" in the URI field. The problem occurs due to the fact that this URI is injected into the error page without being sanitized.

MDaemon DoS   Authorizaed user can crash POP3 server with oversized argument to DELE or UIDL command.

MDaemon DoS updated since 19.12.2000

MDaemon DoS updated since 10.06.2000

26.10.2002 Detailed

7! Buffer overflows in Kerberos updated since 01.10.2002   Multiple buffer overlows during Kerberos protocol parsing.   IPSwitch WS_FTP ftp bounce attack         Linksys WET11 ВщЫ   Gate crashes on receiving Ethernet packet from own Mac.

IBM Infoprint buffer overflow   Buffer overflow in telnet interface.

25.10.2002 Detailed

6! Signed content spoofing in ECDSA   Standard allows to generate private key in a way it will produce same signature for 2 different documents.   File protection bypass in BRS WebWeaver   URL like http://host/./secret/ allows access to password protected files.   Multiple bugs in SolarWinds TFTP   Directory traversal, invalid exception handling.

24.10.2002 Detailed

6! Norton antivirus privelege escalation   Можно запустить помощь (winhlp32.exe) в контексте локальной системы.

23.10.2002 Detailed

6! Microsoft Internet Explorer saved references and identifiers crossite scripting updated since 02.10.2002   By saving location.assign method of parent window it's possible to access it content any time. It's also possible to reference frame by it's identifier.   NetBSD IPSec DoS   Short packet causes system to halt.   Unixware/Open Unix rcp DoS   rcp of /prog causes system to hang.

Program execution via AIM   If user clicks on link to local executable it will be launched.

Microsoft RPC null reference DoS updated since 19.10.2002   NULL pointer reference during processing of RPC packet (TCP/135)

Buffer overflow in WebServer 4 Everyone updated since 16.10.2002   Buffer overflow on oversized GET request.

19.10.2002 Detailed

Multiple bugs in Web602   Directory listing, special device access, administration access.   Uncommented shell characters in multiple IRC bots

17.10.2002 Detailed

6! File deletion via Windows XP Help Center updated since 16.08.2002   By usgin hcp:// URL it's possible to remove file sustem objects. 6! Multiple bugs in Microsoft SQL Server (multiple bugs) updated since 21.02.2002   Buffer overflows in OpenDataSource, OPENROWSET, pwdencrypt and xp_dirtree. Weak registry permissions, weak password enbcryption.   Cisco Catalist HTTP buffer overflow   Buffer overflow in HTTP interface on oversized query.

Multiple bugs in Apache utilities   Buffer overflow, symbolic links, etc.

Microsoft Office information leakage

16.10.2002 Detailed

Multiple Click2Learn Ingenium bugs   Password's hashes access, weak encryption.   AVAYA Cajun unauthorized access updated since 08.08.2002   Undocumented read/write SNMP community NoGaH$@!. Undocumented accounts diag/danger and manuf/xxyyzz.

15.10.2002 Detailed

9! Format string bugs in heartbeat   Few format strings potentially can lead to remote root compromise (UDP/694) 6! Buffer overflow in GazTek HTTP updated since 18.06.2001   Buffer overflow on oversized GET request.   Multiple bugs in Symantec Firewall Secure Webserver   DoS,information leak.

Buffer overflow in ATPhttpd updated since 14.12.2001   Multiple buffer overflows

14.10.2002 Detailed

Webserver 4D weak encryption   Passwords are stored in cleartext.   Oracle TNS Listener DoS   Command (CONNECT_DATA=(COMMAND=SERVICE_CURLOAD)) causes service to hang after disconnection.   Multiple KDE bugs updated since 12.10.2002   KGhostview buffer overflow, kpf directory traversal.

CGI bugs updated since 07.10.2002

11.10.2002 Detailed

7! yellow pages unauthorized access updated since 10.10.2002   Vulnerabilities in ypserv and ypxfrd allows file system access with root privileges. 6! Outlook Express S/MIME buffer voerflow   Buffer overflow on certificate warning window.   Buffer overflow and directory traversal in Microsoft Windows Compressed Folders feature updated since 03.10.2002   Buffer overflow and directory traversal while extracting file from .zip archive.

10.10.2002 Detailed

Nylon DoS   Closing client socket during SOCKS5 handshake causes server to hang with 100% CPU usage.   AIX TCP flood DoS   Flood with unflagged packets leads to 100% CPU usage and mbuf exhaustion.   SurfControl SuperScout Multiple Bugs updated since 03.10.2002   Access to user names/passwords, weak passwords encryption, large GET request DoS, directory traversal, SQL injection.

09.10.2002 Detailed

Buffer overflow in Coolsoft PowerFTPd   Buffer overflow on oversized command.   IBM SecureWay DoS updated since 02.10.2002   TCP packets with all flags set to 0 cause CPU exhaustion.

08.10.2002 Detailed

7! NetBSD talkd buffer overflow       7! pic buffer overflow   buffer overflow in pic, remote if lpd is running. 7! Buffer overflow in libc resolver updated since 27.06.2002   Buffer overflow in DNS resolving functions.

07.10.2002 Detailed

Crossitescripting in Argosoft Mail Server Pro   Crossite scripting in WebMail, cleartext passwords in cookie :)   Microsoft IIS .idc crossite scripting   On oversized URL error message contains URL without modification.   PowerFTP buffer overflow   Buffer overflow on oversized commands.

Special devices access in Pirch   During private autosave new file created with filename matching peername without chaking for special device access.

05.10.2002 Detailed

Logsurfer buffer overflow   Off-by-one heap overflow leads to DoS.

04.10.2002 Detailed

6! Multiple bugs in Apache scoreboard   Any euid Apache process can DoS system by launching large number of child process and sending SIGUSR1 to any process as root. Buffer overflow in ab.   Microsoft Windows XP weak permissions   Weak permissions for restore information allow to view and change sensitive data, including SAM.   SSL protection bypass in Ximian Evolution   Insufficient certificate check on restored connection.

Symbolic links in python   os.py execvpe method creates temporary file insecurely.

Multiple bugs in XFree86   User's directory in search path for shared libraries for suid applications, shared memory acces via MIT-SHM.

CGI bugs updated since 28.09.2002

03.10.2002 Detailed

10! Buffer overfllow in /bin/login under System V updated since 13.12.2001   Buffer overflow on large name= request. Heap overflow in TTYPROMPT is trivially exploitable with remote root compromise.   MySQL Windows buffer overflow   Buffer overflow on .ini-file parsing.   Unisys Clearpath DoS   Device hangs after SYN-scan.

Локальная дырка в MySQL updated since 19.01.2001

02.10.2002 Detailed

Sendmail restricted shell (smrsh) protection bypass   Unescaped shell characters allows to execute commands.   Unauthorized access in OpenVMS POP3 server updated since 30.09.2002   It's possible to overwrite local file by specifing it as a log file.   Apache Host: crossite scripting   404 error message contains unescaped Host: header of HTTP request.

01.10.2002 Detailed

Multiple gv bugs   Buffer voerflows, shell characters.   QT Assistant unauthorized access   It's possible to obtain access to any local HTML file via TCP/7358.   Crossite scripting in Monkey   www.victim.com/<script>alert('IIL_0wnZ_YoU!!!');</script>