29.11.2002 Detailed

Bogofilter symbolic links problem   file /tmp/bogopass.$$ is created without symbolic link check.

28.11.2002 Detailed

9! Solaris priocntl() privelege escalation   During external module loaging path is not checked. 6! Multiple Sybase buffer overflows   Buffer overflows in xp_freedll, DROP DATABASE, DBCC CHECKVERIFY.   Buffer overflow in libcgi   Stack overflow in changevalue() function.

27.11.2002 Detailed

HP-UX IGMP DoS         MySQL privilege escalation   By using PHP in conjuction with MySQL it's possible to access local files.   Netscape Java virtual machine buffer overflow   Buffer overflow in class sun.awt.windows.WDefaultFontCharset method canConvert() under Windows.

OpenVMS weak passwords   Llimit character set, case insensitivity and fast encryption algorythm allow password bruteforcing.

26.11.2002 Detailed

6! Mozilla/Netscape buffer overflow updated since 15.11.2002   Buffer overflow during jar: URL processing.   Rational ClearCase DoS   nmap of TCP/371 port causes service to hang.   Multiple bugs in acFreeProxy   Crossite scripting, DoS.

acFTP unauthorized access   Bug in password protection.

Calisto buffer overflow   Buffer overflow on oversized line.

NetScreen multiple bugs   Predictable TCP initial sequence numbers, DoS.

Sun X Window Font Service buffer overflow

Multiple bugs in BadBlue updated since 22.01.2002

Allied Telesyn Rapier24 DoS   UDP flood causes routing to stop.

23.11.2002 Detailed

7! SAMBA buffer overflow   Buffer overflow on password change. 6! RealPlayer/RealOne buffer overflows   Buffer overflows during URL and files processing.   QNX Photon Weak Permissions   Clipboard content is stored in world readable file.

Zeroo multiple bugs updated since 18.11.2002   Stack overflow on oversized request. Directory traversal.

CGI bugs updated since 15.10.2002

22.11.2002 Detailed

7! Buffer overflow in MDAC updated since 21.11.2002   Buffer overflow on maleformed RDS request. 6! Alcatel OmniSwitch backdoor unauthorized access   TCP/6778 port allows full device access.   Linksys BEFSR41 DoS updated since 02.11.2002   Request like http://192.168.1.1/Gozila.cgi? and oversized password causes router to crash.

20.11.2002 Detailed

6! Multiple bugs in iPlanet WebServer   Crossite scripting, administration interface code execution.   Signed/unsigned conversion bug in wwwoffled   Content-Length integer type bug.   QNX weak permissions   Multiple patches are set with weak file permissions.

mhonarc crossite scripting   Crossite scripting on message headers.

19.11.2002 Detailed

6! Linksys routers unauthorized access   XML parsing hole allows unauthorized web interface access.   MailEnable buffer overflow updated since 19.11.2002   Buffer overflow on oversized USER command.   WindowMaker integer overflow   Integer overflow in image processing leads to buffer overflow.

nullmailer DoS   mailers stops after receiving message for inknown user.

18.11.2002 Detailed

7! Macromedia JRun/ColdFusion buffer overflow updated since 13.11.2002   Multiple buffer overlfows during URI parsing.

15.11.2002 Detailed

6! Multiple Opera bug   Errors in scripting allow access to local files.   IISPOP buffer overflow   Buffer overflow on oversized POP3 command.   File protection bypass in LightServe updated since 25.10.2002   It is possible to construct a web request which is capable of accessing the contents of password protected files/folders.

14.11.2002 Detailed

10! Multiple bugs in bind updated since 12.11.2002   Multiple vulnerabilities: DoS, buffer overflows.   Buffalo access point DoS   Incomplete HTTP GET request causes device to reboot.   Unauthorized Surecom Broadband Router SNMP access   Commuinities public and secret are accessable by default.

CGI bugs updated since 23.10.2002

Format string vulnerability in KDE talkd updated since 24.05.2002

13.11.2002 Detailed

7! Buffer overflow in JRun updated since 29.05.2002   Buffer overflow on partsing Host: header.   libhttpd buffer overflow         Linux Kernel DoS

12.11.2002 Detailed

6! Buffer overflow in masqmail   Multiple buffer overflows. 6! Light HTTPd buffer overflow   Oversized URL causes buffer overflow. 6! KDE resLISa buffer overflow   Buffer overflow on oversized LOGNAME environment variable.

Invalid Novell eDirectory permissions   User with expired account may be granted with invalid permission.

INweb Mail Server buffer overflow   Buffer overflow on oversized string.

PXE server DoS   Corrupted DHCP packet crashes the server.

Buffer overflow in Novell IManager updated since 28.06.2002   Buffer overflow on oversized username.

11.11.2002 Detailed

6! iSMTP buffer overflow   Buffer overflow on oversized MAIL FROM:   Multiple bugs in hotfoon dialer   Buffer overflows, cleartext passwords, etc.   kgpg uncrypted private key   Passphrase not used if keys are generated through wizard.

09.11.2002 Detailed

Protection bypass and traffic amplification in Cisco PIX   Firewall accepts connections and replies packets sent to network address.   NetBSD IPFilter FTP proxy protection bypass   It's possible to set TCP portmapping to client or server port behind firewall.   Crossite scripting in LiteServe

Simple Web Server protected files access   URL http://server.com///secret/file allows protected file access.

QNX packager privelege escalation   cp is called without full path specified.

08.11.2002 Detailed

7! Buffer overflow in pine   Buffer overflow if address contains special characters.   QNX timer DoS   If user mode apllicatation creates a number of timer system hangs.

06.11.2002 Detailed

6! Command execution in perl-MailTools   Usage of mailx as a mailer allows command insertion into mail body.   HP TrueClaster DoS

05.11.2002 Detailed

6! Oracle iSQL*Plus buffer overflow   Buffer overflow on oversized username.

04.11.2002 Detailed

6! GlobalSunTech access point information leakage   In reply to UDP/27155 packet with gstsearch string access points send critical information including keys and administrator's password.   Pablo FTP format string vulnerability         Xeneo Webserver DoS   Request http://target.server/% causes service to crash.

02.11.2002 Detailed

NetScreen SSH DoS

01.11.2002 Detailed

Motorola SurfBoard DoS