31.10.2004 Detailed

qwik-smtpd format string bug   Format string bug on file logging.

30.10.2004 Detailed

6! MacOS X Privilege escalation   It's possible to launch application before logon.   ImageMagic buffer overflow   Buffer overflow on EXIF format parsing.   shadow privilege escalation   It's possible to change account properties.

PostgreSQL symbolic links   make_oidjoins_check script temporary files problem.

PHP+cURL local file access protection bypass   It's possible to address any local file by file:// URL.

catdoc symbolic links   xlsview creates temporary files unsecurely.

PuTTY SSH2 buffer overflow updated since 28.10.2004   Buffer overflow on SSH2_MSG_DEBUG packet processing.

CGI bugs updated since 25.10.2004

28.10.2004 Detailed

6! AppleQuickTime code execution       6! HP-UX Serviceguard privilege escalation       6! Real Player buffer overflow   Buffer overflow on rjs (zipped skins) file processing.

27.10.2004 Detailed

6! libxml2 multiple buffer overflows   Buffer overflow on URL parsing, name resolution. 6! libgd integer overflow   Integer overflow during PNG format parsing.   MailCarrier buffer overflow   Buffer overflow in EHLO.

zgv multiple integer overflows   Multiple integer overflows on memory allocation.

wvtftpd buffer overflow   strcpy() buffer overflow

pppd DoS   Integer overflow on short packet length.

inetutils tftp client buffer overflow   Buffer overflow during name resolution.

conexant chipset ADSL modems unauthorized access updated since 06.07.2004   It's possible to manage device with built-in passord via TCP/254

26.10.2004 Detailed

socat format string bug   syslog() format string bug with -ly option.   GNU troff symbolic links problem   Symbolic links problem in groffer.sh script.   Netatalk symbolic links problem   Symboli links problem in etc2ps.sh script.

OpenSSL symbolic links problem   der_chop Script symbolic links problem.

MIT Kerberos symbolic links problem   send-pr.sh symbolic links problem

Multiple bugzilla bugs   Information leak, unauthorized information change.

25.10.2004 Detailed

6! Multiple Linux kernel bugs   ReiserFS DoS, hugetlbfs protection bypass.   Solaris LDAP_RBAC privilege escalation         rssh format string bug

AbilityServer buffer overflow   Buffer overflow in STRO command.

23.10.2004 Detailed

Altiris Deployment Server server spoofing   Mutual authentication absence and multicast based server detection allow to spoof server and obtain full control under managed network.   HP-UX stmkfonts privilege escalation   External program is called with relative path.   CGI bugs updated since 22.10.2004

22.10.2004 Detailed

8! Microsoft Windows multiple bugs updated since 13.10.2004   Windows management API privilege escalation with SetWindowLong()/SetWindowLongPtr() shatter attack, Virtual DOS Machine privilege escalation, EMF/WMF files code execution, DoS. 7! Multiple libpng bugs updated since 05.08.2004   Stack overflow, NULL pointer dereference, integer overflows. 6! Linux kernel race konditions   Race conditions on TIOCSETLD during read/write operation on same terminal can cause system to crash and potentially may lead to privilege escalation.

Multiple browsers tab vulnerabilities   Multiple browsers allow tab spoofing.

mpg123 buffer overflow   getauthfromurl() buffer overflow

LanDesk DoS

Vypress Tonecast 1.3 DoS

Multiple antivirii DoS updated since 11.02.2003   Creation of file with oversized path or special device name causes application to hang or allows detection bypassing. ZIP with zero archive length allow to bypass checking.

18.10.2004 Detailed

Multiple 3crwe754g72-a bugs   Information leak, crossite scripting.   CGI bugs

16.10.2004 Detailed

6! VERITAS Cluster Server privilege escalation         Yak! directory traversal   Directory traversal in built-in FTP server.   CGI bugs updated since 11.10.2004

15.10.2004 Detailed

7! Adobe Acrobat / Acrobat Reader local file access   SWF files embedded to document may access local files. 7! Multiple Macromedia JRun bugs updated since 28.09.2004   DoS, source code leakage, session hijacking, crossite scripting, buffer overflow. 6! Valve CS source format string bug   Format string bug in name command.

BNC protection bypass   By using backspace it's possible to bypass command protection.

3CRADSL72 information leak   http://[routerIP]/app_sta.stm Contains information with administration user name and password.

ShixxNOTE buffer overflow   Buffer overflow on parsing network message.

Tridcomm directory traversal updated since 07.10.2004

14.10.2004 Detailed

6! Multiple bugs in Internet Explorer updated since 23.08.2002   New cumulative patch released by Microsoft.   Microsoft Excel code execution updated since 13.10.2004   Buffer overflow on oversized strings copying.

13.10.2004 Detailed

8! Microsoft NNTP code execution   Multiple bugs during XPAT command parsing. 6! Windows Shell buffer overflow       6! Windows SMTP service buffer overflow   Buffer overflows during preconfigured DNS server reply analisys.

6! Microsoft WebDAV XML DoS   Large number of attributes in requests causes resource exhaustion.

RIM Blackberry buffer overflow   Buffer overflow during meetings synchronization with Microsoft Exchange.

ASN.1 compiler multiple bugs

Multiple Microsoft Windows NT RPC bugs

Windows 2003 server services weak permissions   Permissions for distributed Link tracking Server and Internet Connection Firewall Service allow control by unprivileged users.

12.10.2004 Detailed

squid SNMP DoS   ASN.1 parsing problems.

11.10.2004 Detailed

8! Windows GDI+ libraries JPEG buffer overflow updated since 15.09.2004   Buffer overflow in JPEG parsing routines. 6! Local file access and code execution in Microsoft Internet Explorer and Netscape/Mozilla XML component updated since 17.12.2001   Microsoft's Microsoft.XMLHTTP and Mozilla XMLHttpRequest incorrectly handle redirection allowing to access local files.   Multiple MySQL bugs   DoS, protection bypass.

08.10.2004 Detailed

7! Multiple Cyrus-SASL bugs   Buffer overflow in digestmda5.c and during environment parsing. User supplied modules are loaded into suid application.   Flash Messaging DoS   Problem with handling some Unicode characters.   CGI bugs updated since 04.10.2004

07.10.2004 Detailed

6! Apache mod_ssl format string bug updated since 16.07.2004   Format string bug if mod_ssl is used in conjunction with mod_proxy for SSL proxing (https://foo%s.example.com/).   Antiviral protection bypasswith file permissions   With execute only permission it's possible to bypass antiviral scanner and in some cases antiviral monitor.   MaxDB DoS   Invalid non-ASCII characters handling in IsAscii7 function.

Neoteris IVE password bruteforcing   Change password page doesn't limit the number of attempts.

06.10.2004 Detailed

8! SAMBA shared directory traversal updated since 01.10.2004   By using /.///etc path it's possible to access /etc directory. 8! Multiple Mozilla bugs updated since 18.09.2004   Buffer overflows in e-mail VCards, bitmpa decoders, UTF-8 conversion, POP3 protocol handling, send page feature; crossite scripting via link dragging. 6! Multiple cups bugs updated since 16.09.2004   Empty packet to UDP/631 causes browsing service to fail. Foomatic printers driver code execution, information leak from log files.

NetworkActiv Web Server 1.0 DoS   GET request with %25 causes CPU exhaustion.

Apache mod_dav NULL pointer DoS

FreeBSD syscons integer overflow   CONS_SCRSHOT ioctl for syscons invalidely handles negative values.

mod_python DoS

04.10.2004 Detailed

sysstat symbolic links problem updated since 11.03.2004   unsafe isag utility temporary files creation.   Xerces-C++ DoS   Malcrafted XML document causes 100% CPU ussage for few minutes.

02.10.2004 Detailed

Proxytunnel information leak   Username and password are leaked.   Vypress messenger buffer overflow   Buffer overflow on broadcast packet handling.   CGI bugs updated since 27.09.2004

01.10.2004 Detailed

7! Kaspersky Antivirus privilege escalation   By sending message to application it's possible to bypass password protection and execute application with local system privileges.