31.10.2003 Detailed

6! PostgreSQL buffer overflows updated since 20.08.2002   Multiple buffer overflow in different SQL functions.   CGI bugs updated since 28.10.2003

30.10.2003 Detailed

First class information leak   By using search option it's possible to view content of any directory.   Irix ineffective NFS protection   If any access option contains only wildcards server ignores access checks.

kpopup multiple bugs   relative paths on system() call, format string bugs, etc.

Buffer overflow in SimpleWebServer updated since 15.10.2002   Buffer overflow on oversized URL and Referer header..

29.10.2003 Detailed

8! MacOS X oversized argv buffer overflow   Buffer overflow in kernel on oversized command argument. 6! MacOS X weak permissions   Multiple application have weak file permissions. 6! MacOS X core files symbolic links   core files are created in world-writable /core directory without symbolic links check.

6! mod_security buffer overflow   Heap overflow if large amount of data is generated as a single chunk in server side script.

Fastream NetFile crossite scripting   Crossite scripting on 404 error page.

MacOS X screensaver protection bypass   Keys pressed shortly before the authentication window appears will be sent to the general user environment.

MacOS X Personal Firewall protection bypass   Only TCP connections are blocked with firewall.

28.10.2003 Detailed

thttpd buffer overflow   Buffer overflow during <> characters escaping.   Norton Internet Security crossite scripting   In URL blocking message URL is not escaped.   libnids buffer overflow   Buffer overflow in TCP packet reassembly.

Yahoo! Messenger buffer overflow   Buffer overflow in YMSGR:sendfile? URL on large number of '%'.

27.10.2003 Detailed

sh-httpd shell characters   wildcard (*) metacharacter allows to access any file.   iwconfig buffer overflow   Buffer overflow on oversized command line.   WU-FTPd SKEY authentication buffer overflow   Buffer overflow on oversized key.

24.10.2003 Detailed

7! Win32 'Shatter' attacks updated since 22.08.2002   Is priveleged application doesn't check system messages data it may be possible to execute code in application context by setting callback functions or excluding limits causing buffer overflws.   CensorNet crossite scripting   Crossite scripting in dansguardian.pl.

23.10.2003 Detailed

8! JRE/JDK sandbox breaking   By using / instead of . in class name it's possible to bypass sandbox restrictions. 8! Microsoft Exchange buffer overflow updated since 16.10.2003   Buffer overflow on XEXCH50 SMTP command processing. 6! eMule buffer overflow updated since 23.10.2003   Buffer overflow on oversized password.

6! Oracle buffer overflow   Command line buffer overflow allows to obtain oracle uid.

mah-jong buffer overflow   Buffer overflow in SetPlayerOption

Symlink problems in OpenServer   Multiple scripts create files in /tmp in insecure way.

Origo ASR-8100 DoS   It's possible to reset device via WAN link.

Gast Arbeiter unauthorized access   It's possible to access file of attackers choice.

SUN jdk crossite scripting   jdk undocumented static variable may allow data exchange between sites.

Sylpheed-claws format string bug   Format string bug in SMTP client code.

/bin/ls integer overflow   Integer overflow allows DoS condition

Caucho Resin Crossite Scripting   Crossite scipring in few CSS examples.

CGI bugs updated since 20.10.2003

20.10.2003 Detailed

10! Windows Messenger service buffer overflow updated since 16.10.2003   Buffer overflow on message receiving.

17.10.2003 Detailed

7! Buffer Overflow in Tshoot.ocx Windows Troubleshooter ActiveX updated since 16.10.2003       6! Sun Solaris Xsun buffer overflow updated since 03.04.2002   Heap overflow in -co option.   gdm DoS

Fetchmail DoS updated since 17.10.2003   a specially crafted email message can cause fetchmail to crash.

16.10.2003 Detailed

8! Microsoft Windows Authenticode protection bypass   There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog. 7! Microsoft Windows Help and Support Center buffer overflow   Buffer overflow on hcp:// protocol handling. 6! AOL Instant Messanger buffer overflow   Buffer overflow in screenname parameter during aim: URL parsing.

Windows ListBox/ComboBox buffer overflow   Buffer overflow in Windows components makes it possible to launch shatter attack.

ColdFusion CrossiteScripting updated since 23.09.2003   Crossite scripting on error messages generation.

15.10.2003 Detailed

Gaim festival plugin code execution   Published plugin example allows code execution.   tomcat DoS   Invalid HTTP request causes service to hang.   CGI bugs updated since 13.10.2003

13.10.2003 Detailed

6! Buffer overflow in slocate updated since 24.01.2003   Buffer overflow on simulational -c and -r usage.   ircd buffer overflow   Buffer overflow in JOIN command leads to DoS.

08.10.2003 Detailed

7! HP-UX dtprintinfo buffer overflow   Buffer overflow on oversized DISPLAY variable.   Internet Explorer Shell Folders local files access   It's possible to address local files by URL shell: with relative paths.   Medieval Total War NULL pointer reference   Long player name causes server to crash because of NULL pointer reference.

CGI bugs updated since 06.10.2003

PerlEdit buffer overflow updated since 24.06.2003   Buffer overflow on invalid data to TCP/1956

07.10.2003 Detailed

SuSE symbolic link problems   Symbolic link problems in /sbin/conf.d/SuSEconfig.susewm, /sbin/conf.d/SuSEconfig.javarunt.   File-Sharing for NET 1.5 and Forums Web Server 1.5 crossite scripting   HTML tags are not filtered on message subject.

06.10.2003 Detailed

6! Cisco Catalist unauthorized access   telnet requiest with specific structure causes command execution without authentication.   Conexant Access Runner unauthorized access   During second authentication attempt it's possible to bypass authentication.   Easy File Sharing Web Server multiple bugs   DoS, unauthorized logs and config access.

Spaiz-Nuke/PHP-nuke multiple bugs   SQL injection during authentication, SQL injection in web-link module, SQL injection in download module, access with encrypted password.

03.10.2003 Detailed

6! FreeBSD multiple integer overflows   Few integer overflows in procfs implementation and readv() call. 6! Directory traversal in multiple Web-servers updated since 05.02.2001   It's possible to leave web root by using directory traversal.   Sun Cobalt RaQ Control Panel crossite scripting   Crossite scripting in message.cgi

vpopmail weak permissions   /etc/vpopmail.conf file with cleartext SQL password is world readable.

WinShadow buffer overflow   Buffer overflow on oversized hostname, DoS.

EarthStation 5 multiple bugs and malicious code   Muliple bugs, including remote buffers overflows. Client can delete any files from client machine on remote server's request.

CGI bugs updated since 29.09.2003

NetSurf buffer overflow updated since 08.07.2003   Buffer overflow on oversized URL.

01.10.2003 Detailed

teapop SQL injection   SQL injection is possible during authentication if postgresql or mysql is used.   Gamespy 3d buffer overflow   Buffer overflow on IRC server reply parsing.