30.11.2005 Detailed

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, mb_send_mail() message headers modification, etc.

29.11.2005 Detailed

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, mb_send_mail() message headers modification, etc.

28.11.2005 Detailed

Kadu Gadu-Gadu instant messaging client DoS   Application hangs on malcrafted message.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, mb_send_mail() message headers modification, etc.

26.11.2005 Detailed

6! Sun Solaris traceroute buffer overflow updated since 25.06.2005   Buffer overflow on large number of -g arguments, on malformed -s argument allow raw socket access.   Gaim-Encryption plugin DoS   Attempt to access unallocated memory on keys parsing.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 21.11.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

FreeFTP FTP Server buffer overflow updated since 17.11.2005   Buffer overflow in USER command.

23.11.2005 Detailed

6! Firefox / Opera code execution updated since 21.09.2005   Command lines arguments can be pasted through URL if Firefox or Opera are invoked from external application in Unix-like systems.   Novell Zenworks authorization bypass   Remote diagnostics functions are available to regular user.   ipmenu iptables/iproute2 GUI symbolic links   Symbolic links problem on temporary files creation.

eix symbolic links problem   Symbolic links problem on temporary files creation.

fusemount mtab file coruuption   Mounted points special characters problem.

IPUpdate dynamic DNS client buffer overflow   Buffer overflow on DNS server reply parsing.

IBM WebSphere application server double free bug

21.11.2005 Detailed

9! Microsoft Internet Explorer code execution   Uninitilized memory call on Window() function within OnLoad handler of BODY tag allows code execution. 6! Multiple Gadu-Gadu instant messenger vulnerabilities   Special device access, buffer overflow, DoS, ability to initiate voice transfer from the client without user intervation. 6! Multiple Google Search Appliance vulnerabilities   Crossite scripting, code execution.

Inkspace buffer overflow   Buffer overflow on SVG import.

20.11.2005 Detailed

6! Novell Netmail mail server buffer overflow   Buffer overflow on IMAP commands parsing.   Hitachi Web applications crossite scripting and DoS         Hitachi Groupmax Mail SMTP server DoS

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 14.11.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.11.2005 Detailed

6! Multiple MailEnable mail server vulnerabilities updated since 18.11.2005   Buffer overflow and IMAP folders directory traversal, DoS. 6! Qualcomm WorldMail directory traversal   Directory traversal in IMAP server folders.   YaSSL certificate chain validation problem

SMB4K KDE SMB/CIFS browser symbolic links ptoblem updated since 07.09.2005   It's possible to read content of /etc/sudoers and /etc/super.tab.

17.11.2005 Detailed

7! Microsoft Windows Plug and Play Service UMPNPMGR buffer overflow updated since 12.10.2005   Buffer overflow on PNP_GetDeviceList and PNP_GetDeviceListSize calls for anonymous user on Windows 2000 and authenticated user on Windows 2003 / XP. There is another one similar vulnerability, leading to memory leak with DoS conditions.   Senao SI-680H wirieless Wi-Fi VoIP phones unauthorized access   VxWorks debugger is available with UDP/17185.   Multiple Zyxel P2000W wirieless Wi-Fi VoIP phones vulnerabilities   Information leak, external DNS servers access.

Multiple UTstarcom F1000 wirieless Wi-Fi VoIP phones vulnerabilities   SNMP access, unauthenticated telnet (TCP/21) and rlogin (TCP/513) access.

Multiple Hitachi Wi-Fi VoIP phones vulnerabilities   Information leak, SNMP access, built-in hardware password, unauthenticated Web access (TCP/8080) and shell access (TCP/3390).

Multiple Cisco 7920 wireless IP Phones vulnerabilities   Fixed SNMP read/write community is available, VxWorks debugger is available via UDP/7920 port.

FTGate mail server buffer overflow   IMAP server oversized EXAMINE command buffer overflow.

PasswordSafe weak cryptography   Key derived from user password with fast algorythm is used as a key for block cypher, making it easy to bruteforce user password.

16.11.2005 Detailed

7! GTK+, imlib, lessTif and libXPM libraries XPM files integer overflows updated since 16.09.2004   Integer overflow leads to heap based and stack based buffer overflow. 6! Multiple Macromedia server products vulnerabilities   Contribute Publishing Server Cryptographic weakness, Breeze Live Server and Flash Communication Server MX malcrafted RTPM streams DoS.   Apple iTunes code execution   CreateProcess() is used insecurely on external application execution.

Belkin Wireless Router authentication bypass   Any user can log on without authentication after administrator is logged on.

LiteSpeed web server crossite scripting   Crossite scripting in administration scripts.

14.11.2005 Detailed

6! Real player media player multiple buffer overflow updated since 11.11.2005   Buffer overflows on parsing .rm streams and skin files. 6! VERITAS Cluster Server for UNIX buffer overflow updated since 10.11.2005   Buffer overflow in 'ha' suid utility on environment variables parsing.

11.11.2005 Detailed

6! lynx text mode browser code execution   There is a configuration bug on multiple platforms allowing code execution with lynxcgi: URL handler.   Multiple Kerio WinRoute Firewall vulnerabilities   Crash on RTSP streams processing, possibility to use disabled account.   Veritas NetBackup buffer overflow updated since 10.11.2005   Buffer overflow in vmd (Volume Manager Daemon) shared library.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 07.11.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

10.11.2005 Detailed

6! SpamAssassin antispam filter DoS   Pasrsing of the message with large number of receients leads to stack overrun.   IPCop weak file permissions   Backup files and backup files encryption key have weak permissions.   IBM DB2 Content Manager DoS   LZH files processing crash, Excel files import CPU exhaustion.

Sylpheed mail agent buffer overflow   Buffer overflow on LDIF file parsing.

HP-UX envd privilege escalation

IBM Tivoli Directory Server protection bypass

09.11.2005 Detailed

8! Microsoft Windows WMF / EMF buffer overflow   Multiple buffer overflows in GDI on WMF and WMF windows metafile formats.   Multiple SAP Web Application Server vulnerabilities   Crossite scripting, request redirection, HTTP response splitting.

08.11.2005 Detailed

F-Secure Internet Gatekeeper antivirus privilege escalation   Different scripts execute external application by relative path.   Asterisk PBX server voice mail mailbox directory traversal   Web interface directory traversal allows to download any .wav file.   FileZilla FTP Server buffer overflow   Buffer overflow on oversized FTP USER command.

Multiple MacOS X vulnerabilities updated since 01.11.2005   Invalid ownership information in 'Finder', invalid 'Update' functioning, memberd removed group membership unauthorized access, 'Keychain' password leak, 'Kernel' uninitialized memory leak.

Multiple firewalls protection bypass updated since 28.10.2004   The number of different way to break protection against client application attacks is almost unlimited.

07.11.2005 Detailed

7! Macromedia Flash Player array index overflow updated since 05.11.2005   User controlled value is used as function pointers array index without boundary control.   linux-ftpd-ssl FTP server buffer overflow   Buffer overflow on oversized directory in CWD command.

05.11.2005 Detailed

6! SUSE linux chfn utility privilege escalation   Gecos field is not checked, making it possible to add records to password file.   Multiple IBM Lotus Domino communication server vulnerabilities   Array overflow on creating mail rules, buffer overflow on out-of-office autoreplies, multiple DoS conditions.   GpsDrive friendsd2 GPS map location service format string bug   Format string bug on diagnostic message gisplaying.

thttpd symbolic links problem   syslogtocern script insecure temporary files creation.

Sun Java Development Toolkit DoS   Crash on font deserialization.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 31.10.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

04.11.2005 Detailed

6! Apple QuickTime multiple vulnerabilities   Integer overflows, memory corruptions, DoS.   Sun Java System Communications Express information leak   It's possible to access configuration file which contains sensitive information.   Serv-U FTP Server DoS

Multiple giflib vulnerabilities   Memory corruption, NULL pointer dereference.

Apache Tomcat application server DoS   Large number of listing requests cause server to hang.

IpSwitch WhatsUp networm managing solution directory traversal   Web interface directory traversal.

Multiple Flat Frag game vulnerabilities   Multiple buffer overflows, NULL pointer reference.

Battle Carry game DoS   Game server crashes on oversized UDP packet.

03.11.2005 Detailed

7! The Holy Grail: Cisco IOS shellcode And Exploitation Techniques updated since 30.07.2005   Michaels Lynn's presentation on Cisco routers malicious code execution possibility. 6! Graphon Go-Global thin client and server solution buffer overflow   Buffer overflow in initial protocol handshake.   Multiple Asus Video Security vulnerabilities   Buffer overflows and directory traversals in built-in Web server.

Glider collect'n kill game buffer overflow   Buffer overflow on oversized player name.

NeroNet remote CD/DVD burning access solution directory traversal   It's possible to retrieve any video/audio/image file with built-in HTTP server.

Scorched 3D multiple vulnerabilities   Buffer overflow, format string bugs, multiple DoS conditions.

Cisco wireless accee points LWAPP mode unauthorized access   It's possible to send unencrypted packet with spoofed MAC to secure network.

HP OpenVMS DoS

02.11.2005 Detailed

6! Multiple NetBSD vulnerabilities   Integer overflow in FreeBSD compatibility subsystem, imake symbolic links problem, ptrace() privilege escalation. Known vulnerabilities in CVS, telnet, OpenSSL, ntpd are patched.   Linux kernel drivers buffer overflows   Buffer overflow, out-of-memory references in Yealink and i2c drivers.   Cisco Management Center for IPS Sensors weak configuration   During creation of Cisco IOS IPS rules information about port numbers is lost making it impossible to work for many intrusion detection signatures.

01.11.2005 Detailed

Multiple Hyper Estraier vulnerabilities   DoS on indexing files with special Unicode characters in the names. Files from non-searchable directories are indexed.   OpenVPN VPN client format string vulnerability   Format string bug on parsing DHCP options obtained from server.   Inicom networks ioFTPd FTP Server account enumeration   Error messages differ for existant and non-existant user account.