28.10.2010 Detailed

6! libvirt library multiple security vulnerabilities   Multiple possibilities to access host resources from guest machine.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

26.10.2010 Detailed

7! GNU C dynamic linker privilege escalation updated since 24.10.2010   Invalid $ORIGIN processing allows to load user library into suid application.

24.10.2010 Detailed

6! Linux kernel RDS protocol privilege escalation   It's possible to overwite kernel memory regions via recvmsg() for RDS protocol.   libpurple library / Pidgin DoS   Crash on base64 decoding in different protocols.   LibSMI ibrary code execution   Buffer overflow on oversized numerical OID.

SAP BusinessObjects default password   Deafault account admin/axis2 is used for AXIS2 installation.

HP Systems Insight Manager multiple security vulnerabilities   Directory traversal, crossite scripting.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Windows Mobile double free vulnerability   Double free on receiving VCF via MMS/bluetooth.

23.10.2010 Detailed

9! Mozilla Firefox / Thunderbird / Seamonkey / NSS multiple security vulnerabilities   Multiple memory corruptions, buffer overflows, crossite scripting, TLS/SSL vulnerabilities, code execution.

19.10.2010 Detailed

RealPlayer buffer overflow   Buffer overflow on QCP format parsing.   HP ProCurve access points / access controllers / mobility controllers privilege escalation         Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.10.2010 Detailed

8! Microsoft Office security vulnerabilities updated since 13.10.2010   Multiple memory corruptions, array index and buffer overflows, etc in Microsoft Word and Excel.   freeciv unauthorized access   It's possible to access files and execute commands via scenario.

13.10.2010 Detailed

9! Microsoft Windows multiple security vulnerabilities   Multiple privilege escalation with different drivers. MFC buffer overflow. EOT and OTF fonts memory corruptions and integer overflow. comctl32 buffer overflow. LPC buffer overflow. SChannel DoS. 9! Microsoft Internet Explorer multiple security vulnerabilities   Multiple memory corruptions, cross domain information disclosure. 6! poppler library multiple security vulnerabilities   Different vulnerabilities on PDF parsing.

6! Microsoft Windows Wordpad / Windows Shell code execution   Code execution via embedded COM object.

6! Media Player Network Sharing memory corruption   Use-after-free vulneraebility on RTSP request parsing.

6! Microsoft Sharepoint SafeHTML crossite scripting   Few crossite scripting possibilities.

Wireshark DoS   Stack overflow on ASN.1 parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Windows 2008 Shared Cluster Disks weak permissions   Everyone:Full Control permissions is granted on new disks by default.

Windows Media Player memory corruption   Memory corruption if page with WMP ActiveX is reloaded.

Microsoft .Net JIT memory corruption   Memory corruption during SMIL code compilation on 64 bit architecture.

Directory traversal in multiple FTP clients updated since 05.08.2010   It's possible for file to be downloaded outside directory choosen by user.

11.10.2010 Detailed

RSA Authentication Client information leal   SENSITIVE and NON-EXTRACTABLE flags are ignored for shared kay, making it possible to extract it.   HP Data Protector DoS   NULL pointer dereference on TCP/5555 request parsing.   Visual Synapse HTTP Server directory traversal   Directory traversal with backslash.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

08.10.2010 Detailed

8! Adobe Acrobat / Reader multiple security vulnerabilities updated since 06.10.2010   Multiple memory corruptions, code executions, privilege escalations, shell character vulnerabilities.   libESMTP SSL vulnerabilities   It's possible to spoof certificate by different ways.

06.10.2010 Detailed

6! MIT Kerberos 5 uninitialized pointer   Uninitialized pointer dereferense on TGS request processing.   PostgreSQL code execution   It's possible to execute any code with external procedures.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

05.10.2010 Detailed

7! IBM TSM FastBack multiple security vulnerabilities   Multiple code execution and denial of service conditions. 6! HP-UX Directory Server / Red Hat Directory Server multiple security vulnerabilities   Information leak, privilege escalation. 6! Novell iManager directory traversal   Directory traversal via nps.jar.

SAP Management Console DoS   Multiple DoS conditions.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Novell edirectory DoS   NCP (TCP/524) DoS.

Qt Creator code execution   Dynamic libraries are loaded with relative path.

01.10.2010 Detailed

libtiff memory corruption   Memory corruption on TIFF image parsing.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.