30.11.2007 Detailed

6! FreeBSD pseudo-random numbers generator weakness   SAme PRNG sequence may be reproduced twice under some conditions. 6! APC AP7932 unauthorized access   Logical error in authentication process.   Pioneers game multiple DoS conditions   Uninitialized memory reference, failed assertion.

TIBCO Rendezvous RVD Daemon memory leak   Infinite loop with memory allocation on zero-sized packet.

Asterisk multiple security vulnerabilities   cdr_pgsql and res_config_pgsql SQL injection.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: XSS.

29.11.2007 Detailed

6! IBM Lotus Notes buffer overflow   Buffer overflow on Lotus WorkSheet files processing. 6! WireShark sniffer multiple security vulnerabilities   Buffer overflow on SSL parsing, DoS on HTTP, MEGACO, Bluetooth SDP, RPC parsing.   Symantec Backup Exec DoS   bengine.exe (TCP/5633) integer overflows and NULL pointer dereference.

Linux multiple security vulnerabilities   Integer overflow on IEEE 802.11 frame, DoS with minix filesystem.

TK Toolkit buffer overflow   Buffer overflow on animated GIF loading.

RubyGnome2 format string vulnerability   Format string vulnerability in Gtk::MessageDialog.new.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 29.11.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Captcha! wordpress plugin: CAPTCHA protection bypass and XSS.

27.11.2007 Detailed

6! Mozilla Firefox / Seamonkey multiple security vulnerabilities   Multiple memory corruptions and race conditions. 6! Safenet Sentinel Protection Server directory traversal   Web interface directory traversal. 6! Mozilla Forefox jar: URL crossite scripting updated since 12.11.2007   It's possible to fire crossite scripting attack via jar: protocol by uploading JAR, DOC, ZIP, etc files.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Anti Spam Image wordpress plugin: CAPTCHA protection bypass.

26.11.2007 Detailed

Citrix NetScaler weak cryptography   Username/password are stored as a part of cookie with encryption (XORing with reused key), making it's possible to discover parts of the password.   DoS with skype URL handler   It's possible to start unlimiteed number of application instances with skype: URL.   nss_ldap information leak   Race conditions in multithread applications.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: Crossite scripting.

PHP safe mode protection bypass with htaccess updated since 27.06.2007   It's possible to manipulate function ini_set() and session_save_path() with htaccess settings.

25.11.2007 Detailed

6! Cygwin Windows POSIX emulation libraries buffer overflow   Buffer overflow on oversized filename.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: CAPTCHA bypass

23.11.2007 Detailed

6! Gadu-Gadu instant messenger buffer overflow   Buffer overflows on emotion icons parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. MoBiC-21: AIP CAPTCHA bypass

22.11.2007 Detailed

Aurigma ImageUploader ActiveX image uploader   Buffer overflows in GotoFolder() / CanGotoFolder() methods.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. ExpressionEngine: crossite scripting through responese splitting .

21.11.2007 Detailed

Linksys Wireless ADSL Gateway crossite scripting   Multiple crossite scripting vulnerabilities with /setup.cgi.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Nucleus: CAPTCHA protection bypass.   Feynmf symbolic links vulnerability   feynmf.pl symbolic linkcs vulnerability on temporary files creation.

BitDefender online antivirus scanner ActiveX buffer overflow   Buffer overflow in InitX method.

20.11.2007 Detailed

6! Alcatel OmniPCX audio stream hijack   It's possible to hijack audio strem from server by sending TFTP request with filename containing victim's IP. 6! PHP multiple Denial of Service conditions   Multiple denial of service conditions.   Citrix NetScaler crossite scripting   Crossite scripting in /ws/generic_api_call.pl.

Belkin wireless routers denial of service   Router is vulnerable to SYN-flood attack.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. HBH-Fusion: CAPTCHA protection bypass.

Firefox / Konqueror / Safari certificate spoofing updated since 19.11.2007   Link between certificate and web site is not set, if certificate from unknown certification authirity is manually approved, making it's possible to use same certificate for different site withour warning.

19.11.2007 Detailed

net-snmp DoS   CPU resources exhaustion on GETBULK with large max-repeaters parameter value.   LIVE555 media server DoS   Uninitialized memory reading on RTSP query processing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Fusion: CAPTCHA protection bypass.

MySQL DoS   Invalid assertion on CONTAINS processing.

18.11.2007 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: CAPTCHA protection bypass.

17.11.2007 Detailed

6! AhnLab AntiVirus memory corruption   Memory corruption on ZIP archives parsing. 6! libFLAC / WinAMP multiple security vulnerabilities   14 different vulnerabilities exist on FLAC media format files parsing. 6! Apple Mac OS X multiple security vulnerabilities updated since 15.11.2007   Mach ports privilege escalation. Multiple Appletalk protocol handling vulnerabilities. ldt privilege escalation.

ComponentOne FlexGrid ActiveX multiple buffer overflows   Buffer overflows on different object properties.

Microsoft Jet Engine MDB files parsing buffer overflow   Buffer overflow on MDB file access.

Aruba Mobility Controller crossite scripting   Crossite scripting in administration interface.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 15.11.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.11.2007 Detailed

7! Samba multiple security vulnerabilities   Buffer overflow in GETDC mailslot request processing, buffer overflow in WINS server. Client IP may be spoofed.

15.11.2007 Detailed

7! Apple QuickTime multiple security vulnerabilities updated since 06.11.2007   Multiple buffer overflows and memory corruption on different graphics and video file formats.

14.11.2007 Detailed

7! Microsoft Windows URL code execution   Invalid handling of %xx sequences on external URL handlers in Windows XP with Internet Explorer 7 installed allows to execute applications.   IBM WebSphere MQ multiple security vulnerabilities         KDE Konqueror cookie buffer overflow   Buffer overflow on oversized cookie.

Nagios plugins multiple security vulnerabilities   Buffer overflows in check_snmp and check_http on server reply parsing.

Emacs safe mode protection bypass updated since 14.11.2007   It's possible to bypass enable-local-variables safe mode.

PHP multiple denial of service conditions   DoS in stream_wrapper_register(), dgettext(), dcgettext(), dngettext(), gettext(), ngettext(), dcgettext() functions.

Novell Netware client privilege escalation   Unprivileged user can manipulate kernel memory with \.\nwfilter device.

WinPcap driver array overflow   Array index overflow in kernel mode on IOCTL handling.

Oracle privilege escalation   Multi-step sequence of operations allows user to get SYSDBA privileges.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: CAPTCHA protection bypass. Peter’s Random Anti-Spam Image: CAPTACHA protection bypass and crossite scripting.

12.11.2007 Detailed

6! Adobe Shockwave ActiveX buffer overflow   Buffer overflow in ShockwaveVersion method. 6! IBM Informix Dynamic Server privilege escalation   Directory traversal on DBLANG environment variable parsing allows to specify attacker-controlled NLS files, leading to possibility of format string attacks for suid applications.   AOL Radio AmpX Active X buffer overflow   Multiple buffer overflows in different methods.

HP-UX Aries PA Emulator privilege escalation

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: CAPTCHA protection bypass.

08.11.2007 Detailed

6! Xpdf multiple security vulnerabilities   Buffer overflows, integer overflows, array index overflows.   Link Grammar / AbiWord buffer overflow   Buffer overflow on oversized word.   Oracle database server buffer overflow   Buffer overflow in XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. mt-scode: CAPTCHA protection bypass.

07.11.2007 Detailed

7! PCRE and perl regular expression handling multiple security vulnerabilities   Buffer overflows and memory corruptions on different regexps.   Symantec Norton AntiVirus for Mac privilege escalation   External application is executed by relative path.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 07.11.2007   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress Peter’s Custom Anti-Spam Image: CAPTCHA protection bypass.

Microsoft Sysinternals DebugView privilege escalation   Dbgv.sys Driver allows any user to copy any data in kernel memory.

06.11.2007 Detailed

Sun Solaris SRS Proxy Core   srsexec syslog() call format string vulnerability.   Firefly Media Server mt-dappd multiple security vulnerabilities   Format string vulnerabilities, multiple DoS conditions.

05.11.2007 Detailed

7! OpenBSD DHCP server buffer overflow updated since 12.10.2007   Integer overflow with "maximum message size" option leads to buffer overflow.   mono .Net runtime integer overflow   Integer overflow in BigInteger implementation.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress Peter’s Custom Anti-Spam Image: CAPTCHA protection bypass.

02.11.2007 Detailed

7! Verity KeyView SDK / Lotus Notes multiple buffer overflows   Buffer overflows on parsing .mif, .aw, .rtf, .exe, .dll, .ag, .doc. 7! Real Player multiple buffer overflows updated since 25.10.2007   ActiveX vulnerability is used in-the-wild for silent trojan code installation via Internet Explorer. In addition, there is a buffer overflow on .mov files parsing and .mp3 ID3 tags. 7! Oracle multiple security vulnerabilities updated since 18.10.2007   New quartly critical patch update fixes few dozens of security vulnerabilities.

6! SonicWall SSL VPN client multiple security vulnerabilities   Multiple vulnerabilities with different ActiveX elements.

6! Novel Border Manager Client Trust buffer overflow   Buffer overflow on UDP/3024 data parsing.

6! Symantec Altris deployment solution directory traversal   Directory traversal in PXE with TFTP/MFTP protocols.

6! Multiple image viewers multiple security vulnerabilities updated since 05.04.2007   Multiple buffer overflows on BPM, TIFF, XPM, CLP, PSP, RAS, IFF, PNG images parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ripe CMS: crossite scripting in http://site/contact-us with Name, address, Subject fields.

HP OpenView Radia Integration Server directory traversal   It's possible to access different directories by using constructions like ~root in TCP/3465 webserver.

Blue Coat ProxySG crossite scripting   Crossite scripting with administration interface.