31.10.2005 Detailed

SCO OpenServer RPC protocol DoS   RPC service hangs on invalid RPC BIND request.

29.10.2005 Detailed

6! chmlib Microsoft HTML Help IITS files parsing library buffer overflow updated since 26.10.2005   Multiple buffer overflow in dufferent parsing.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 24.10.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

28.10.2005 Detailed

SELinux PAM passwords bruteforcing   There is no delay or logging for invalid password in unix_chkpwd utility.   Multiple gnump3d MP3 streaming server (multiple vulnerabilities)   Crossite scriptin, directory travrsal.   Novell ZENworks Patch Management Server SQL injection

fetchmail fetchmailconf race conditions updated since 24.10.2005   During configuration file creation there are race conditions file is world readable.

27.10.2005 Detailed

8! IMAP UW mail server buffer overflow updated since 05.10.2005   Buffer overflow on oversized quoted string in mailbox name.   HP-UX lpd buffer overflow (outdated)   Buffer overflow on LPR protocol parsing.

26.10.2005 Detailed

6! skype URL handling buffer overflow updated since 25.10.2005   skype:// and callto:// URLs buffer overflows.   Gnome libgda library format string vulnerabilities         Symantec Discovery unauthorized database access   Few accounts with empty passwords are created during installation.

25.10.2005 Detailed

6! Network Applience network storage devices iSCSI authentication bypass   It's possible to start Full Feature iSCSI mode without prior authentication.   BMC Control M enterprise scheduling system agent symbolic links problem   Insecure creation of temporary directory.   SCO OpenServer authsh / backupsh buffer overflow updated since 21.10.2005   Buffer overflow in /usr/lib/sysadm/authsh, /usr/lib/sysadm/backupsh allow to gain egid backup.

SCO Unixware ppp buffer overflow updated since 21.10.2005   Buffer overflow in /usr/bin/ppptalk.

24.10.2005 Detailed

mgdiff diff graphical interface symbolic links problem   viewpatch script insecure temporary files creation.   PHP Apache configuration files DoS   Server crashes on invalid .htaccess 'php_value session.save_path' value.

22.10.2005 Detailed

Linux IPv6 sockets DoS   Endless loop is possible within udp_v6_get_port() function.   ZipGenius archiver multiple buffer overflow   Buffer overflow on multiple archive formats handling.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 19.10.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.10.2005 Detailed

6! Symantec Norton AntiVirus and another Symantec security products for Macintosh privilege escalation updated since 20.10.2005   Norton Antivirus DiskMountNotify suid utility executes external applications by relative name. LiveUpdate contains suid wrapper for Java interpreter without proper command line check. 6! Multiple Ethereal sniffer vulnerabilities updated since 20.10.2005   Multiple bugs of different nature while parsing different protocols. Vulnerable version of PCRE library is used in Windows Ethereal version. 6! RSA SecurID Web Agent buffer overflow updated since 06.05.2005   Heap overflow on HTTP chunked encoding parsing. Stack overflow on oversized HTTP request Redirect: header.

bmv integer overflow   Integer overflow on PostScript (PS) files processing.

eric Python IDE code execution   Possible code execution on project file opening.

20.10.2005 Detailed

6! Linux kernel console keyboard mapping commands execution   User can set keyboard mapping which will impact next users on this console. 6! Multiple IBM DB2 Universal Database vulnerabilities   Server crash on constant string processing in queries; endless loop on hash joins processing; multiple problems with invalid connection termination; unauthorized creation of routine based objects; array overflow on oversized number of elements in 'in' list; db2jd crash on certain clients.   Squid proxy server DoS   Server crash on parsing FTP Server response.

Debian module-assistant symbolic links problem   Symbolic links problem on insecure temporary files creation.

Encrypted data hijacking within Enigmail encryption plugin for Mozilla / Thunderbird   Key with empty id is used to encrypt all outgoing mail if presents in keyring.

Microsoft Internet Explorer URL spoofing   It's possible to spoof URL with document.write within OnClick method for <a> tag.

19.10.2005 Detailed

8! snort intrusion detection system (IDS) buffer overflow   Buffer overflow in Back Orifice UDP preprocessing (any UDP port) 6! Cisco Content Switch SSL DoS   Memory corruption on malformed certificate handling. 6! lynx text mode web browser buffer overflow   Buffer overflow on NNTP server reply parsing.

YIFF server sound files unauthorized access   File permissions are ignored while playing file.

AIX lscfg symbolic links problem

NetPBM graphical utilities buffer overflow   Buffer overflow on PNM file parsing in pnmtopng utility.

flexbackup backup utility symbolic links problem   Symbolic links problem during temporary files creation.

Gentoo Linux multiple ports privilege escalation   User from portage group can place dynamic library into search path of vulnerable library. Vulnerable ports are perl, Qt-UnixODBC, CMake.

PHP open_basedir protection bypass updated since 28.09.2005   Under some rare conditions it's possible to open file from different directory.

Sun Solaris SCTP socket option DoS

16.10.2005 Detailed

Trusted Mobility Suite PDA access protection bypass   It's possible to synchronize with device regradless of warnings.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 10.10.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.10.2005 Detailed

Apple iTunes player Shared Music service DoS   Different playlist manipulation vulnerabilities.   SPE Python Integrated Development Environment weak permissions   Application's files are world writable.   Windows Apache information leak   It's possible to retrieve file from CGI-BIN directory by typing directory name uppercase (http://127.0.0.1/CGI-BIN/chat.pl)

14.10.2005 Detailed

Mozilla Thunderbird / Mozilla weak authentication downgrade   If SMTP authentication with CRAM-MD5 or TLS hadshake fails mail agent downgrades to plain text authentication, allowing active man-in-the-middle attacks.   Multiple Sun Solaris vulnerabilities   File system privilege management feature panic. procfs protected file names information leak.   Hitachi TP1 DoS

HP-UX Itanium platform DoS

TYPSoft FTP Server DoS   Crash on FTP RETR command before data connection open.

ClamAV antivirus OLE2 files parsing DoS   OLE2 format (Microsoft Office) parsing DoS because of stack overrun due to recursive function call if large ArchiveMaxFiles value configured.

Computer Associates iGateway buffer overflow updated since 13.10.2005   Buffer overflow on HTTP request parsing if debug mode is enabled.

13.10.2005 Detailed

7! Microsoft Windows Microsoft Collaboration Data Objects buffer overflow updated since 12.10.2005   Buffer overflow on parsing mail messages with Microsoft SMTP service. 7! Microsoft Distributed Transaction Coordinator service memory corruption updated since 12.10.2005   Memory corruption as a result of integer overflow with anonymous remote access (Windows 2000) and authenticated access under Windows XP/2003. 7! Microsoft Design Tools COM object uninitialized memory reference updated since 12.10.2005   CPolyCtrl class destructor attempts to call a function by the pointer from uninitialized dynamic memory region.

6! W3C libwww library buffer overflow   Buffer overflow on MIME headers parsing.

6! Multiple BeaWeblogic vulnerabilities   24 different vulnerabilities.

6! Symantec Veritas NetBackup network backup system buffer overflow   Java User Interface bpjava-msvc daemon (TCP/13722) buffer overflow on COMMAND_LOGON_TO_MSERVER request.

6! GFI MailSecurity content filter buffer overflow   Buffer overflow in Web administration interface.

6! Novell NetMail mail server buffer overflow   Buffer overflow on oversized NMAP (Network Messaging Application Protocol) protocol USER command.

XMail sendmail buffer overflow   Buffer overflow on message headers parsing in sendmail -t.

Sun Java System Application Server (Sun ONE) JSP source code disclosure

Symantec Brightmail Antispam SPAM filter DoS   MIME headers parsing DoS.

AhnLab V3 antivirus buffer overflow   Buffer overflow on different file formats.

Kerio Firewall DoS   DoS on executable application's PEB parsing.

Linux kernel memory leaks   Memory leaks may potentially lead to DoS conditions.

Multiple Microsoft Distributed Transaction Controller DoS conditions updated since 12.10.2005   Problems with TIP protocols handling, bounce attack is possible.

Ethernet frame padding information leakage updated since 08.01.2003   Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information.

12.10.2005 Detailed

6! Microsoft Windows Shell multiple vulnerabilities   Problems with .lnk files processing, HTML files preview. 6! Microsoft Windows Client Service for NetWare buffer overflow   Buffer overflow in network file srevice. 6! Microsoft Windows Network Connection Manager service buffer overflow   Buffer overflow in RPC service.

6! Microsoft FTP client directory traversal   It's possible to place downloaded file in any directory from server side.

6! Microsoft Direct Show memory corruption   It's possible to overwrite one byte of the dynamic memory with NULL within quartz.dll with crafted AVI file.

KOffice buffer overflow   Buffer overflow on RTF files parsing.

11.10.2005 Detailed

7! Kaspersky Antivirus buffer overflow   Buffer overflow on CHM files parsing.   SGI IRIX runpriv utility unfiltered shell characters vulnerability   Unfiltered shell characters allow to execute any command.   Multiple WinRAR archiver vulnerabilities   UUEncoded files format string bug, ACE archives buffer overflow.

OpenSSL SSL 2.0 rollback (weak cryptography)   Active man-in-the-middle attacker can force rollback to SSL 2.0 protocol with known cryptographic weakness for both client and server if SSL_OP_MSIE_SSLV2_RSA_PADDING (or SSL_OP_ALL) configuration option is enabled.

10.10.2005 Detailed

6! xine-lib media player library format string bug   Format string bug on CDDB server reponse parsing. 6! Multiple Linux kernel vulnerabilities   sys_set_mempolicy() negative argument DoS, race CLONE_VM DoS conditions, race TASK_TRACED state DoS conditions, ioremap amd64 platform memory access, HFS and HFS+ filesystem drivers DoS, remote ebtables netfilter module remote DoS on SMP platforms. 6! OpenVMPS open Cisco VMPS protocol server implementation format string vulnerability   Format string bug on syslog() call.

Paros proxy unauthorized access   hsqldb database has built-in password and is remotely accessible.

cfengine symbolic links problem   Symbolic links problem during temporary files creation in multiple package utilities.

graphviz graph drawing tools symbolic links problem   Symbolic links problem on temporayr files creation.

up-imapproxy format string vulnerability   Few format string bugs.

09.10.2005 Detailed

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 03.10.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

07.10.2005 Detailed

6! Sun Directory Service unauthorized access         HAURI ViRobot antivirus buffer overflow   ALZ Archive Handling Buffer Overflow.   xloadimage buffer overflow   NIFF images buffer overflow.

Planet switches backdor account   There is undocumented 'admin' account with 'ISPMODE' password.

06.10.2005 Detailed

IBM Tivoli Monitoring DoS   Web Health Console uses older version of IBM HTTP Server.   Webroot Desktop Firewall buffer overflow   Buffer overflow on deleting application from the list of allowed programs. It's possible for non-privileged users to disable the firewall even when password protection has been enabled, by sending specific DeviceIoControl() commands to the firewall driver.

05.10.2005 Detailed

7! Symantec Antivirus administrative interface buffer overflow   Buffer overflow during TCP/8004 administrative interface HTTP request parsing. 6! HP OpenView Event Correlation Services unauthorized access         AlZip multiple buffer overflows   Buffer overflows on different archive formats.

mod_auth_shadow protection bypass   Access restrictions for different authorization mechanisms may be bypassed if mod_auth_shadow is used.

Windows XP Wireless Zero Configuration service information leak   WPA PMKs and WEP keys are available with WZCQueryInterface() of Wzcsapi.dll.

uim multilingval support library privilege escalation updated since 22.02.2005   Invalid environment variables handling.

04.10.2005 Detailed

6! MailEnable buffer overflow   Buffer overflow on logging in W3C format. 6! Gnome libzvt information spoofing   DISPLAY environment variable is used as a utmp hostname.   Hitachi Cosminexus logical bug   For HTTP POST request with empty body data from previous POST request is used.

ProZilla buffer overflow   Buffer overflow on oversized HREF parameters of the search results HTML page.

Weex format string bug   Format string bug in logging function.

Dia buffer overflow   Buffer overflow on SVG files parsing.

Trillian instant messenger DoS   DoS on requesting ICQ protocol reverse connection.

03.10.2005 Detailed

7! Kaspersky Antivirus buffer overflow   Heap based buffer overflow on CAB files parsing.   Berkley MPEG Tools symbolic links problem   Insecure temporary files creation.   Bugzilla information leak   It's possible to retrieve products information and, under some conditions, list of the invisible users.

NetForce NIS password information leak   File with NIS accounts passwords is sent with unencrypted diagnostic e-mail message.

01.10.2005 Detailed

6! MySQL buffer overflow   init_syms function stack-based buffer overflow.   storeBackup symbolic links problem   Symbolic links problem on temporary files creaction.   Macromedia Breeze information leak   "reset password" feature stores password in clear text.

sblim-sfcb DoS   Resource exhaustion on large number of HTTP requests with oversized headers.

BlenderPlayer buffer overflow   Buffer overflow on oversized .blen file.

Cisco routers weak password encryption   Password is encrypted with substitution table.

backupninka symbolic links problem   Symbolic links problem on temporary file creation.

ntlmaps NTLM proxy weak file permissions   Configuration file with Windows account password is world readable.

Virtools Web Player game platform multiple vulnerabilities   Buffer overflows and directory traversal on archive extraction.

Citrix Metaframe Presentation Server protection bypass   Restrictions policy is based upon paramters controlled by client.

apachetop utility symbolic links problem   Symbolic links problem on temporary filescreation.

MCCS Multi Computer Control System DoS updated since 21.09.2005   DoS on internal UDP-based control protocol parsing.

Multiple gopherd bugs updated since 14.01.2005   Integer overflows, format string bug in logging.