31.10.2011 Detailed

7! Adobe Acrobat / Reader multiple security vulnerabilities updated since 16.09.2011   Privilege escalation, memory leakage, code executions, multiple buffer overflows. 6! Novell iPrint buffer overflow   GetDriverSettings() function buffer overflow. 6! Cisco Nexus switches protection bypass updated since 13.09.2011   It's possible to bypass ACL limitation. Local code execution.

tor information discosure   Combined attacks may be used to deaninmize user.

HP-UX Containers privilege escalation

Cisco Video Surveillance DoS   Crash on RTSP packet parsing.

HP Network Node Manager i information leakage updated since 06.04.2011

26.10.2011 Detailed

6! pam buffer overflow   pam_env module buffer overflow   Alcatel Lucent OmniTouch Instant Communication Suite multiple security vulnerabilities   Crossite scripting, request forgery.   ClamAV antivirus DoS   Crash on high recurson level.

cyrus-imapd DoS   Crash on parsing message References: header.

zFTP FTP server buffer overflow   Buffer overflow on STAT and CWD commands processing.

D-Bus symbolic links vulnerability   configure script insecure file creation

24.10.2011 Detailed

9! Oracle / Sun / People Soft applications multiple security vulnerabilities   Quarterly CPU fixes >50 security vulnereabilities. 8! Apple OS X multiple security vulnerabilities updated since 16.10.2011   Multiple vulnerabilities in different system components. 8! Microsoft Internet Explorer multiple security vulnerabilities updated since 12.10.2011   Multiple memory corruptions with code execution.

7! tor multiple security vulnerabilities updated since 19.01.2011   Heap buffer overflow, DoS, key information leak.

6! Cisco Show and Share security vulnerabilities   Authentication bypass, code execution.

6! HP Data Protector Notebook Extension multiple security vulnerabilities

6! Asterisk uninitilized memory reference   Crash on SIP request processing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco CiscoWorks Common Services code execution   It's possible to execute code with LocalSystem privileges.

HP MFP Digital Sending Software information leakage

MIT krb5 FTP server privilege escalation updated since 11.07.2011   Daemon group privileges are not dropped. DoS conditions in different backends.

Daemon Tools DoS   Crash on IOCTL processing

23.10.2011 Detailed

acpid DoS updated since 26.05.2009   Large number of connections leads to endless loop.

20.10.2011 Detailed

8! Multiple HTTP servers DoS updated since 27.08.2011   Range: header processing can lead to memory exhaustion. 6! X.Org multiple security vulnerabilities   Memory corruprions, insecure lock file creation.   SystemTap DoS   Crash on ELF parsing.

16.10.2011 Detailed

9! Apple iPhone multiple security vulnerabilities updated since 15.10.2011   Multiple vulnerabilities in different system components and applications. 8! Apple iTunes multiple security vulnerabilities   Multiple security vulnerabilities on different media formats parsing. 6! Apple TV multiple security vulnerabilities   SSL vulnerabilities, vulnerabilities in different media formats parsing.

6! Microsoft Forefront Unified Access Gateway multiple security vulnerabilities updated since 12.10.2011   Code execution, crossite scripting, DoS.

HP Onboard Administrator unauthorized access

Abus IP cameras multiple security vulnerabilities   Read/write files access and command execution.

OpenSSL security vulnerabilities   DoS, protection bypass.

Microsoft Publisher memory corruption   Memory corruption on .pub files parsing.

G-WAN Web server buffer overflow   Buffer overflow on request processing.

conky symbolic links vulnerability   Insecure temporary files creation.

Samba security vulnerabilities   Different mtab file related vulnerabilities lead to DoS.

libxml2 memory corruption updated since 19.06.2011   Multiple vulnerabilities related to XPath processing.

feh multiple security vulnerabilities   Different vulnerabilities in graphics format parsing.

wget unsafe files creation   Local file is created with server controlled filename.

15.10.2011 Detailed

8! Apple Safari / WebKit multiple security vulnerabilities   Crossite scripting, multiple memory corruption, code execution.   Quassel IRC client weak permissions   Weak permissions for user's files and directories.

12.10.2011 Detailed

7! PHP multiple security vulnerabilities   Memory corruptions in different functions. 7! Microsoft Windows multiple security vulnerabilities   Active Accessibility and Media Center insecure DLL loading 6! Microsoft .Net / Silverlight code execution   It's possible to escape from sandbox.

Microsoft Host Integration Server DoS   Uninitialized pointer dereference, endless loop.

10.10.2011 Detailed

7! Cisco ASA / Cisco FSM multiple security vulnerabilities   Multiple vulnerabilities in MSN, ILS and Sun RPC parsing, authentication bypass in TACACS+. 6! quagga route daemon multiple security vulnerabilities   Multiple memory corruptions on OSPF and BGP packets parsing. 6! cyrus-imapd nntp server security vulnerabilities   Buffer overflow, auuthentication bypass.

6! Anatomy Keyview multiple security vulnerabilities   Memory corruption, integer overflow, buffer overflow.

6! Google Chrome security vulnerabilities   Memory corruption on WebKit functions.

VMWare buffer overflow   Buffer overflow on UDF file system import.

Cisco Network Admission Control Manager directory traversal   HTTPS directory traversal.

OpenOffice multiple security vulnerabilities   Multiple memmory corruptions on .doc files import.

ark archiver directory traversal   Directory traversal during archive extraction.

rpm multiple security vulnerabilities   Multiple vulnerabilities on RPM file header parsing.

UI spoofing in different QT applications   Using Qt QLabel class to display security critical information allows interface spoofing.

04.10.2011 Detailed

ThinVNC / ThinRDP directory traversal   Directory traversal in embedded web server.   Metropolis Technologies OfficeWatch directory traversal   Embedded web server directory traversal.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 04.10.2011   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

SonicWall NSA 4500 protection bypass   ARP spoofing protection doesn't work if used in conjunction

Cytel Studio memory corruptions   Memory corruptions on CY3, CYL, CYB files parsing.

GenStat memory corruption   Memory corruptions on GWB and GSH files processing.

02.10.2011 Detailed

9! Cisco IOS multiple security vulnerabilities   IP SLA DoS, smart install (TCP/4786) code execution, memory leaks in IPS and firewall features, multiple SIP vulnerailibites, multiple protocols NAT translation DoS, multiple IPv6 DoS, DLSw DoS. 8! Novell Groupwise multiple security vulnerabilities   Multiple memory corruptions, buffer overflows, integer overflows, heap array overflow. 7! Cisco 10000 routers DoS   Crash on ICMP packets parsing.

6! Cisco Jabber Extensible Communications Platform / Cisco Unified Presence   Resources exhaustion on XML parsing.

PcVue ActiveX multiple security vulnerabilities   Unsafe methods, array index overflow, code execution.

FreeBSD domain socket name buffer overflow   bind() buffer overflow on local (domain) sockets.

Cisco Unified Communications Manager memory leak   Memory leaks in SIP implementation.

EViews memory corruptions   Memory corruption on WF1 files parsing, buffer overflow on PRG parsing.

01.10.2011 Detailed

9! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Multiple memory corruptions, crossite scripting, code executions, etc   Wireshark multiple security vulnerabilities   DoS on different protocols dissectors, unsafe dynamic library loading.   Barracuda Backup multiple security vulnerabilities   Authentication bypass, crossite scripting.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

mutt SSL certificate validation vulnerability   SMTP and POP3 certificate hostname is not validated correctly.

NCSS memory corruption   Memory corruption on S0 files parsing.