26.11.2012 Detailed

6! Apache Tomcat multiple security vulnerabilities   Authentication bypass and replay attacks on Digest authentication, DoS. 6! FreeBSD privilege escalation   Kernel memory overwrite via Linux compatibility subsystem.   Belkin wireless routers weak key   Firmware WPA2 key is generated by MAC address.

libunity memory corruption   Memory corruption in hash tables handling.

trousers DoS   tcsd DoS

libproxy buffer overflow updated since 06.11.2012   Integer overflow on Content-Length parsing leads to buffer overflow, buffer overflow on proxy.pac parsing.

TP-LINK TL-WR841N security vulnerabilities updated since 01.11.2012   Directory traversal and crossite scripting in web interface.

18.11.2012 Detailed

8! Microsoft Excel multiple security vulnerabilities   Bufer overflows, memory corruptions, use-after-free. 8! Microsoft Windows security vulnerabilities   Windows Briefacese integer overflows, .Net protection bypass, information leakage and code execution, kernel drivers privilege escalations. 7! Microsoft Internet Explorer multiple security vulnerabilities   Few different use-after-free vulnerabilities.

6! libtiff buffer overflow updated since 28.10.2012   Buffer overflow on PixarLog comperssion parsing, ppm2tiff buffer overflow.

Media Player Classic security vulnerabilities   Built-in web server DoS and crossite scripting.

Applicure dotDefender format string vulnerability   Format specificators are not escaped on error message generation.

Samsung Kies Air security vulnerabilities   DoS, authentication bypass.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Internet Information Services security vulnerabilities   log files information leakage, FTP STARTTLS session command injection.

14.11.2012 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   EMC RSA Data Protection Manager security vulnerabilities   Crossite scripting, restrictions bypass.   OpenVAS Manager code execution   Unescaped shell characters on OMP request processing.

Huawei weak passwords encryption   Passwords are stored in reversible encryption.

13.11.2012 Detailed

6! Sophos / Cisco Ironport products security vulnerabilities updated since 06.11.2012   Different vulnerabilities, including remote code execution.   radsecproxy protection bypass   It's possible to bypass SSL certificate check under some conditions.

09.11.2012 Detailed

7! Cisco Secure Access Control System authentication bypass   Insufficient password check if TACACS+ authentication is used with LDAP. 7! Apple QuickTime multiple security vulnerabilities   Multiple memory corruptions on different file formats and server responses parsing and in ActiveX components.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Glance unauthorized images deletion   Insufficient access control validation.

IcedTea-Web memory corruption

Cisco Nexus 1000V protection bypass   Under some conditions devices with invalid licenses and disabled protection do not display valid status.

06.11.2012 Detailed

6! Mesa code execution   Invalid arrays handling.   Ubuntu Remote Login Services information leakage   Context information is purged insufficiently on user account switching.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Checkpoint SofaWare firewalls security vulnerabilities   Crossite scripting, information leakage, crossite reqiests forgery, request redirections.

Munin security vulnerabilities   Symbolic links vulnerability, code execution.

05.11.2012 Detailed

6! Apple iOS 6.0 multiple security vulnerabilities   Information leakage, protection bypass, memory corruption, race conditions.   HP Performance Insight with Sybase DoS

02.11.2012 Detailed

6! Cisco Unified MeetingPlace Web Conferencing security vulnerabilities   Buffer overflow, SQL injection.   Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Konqueror memory corruptions   Few different memory corruptions.

OpenOffice / LibreOffice DoS   NULL pointer dereference on different formats parsing.

01.11.2012 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 01.11.2012   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.