31.12.2005 Detailed

6! Linux printer drivers mtink buffer overflow   Buffer overflow on oversized HOME environment variable.   Sony Instant Video Everywhere replay attacl cryptography problem   Password is encrypted without using challenge. It makes it possible to replay authentication again.   Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl) updated since 30.12.2005   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

30.12.2005 Detailed

ImageMagic graphic utilities shell characters problem   Shell characters problem with image filenames.

TUGZip archiver buffer overflow   Buffer overflow on ARJ archives parsing.

rssh restricted shell protection bypass updated since 27.12.2005   With rssh_chroot_helper it's possible to chroot behind restricted directory.

29.12.2005 Detailed

AMSN instant messenger data spoofing   Port with predictable number is open for file retrieval without check for peer IP address.   Bugzilla bug tracking system symbolic links vulnerability updated since 26.12.2005   syncshadowdb script symbolic links problem.

28.12.2005 Detailed

6! Multiple Merak Mail Server / Icewarp Web Mail vulnerabilities updated since 01.10.2005   Unauthorized access, crossite scripting, unauthorized files deletion, information leak.   Microsoft Windows RunAs GPO restrictions protection bypass   It's possible to use RunAs with restricted application.   Ethereal GTP protocol DoS   Infinite loop on parsing GTP protocol.

Juniper NetScreen-Security Manager DoS   Malformed data to TCP/7800 or TCP/7801 port causes service to crash.

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

dBpowerAMP music converter / audio player buffer overflow updated since 30.09.2004   Buffer overflow during different playlists file formats parsing (pls, m3u, mcc).

27.12.2005 Detailed

dhis-tools-dns dynamic DNS utilities symbolic links problem   Insecure temporary files creation.

26.12.2005 Detailed

6! Cisco PIX firewalls unauthorized access   Pseudo user account in a form of #ACSACL#-IP-uacl-xxxxxxxx is created for ACL download. It's possible to use this account for authentication. 6! wget / curl buffer overflow updated since 13.10.2005   Buffer overflow on client NTLM authentication.   Sun Solaris PC Netlink symbolic links problem   "/opt/lanman/sbin/slsmgr" and "/etc/init.d/slsadmin" symbolic links problem.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Golden FTP Server buffer overflow updated since 23.01.2005   Buffer overflow during APPE, RNTO and USER FTP commands processing.

23.12.2005 Detailed

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

22.12.2005 Detailed

7! Multiple Linux kernel vulnerabilities   sendmsg() stack based buffer overflow, raw_sendmsg() kernel memory access, ipt_recent module DoS, fput() DoS on 64-bit platforms with 32-bit emulation, DRM debugging sensitive information access, Orinoco driver kernel memory access, AUDITSYSCALL memory leak, user's VT terminal access, ip_vs_conn_flush race conditions. 6! VMWare desktop virtualization software buffer overflow updated since 21.12.2005   Buffer overflow in host system during VMNat NAT port translation on oversized FTP PORT or EPRT command. 6! Macromedia JRun Application Server platform multiple vulnerabilities updated since 20.12.2005   Source code leak, Web server DoS.

TN3270 Resource Gateway format string vulnerabilities   syslog() format string bugs.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Multiple Cisco Clean Access network admission control appliance vulnerabilities updated since 17.12.2005   It's possible to upload files to server without authentication.

Multiple vulnerability scanners cross application scripting updated since 25.07.2005   Unsafe data obtained during remote host scan is passed to Internet Explorer.

21.12.2005 Detailed

6! Interaction SIP proxy VoIP gateway memory corruption   Heap memory corruption on SIP request processing.   Avaya Modular Messaging POP3 service DoS         nbd Network Block Device server buffer overflow

Apple QuickTime / iTunes memory corruption   Memory corruption on parsing .mov files.

Ingate Firewall / SIParator DoS   Malcrafted TCP packet causes kernel to hang.

Sygate Protection Agent protection bypass   Unprivileged user can disable protection.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

20.12.2005 Detailed

9! Sun Java JRE sandbox protection bypass updated since 29.11.2005   Few vulnerabilities allow applets to write local files and execute applications. 7! Multiple Symantec Antivirus products buffer overflow updated since 09.02.2005   Heap memory buffer overflow on UPX compressed files and RAR archives. 6! McAfee VirusScan unauthorized files access   It's possible to access client computer files with McAfee Security Center (MCINSCTL.DLL) ActiveX.

6! Multiple Pegasus Mail mail agent vulnerabilities   Buffer overflow on oversized POP3 server reply, buffer overflow on oversized e-mail header.

6! Multipe FTGate mail server vulnerabilities   Format string vulnerabilities in IMAP and POP3, HTTP server buffer overflow and crossite scripting.

6! Qualcomm WorldMail IMAP mail server buffer overflow   Buffer overflows in multiple IMAP commands.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.12.2005 Detailed

6! Mercury Mail Transport System buffer overflow   Mailbox Name Nameserver service (TCP/105) buffer overflow.   dropbear SSH lightweight client/server buffer overflow         Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

18.12.2005 Detailed

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

17.12.2005 Detailed

6! Widcomm BTW Bluetooth for Windows remote audio device access   It's possible to access audio data from microphone attached to PC or to play sound on PC speakers.   Citrix Program Neighborhood terminal client buffer overflow   Heap buffer overflow on oversized Application Set reply.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.12.2005 Detailed

7! TrendMicro ServerProtect multiple vulnerabilities   Buffer overflows on HTTP chunked encoding parsing, DoS, directory traversal. 7! Multiple Microsoft Internet Explorer vulnerabilities updated since 14.12.2005   Code execution, memory corruption, download dialog manipulation, unencrypted HTTPS proxy data leak. 7! LAND attack DoS against Microsoft Windows 2003 and Microsoft Windows XP updated since 05.03.2005   LAND attack (ICMP or TCP SYN packet with equal SRC and DST IPs and ports) causes target host to freeze.

SSH Tectia Server privilege escalation

Avaya wireless access points weak cryptography   Static WEP key 12345 is used.

libremail library format string bug   Buffer overflow on parsing POP3 server response.

libavcodec / xine library buffer overflow   Heap buffer overflow on PNG file parsing.

Trend Micro PC-Cillin Internet Security antivirus / firewall weak file permissions

Business Objects WebIntelligence DoS   It's possible to lock out administrator's account with unsuccessfull authentication attempts.

Apache mod_imap crossite scripting   Referer crossite scripting.

AppScan QA automated vulnerability testing tool buffer overflow   Buffer overflow on oversized HTTP server WWW-Authenticate header Realm parameter.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

14.12.2005 Detailed

7! Microsoft Windows 2000 kernel Asynchronous Procedure Call privilege escalation   Double removal of structure from linked list allows memory manipulation.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

13.12.2005 Detailed

6! Nortel SSL VPN multiple vulnerabilities   Crossite scripting, code execution. 6! SCO uidadmin buffer overflow updated since 28.08.2001   Buffer overflow on parsing -S command line parameter.   MacOS X perl privilege escalation   Instruction "$< = numeric_id;" for setting uid doesn't work.

NetGear firewalls/routers TCP SYN flood DoS

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

11.12.2005 Detailed

6! Multiple OSs, routers and firewalls IPSec ISAKMP IKE DoS updated since 14.11.2005   Multiple vulnerabilities detected with PROTOS IPSec security scanner.   Counter Strike 2D DoS   Packet flood causes server to hang.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

10.12.2005 Detailed

Motorola cable modems DoS   Land attack causes device to crash.   Ethereal network sniffer buffer overflow   OSPF protocol dissector buffer overflow.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

09.12.2005 Detailed

PGP Desktop Wipe Free Space incomplete information wiping   Slack space in the last file cluster is not cleaned.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

08.12.2005 Detailed

7! Multiple HP-UX vulnerabilities   IP packets DoS, IPSec remote unauthorized access. 6! Collaboration Suite format string bug   Format string bug in multiple SMTP commands. 6! cUrl / licurl HTTP client library buffer overflow   Off-by-one and off-by-two overflows in URL parsing.

nodezilla weak permissions

Checkpoint SecureClient VPN/Firewall client race conditions   In short period between download and aplliance it's possible to overwrite client security policy file.

IPSwitch Imail mail server DoS   Uninitialized memory access on oversized IMAP LIST command argument.

Dell TrueMobile 2300 wireless routers authentication bypass   It's possible to access some web interface functions without authentication.

Pocket Controller PDA control utility unauthorized access   It's possible to perform all actions, including hard reset without authentication.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

06.12.2005 Detailed

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

05.12.2005 Detailed

6! MultiTech MultiVoIP VoIP gateway SIP buffer overflow   Buffer overflow on oversized SIP packet INVITE field.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   WIDCOMM Bluetooth Connectivity Software Buffer Overflows updated since 12.08.2004   Multiple buffer overflow.

04.12.2005 Detailed

QNX dhcp client privilege escalation   dhcp.client binary is suid, allowing TCP/IP settings manipulation.   sobexsrv bluetooth OBEX server format string bug   syslog() format string bug.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

03.12.2005 Detailed

WinEggDropShell backdoor/trojan buffer overflow   Buffer overflows in multiple HTTP/FTP commands.

02.12.2005 Detailed

Symantec pcAnuwhere buffer overflow         OpenMotif libUil library multiple buffer overflows   diag_issue_diagnostic(), open_source_file( ) and more buffer overflows.   Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Cisco IOS HTTP server crossite scripting updated since 29.11.2005   There is no characters filtering on memory buffers displaying.

01.12.2005 Detailed

7! Multiple linux kernels vulnerabilities   NAt feature DoS, sys_get_thread_area() kernel memory content leak, ip_vs_conn_flush() race conditions, Posix timers DoS, rose_rt_ioctl() DoS. 6! Panda antivirus buffer overflow   ZOO archives heap overflow. 6! Cisco Security Agent firewall / VPN client privilege escalation

QNX phgrafx buffer overflow   suid application command line parsing buffer overflow.

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, mb_send_mail() message headers modification, etc.