31.12.2002 Detailed

Leafnode CPU exhaustion   If message is crossposted to few groups where one is prefix for another and then requested by message id programs goes into infinite loop.

30.12.2002 Detailed

Gallery code execution

28.12.2002 Detailed

6! PHP buffer overflow   Buffer overflow in wordwrap function.

Multiple Windows 2000 driver signing problems   It's possible to spoof file with older one, problem in certificate chain validation.   CGI bugs updated since 26.11.2002

27.12.2002 Detailed

Internet Explorer Macromedia Flash crossite scripting   It's possible to inject script into flash object URL.

24.12.2002 Detailed

6! CUPS multiple bugs updated since 20.12.2002   Integer overflows, symbolic links, unautyhorized access, DoS, переполнения буфера.   MatLab symbolik links problem   Startup shell scripts use temporary files in unsafe way.   Hyperion Ftp Server buffer overflow   Buffer overflow in dir command.

23.12.2002 Detailed

7! KDE uncommented shell characters problems   User supplied data is not controlled during the call to external application

21.12.2002 Detailed

10! Mulbiple bugs in different SSH2 realizations updated since 17.12.2002   Differeng bugs on malformed packets processing during keys exchange. 7! tmpwatch attack   File name may be changed or deleted during temporary files removing process leaving possibility of symlink attack. 6! RealNetworks HELIX buffer overflow updated since 21.12.2002   Buffer overflow in RTSP SETUP and DESCRIBE commands.

Buffer overflow in Axis video products   Buffer overflow in Web interface.

Weak nCipher PKCS#11 encryption   Library error may lead to uncrypted key in certificate.

Unauthorized Polycom ViewStation access   Administrator's password is stored in unsafe location.

CGI bugs updated since 17.12.2002

20.12.2002 Detailed

Cisco EIGRP DoS   DoS on receiving huge neighbour list.   Enceladus Server Suite multiple bugs updated since 10.12.2002   Buffer overflow in FTP CD command, directory traversal.

19.12.2002 Detailed

Multiple WinAmp buffer overflow updated since 19.12.2002   Buffer overflow during ID3v2 tags processing.   Buffer overflow in Windows XP Shell   Buffer overflow on audio file processing.

18.12.2002 Detailed

Weak Okens Stormwatch password   Empty sa account password.   linux mmap DoS   Insufficient argument check causes attempt to access inaccessable memory pages.

17.12.2002 Detailed

6! Multiple bugs in Macromedia flash plugin updated since 09.08.2002   Buffer overflows, local file reading.   Macromedia ColdFusion crossite scripting   Crossite scripting in error message.   Multiple XML parsers DTD DoS   By using DTD part of XML document it's possible to cause 100% CPU exhaustion.

16.12.2002 Detailed

Cleartext Cryptainer memory password   Cleartext password in process' memory.

15.12.2002 Detailed

CGI bugs updated since 09.12.2002

14.12.2002 Detailed

7! Sun Cobalt RaQ4 command execution updated since 09.12.2002   /cgi-bin/.cobalt/overflow/overflow.cgi allows command execution. 6! Microsoft Internet Explorer PNG integer overflow   Integer overflow dusing PNG deflate unpacking. 6! Microsoft Java VM multiple bugs

6! Buffer overflows in fetchmail updated since 30.09.2002   Buffer overflows on addresses parsing.

6! Multiple bugs in Microsoft Virtual Java Machine updated since 09.09.2002   Amongg others there are bugs allowing file access on client computer.

persl safe.pm protection bypass   Safe mode doesn't work if it was already used.

VisNetic multiple bugs updated since 12.12.2002   Buffer overflow in GTTP OPTIONS request. Crossite scripting.

11.12.2002 Detailed

6! Tetex command execution   Uncommented shell characters during system() call in kpathsea library.   Cisco Optical Service Module DoS         TrendMicro PC-cillin/OfficeScan buffer overflow   Buffer overflow in POP3 proxy.

apt-www-proxy multiple bugs   Buffer overflow, DoS.

tcpdump BGP buffer overflow   Buffer overflow on BGP packets decoding.

FTP clients directory traversal   Server can put relative or absolute path in filename.

10.12.2002 Detailed

6! Buffer overflow in Cyrus SASL   Buffer overflow on oversized canonized name and on commented characters used.

09.12.2002 Detailed

8! Buffer overflows in OpenLDAP2   Few serious buffer overflows. 7! Multiple Microsoft Internet Explorer bugs updated since 21.11.2002   New cumulative patch fixes multiple bugs.   Multiple akfingerd bugs   Symbolic links, undropped egid, DoS.

TrendMicro InterScan VirusWall open proxy   There is no limitation for CONNECT usage.

Microsoft Windows XP information leakage

SAP privelege escalation   Relative path is used on external programm call.

Microsoft Outlook DoS   Malformed mail headers causes Outlook to crash.

Ikonboard crossite scripting updated since 04.10.2002   [IMG]javascript:alert(document.cookie).gif[/IMG], Photo/javascript:alert(document.cookie) URL, Photo, X-Forwarded-For scripting.

04.12.2002 Detailed

Internet Explorer modal dialog style crossite scripting   By using <IMG width="0" height="0" style="width: expression(alert());"> script may be executed in local zone.   squirellmail php bugs updated since 25.01.2002   Uninitialized PHP valirables, crossite scripting.

03.12.2002 Detailed

6! FreeSWAN DoS   Short packet handlink problem. 6! Buffer overflow in Cyrus Sieve   Buffer overflow on error messsage generation. 6! Integer overflow in cyrus-imap   Integer overflow on line longer than 2Gb.

CGI bugs

Multipel bugs in Webster Web Server   Buffer overflows, crossite scripting, directory traversal.

Lawson weak permissions   Access restriction is not used during access to external DBMS.

pserv buffer overflow updated since 26.11.2002   buffer overflow on POST parsing.