31.10.2006 Detailed

6! Easy File Sharing Web Server protection bypass   By using alternative NTFS-streams it's possible to retrieve protected data, including accounts and passwords.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

30.10.2006 Detailed

7! xsupplicant buffer overflow       6! wvWare library integer overflows   Few integer overflows on Microsoft Word document parsing.

6! Multiple Novell eDirectory security vulnerabilities updated since 23.10.2006   Buffer overflows, double free() vulnerabilities.

Microsoft Windows connection sharing DoS   NULL-pointer dereference on DNS request proxying in Microsoft Windows NAT Helper.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

PostgreSQL database management system multiple DoS conditions   Multiple DoS conditions on executing client requests.

26.10.2006 Detailed

6! AOL browser multiple security vulnerabilities   Buffer overflows in different ActiveX controls. 6! NullSoft WinAmp Ultravox support multiple security vulnerabilities   Buffer overflows on parsing different tags and headers. 6! Symantec AntiVirus privilege escalation updated since 05.10.2006   Insufficient address checks in SAVRT, NAVENG and NAVEX15 devices IOCTLS calls allos to overwrite kernel memory.

Cisco Security Agent for Linux DoS   Port scanning causes system resources exhaustion.

INCA IM-204 DSL router multilpe security vulnerabilities   Directory traversal, information leak.

Multiple D-Link DSL-G624T ADSL Router security vulnjerabilities   Crossite scripting, dfirectory traversal and another Web-interface vulnerabilities.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.10.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   HP Tru64 dtmail buffer overflow   Buffer overflow on -a flag parsing.

21.10.2006 Detailed

6! Multiple BrightStor ARCserve Backup security vulnerabilities         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.10.2006 Detailed

7! Asterisk remote buffer overflow   Buffer overflow on parsing Cisco Skinny VoIP protocol. 7! Opera buffer overflow   Buffer overflow on oversized URL. 7! Multiple ClamAV antivirus security vulnerabilities updated since 16.10.2006   Buffer overflow on PE files parsing, DoS on CHM parsing.

Weak IBM Lotus Notes client permissions   Application folder has Everyone:Full Control permissions.

Multiple Airmagnet security vulnerabilities   Crossite scripting and SQL injection in Web interface.

Multiple HighWall IDS security vulnerabilities   Crossie scripting and SQL injection in Web interface.

HTTP header injection in Macromedia Flash plugin

libksba DoS   DoS on parsing X.509 certificate with trailing information.

F5 Firepass crossite scripting   my.acctab.php3 sid parameter crossite scripting.

XSession race conditions   Race conditions allows different user to see error messages.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.10.2006 Detailed

IIS BlackIce PC Protection file lock protection bypass   It's possible to delete file and spoof deleted with new copy by direct call to ZwDeleteFile() API.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.10.2006 Detailed

6! Microsoft Windows Object Packager dialog spoofing updated since 11.10.2006   Code execution with .RTF or .WRI file embedded object.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   KMail DoS updated since 08.10.2006   Crash on HTML parsing.

14.10.2006 Detailed

7! Apache web server mod_tcl security vulnerability   Server format string vulnerabilities with HTTP request header names. 7! Multiple Linksys/ ZyXel / Edimax / Sitecom routers UPnP problems updated since 23.05.2006   UPnP AddPortMapping request requires no authentication. It makes it possible to create mapping between any external port and internal IP/port. Additionally, insufficient paramters validation allows code execution on router itself.   Macromedia Breeze directory traversal

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

13.10.2006 Detailed

8! Microsoft Office multiple security vulnerabilities updated since 11.10.2006   Multiple Excel vulnerabilities on different records type parsing and formats conversion. Multiple Microsoft Word code execution vulnerabilities. Memory corruptions in different Office products. 6! Wireless Location Appliance default account   'root' account has dafult password. 6! Mcafee Network Agent buffer overflow   Buffer overflow on oversized string to TCP/6646.

BulletProof FTP client buffer overflow   Buffer overflow on server reply parsing.

Multiple FreeBSD vulnerabilities   Multiple DoS conditions. Crash on ftruncate on non-file device. sched_setscheduler() DoS.

HP Version Control Agen unauthorized access

Toshiba bluetooth stack memory corruption   Malformed bluetooth packet causes memory corruption.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

PHP safe_mode glob() protection bypass   glob() function allows to check existance of file/directory and build directory listing.

Google Earth buffer overflow   Buffer overflow on .kml and .kmz files.

12.10.2006 Detailed

Sun Solaris NSPR library privilege escalation   Environment variable is used for log filename.   AOL YGPPDownload ActiveX buffer overflow   Buffer overflow in SetAlbumName() method of YGPPicDownload.dll AOL.PicDownloadCtrl.1.   HP-UX TCP/IP DoS

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 12.10.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.10.2006 Detailed

10! Microsoft Windows WebViewFolderIcon ActiveX (integer overflow) updated since 28.09.2006   Integer overflow can be used for hidden malware installation. 7! Microsoft Windows drmstor.dll buffer overflow   Buffer overflow in ActiveX element. 7! Microsoft Windows Server service multiple security vulnerabilities   Denial of service and code execution vulnerabilities.

7! Multiple Microsoft XML service security vulnerabilities   Crossdomain data access, buffer overflow.

6! Microsoft PowerPoinr memory corruption updated since 28.09.2006   0-day vulberability in SlideShowWindows.View.GotoNamedShow() function is used for malware installation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FreeBSD ptrace() DoS   Integer overflow in PT_LWPINFO.

Multiple Microsoft Windows IPv6 security vulnerabilities   TCP connection reset with ICMP or TCP packet, CPU exhaustion.

ASP.NET crossite scripting   Crossite scripting with AutoPostBack forms.

09.10.2006 Detailed

6! PHP integer overflow   unserialize() function integer overflow.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   PHP open_basedir protection bypass updated since 04.10.2006   By using symbolic links in race period of time it's possible to bypass open_basedir protection.

OpenSSH timing attacks updated since 03.05.2003   It's possible to check user's validity by measuring response time.

08.10.2006 Detailed

shttpd web server buffer overflow   Buffer overflow on oversized POST request URL.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

07.10.2006 Detailed

7! Multiple Computer Associates software products security vulnerabilities updated since 06.10.2006   Multiple buffer overflows in different network services (Discovery Service, Massage Engines, Backup Server, RPC-based services).   Python repr() code execution         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

06.10.2006 Detailed

6! PHP integer overflow   Integer overflow in dynamic memory allocation routines.

05.10.2006 Detailed

6! Trend Micro OfficeScan Client directory traversal   Directory traversal in embedded HTTP server. 6! Multiple VoIP phones vulnerabilities   Buffer overflows in integrated HTTP server. Buffer overflow on large UDP datagrams.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

04.10.2006 Detailed

6! HP Ignite-UX Server unauthorized access         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   IBM Client Security passwords manager unauthroized access   Password for site is stored based on site's title instead of URL.

HP-UX SLP unauthorized access   Unauthorized Service Locator Protocol access.

Jetty directory traversal updated since 03.10.2002   Directory traversal on CGI apllications access.

03.10.2006 Detailed

8! Multiple MacOS X security vulnerabilities updated since 02.10.2006   Multiple local and client vulneragbilities in different subcomponents.   Novell GroupWise Messenger DoS   nmma.exe service crash on malformed HTTP POST val parameter.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Kerio Personal Firewall privilege escalation   Insufficient hooked SSDT calls arguments validation.

02.10.2006 Detailed

8! 0-day Mozilla Firefox code execution security vulnerability   Vulnerability with javascript processing allows code execution. 7! Multiple MailEnable Mail server vulnerabilities   Multiple buffer overflows and DoS conditions on SMTP NTLM authentication. 6! TrendMicro OfficeScan ActiveX format string   Format string vulnerability in ATXCONSOLE.OCX control library.

6! McAfee ePolicy Orchestrator buffer overflow   Buffer overflow in NAISERV.exe service.

IBM Informix symbolic links security vulnerability   On installation /tmp/installserver.txt file is insecurely created.

migrationtools symbolic links problem   Symbolic links problem on temporary files creation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 02.10.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Indexing Service crossite scripting updated since 12.09.2006   Crossite scripting with UTF-7 characters in URL is possible.