31.12.2006 Detailed

Durian Web Application Server multiple security vulnerabilities   Buffer overflow on oversized request.   Rediff Bol Downloader ActiveX code download and execution   ActiveX element allow to upload and execute any code.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Total Commander iso_wincmd plugin buffer overflow   Buffer overflow on ISO files parsing.

MythControl buffer overflow   Buffer overflow on parsing Bluetooth commands.

30.12.2006 Detailed

6! Multiple OpenSER vulnerabilities updated since 29.12.2006   Memory corruption on SMS parsing, buffer overflow on OSP parsing, on QuickCAM objects parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

29.12.2006 Detailed

6! xine-lib buffer overflow   Buffer overflow on parsing Real streaming protocol.

28.12.2006 Detailed

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   DB Hub memory corruption   Memory corruption on malformed request parsing.

26.12.2006 Detailed

w3m browser format string vulnerability   Format string culnerability on certificate CN field.   Microsoft Windows Client for Microsoft Network DoS   Argument of NetrWkstaUserEnum() memory is not checked and used to allocate memory, creating condition for memory exhaustion.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

25.12.2006 Detailed

6! Multiple browsers DNS pinning protection bypass   By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access) 6! Novell NetMail IMAP server multiple buffer overflows updated since 23.12.2006   Buffer overflows on STOP, APPEND commands and on IMAP literals parsing.   NeoTrace ActiveX buffer overflow   Buffer overflow on oversized NeoTraceExplorer.NeoTraceLoader element TraceTarget() method argument.

acFTP FTP Server DoS   Crash on REST command with invalid argument.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

23.12.2006 Detailed

8! Multiple Oracle application server vulnerabilities updated since 19.04.2005   SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in temporary files. Weak permissions for temporary files. Reading and writing any file with Oracle Reports. Command execution with Oracle Forms and Oracle Reports. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment.   Http Explorer Web Server directory traversal   Directory traversal with ../   XM Ease Personal FTP Server format string vulnerability   Format string vulnerability in FTP command.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

21.12.2006 Detailed

6! ESET NOD32 antivirus multiple security vulnerabilities updated since 20.12.2006   Buffer overflow on .DOC documents and .CAB archives parsing, DoS on CHM files parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   WinFTP FTP server / Dream FTP Server buffer overflow updated since 20.12.2006   Buffer overflow on oversized PASV command.

20.12.2006 Detailed

8! Sun Java Runtime Environment multiple security vulnerabilities   Multiple vulnerabilities allow sandbox protection bypass and system functions access. 7! Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities   Crossite scripting with functions prototypes. Information leak. Buffer overflows on oversized Content-Type fields in messages. Memory corruption on SVG header. Crossite scripting with img.src. DoS. JavaScript watchpoint privilege escalation. CSS image cursor property buffer overflow. Multiple memory corruptions.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

19.12.2006 Detailed

6! Intel 2200BG 802.11 wireless drivers memory corruption   Memory corruption on beacon-frames parsing. 6! Mandiant First Response multiple security vulnerabilities   DoS on SSL parsing in HTTPS interface, data manipulation.   Multiple Linux kernel security vulnerabilities   IrDA TTP header buffer overflow. Tokenring memory corruption. do_coredump symbolic links problem.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

D-Bus cross-application messaging system DoS   Vulnerability in match_rule_equal allows application to remove rules of different applications.

18.12.2006 Detailed

6! MailEnable POP3 server buffer overflow   Buffer overflow in POP3 PASS command.   Linux Kernel Bluetooth CAPI DoS   It's possible to overwrite internal kernel objects with CAPI message.   Multiple IBM Websphere security vulnerabilities   JSP pages source code access.

Allied Telesis AT-9000/24 ethernet switche unauthorized access   Administration interface may be accessed from any VLAN.

Star FT Pserver DoS   Crash on imcomplete PORT / oversized RETR command.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

16.12.2006 Detailed

7! Microsoft Word / Open Office 0-day security vulnerability updated since 06.12.2006   2 different unknown vulnerabilities are used for hidden malware installation.   Sambar FTP service DoS   Crash on oversized SIZE command.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.12.2006 Detailed

6! Microsoft Project Server 2003 information leak   Username and password for Microsoft SQL Server account is sent by client request.   HP Integrated Lights Out unauthorized access   Unauthorized access if SSH with key based authentication is used.   BitDefender multiple software products buffer overflow   Heap buffer overflow on PE files parsing.

Kerio Mail Server DoS   Server crash on LDAP queries processing.

italkplus buffer overflow

Coolplayer buffer overflows   Multiple buffer overflows.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 15.12.2006   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Microsoft Windows quartz.dll DoS   Division by zero on malformed MIDI file or WMV file.

14.12.2006 Detailed

7! Multiple Symantec Veritas NetBackup security vulnerabilities   CONNECT_OPTIONS and oversized requests to bpcd.exe buffer overflows. 6! GNOME gdmchooser format string vulnerability   Format string vulnerability in remote hostname. 6! Multiple HyperAccess telnet / ssh terminal security vulnerabilities   Code execution with .HAW files and telnet: protocol handler.

6! Quicktime crossite scripting   XML file with .MOV extension allows to execute script in local zone with qtnext parameter of EMBED tag with embedded short movie.

6! Multiple Sun Solaris vulnerabilities   Buffer overflow in ld.so doprf(), directory traversal on parsing different environment variables in ld.so.

6! OpenLDAP slapd LDAP server buffer overflow   Buffer overflow on Kerberos v4 authentication.

CA Anti-Virus multiple DoS conditions   Multiple NULL pointer dereferences.

enemies-of-carlotta mailing list processor shell characters   Shell characters problem on e-mail address parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

SiteKiosk security protection bypass   It's possible to access disk content with broser path ABOUT:hello<a href=\>click here</a>.

IBM DB2 database server DoS   NULL pointer dereference on malformed SQLJRA packet.

kdegraphics KDE graphics library DoS   Malformed EXIF section of JPEG file causes infinite recursion with stack overflow (stack memory consumption).

13.12.2006 Detailed

7! Microsoft Internet Explorer / Outlook Express multiple security vulnerabilities updated since 12.12.2006   Memory corruption on Javascript errors processing and Javascript normalize() function. Temporary Internet Files crossite access. Buffer overflow on Windows Address Book (WAB) parsing. 6! Microsoft Visual Studio WMI Object Broker ActiveX code execution updated since 12.12.2006   Object can be used to bypass internet zone restrictions.   Sophos Anti-Virus multiple security vulnerabilities updated since 30.10.2006   Crash on parsing malformed RAR, CHM and petite-packed files. Buffer overflow on CPIO and SIT archives parsing.

12.12.2006 Detailed

7! Microsoft Windows Media Format Runtime buffer overflow   Buffer oveflows on parsing ASF (.ASF, .WMV, .WMA) and ASX files. 6! Microsoft RIS Server weak permissions   It's possible to write files via TFTP. 6! Microsoft Windows CSRSS privilege escalation   It's possible to elevate privileges with manifest file.

6! Microsoft Windows SNMP service buffer overflow

11.12.2006 Detailed

IBM WebSphere Host On-Demand authentication bypass   Some URLs allow access without authentication.   D-Link D-LINK DWL-2000AP+ wireless access point DoS   ARP packets flood causes device to crash.   Winamp Web Interface multiplse security vulnerabilities   Buffer overflows, directory traversal and protection bypass.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ColdFusion MX7 multiple security vulnerabilities   Information leak, crossite scripting protection bypass.

10.12.2006 Detailed

6! AOL ActiveX element buffer overflow   Buffer overflow in CDDBControlAOL.CDDBAOLControl ActiveX control.   Filezilla FTP Server DoS   Crash on invalid FTP commands sequence.   Net-SNMP security protection bypass   Under some conditions write access may be obtained to read-only community.

Newtone ImageKit ActiveX buffer overflow   Buffer overflow in Newtone ImageKit ActiveX Control.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

ClamAV antivirus DoS updated since 08.12.2006   High recursion of MIME parts causes antivirus to crash.

09.12.2006 Detailed

6! PHP safe_mode and open_basedir protection bypass   It's possible to access directories above basedir with session_save_path(). 6! MailEnable IMAP Server multiple security vulnerabilities updated since 01.12.2006   Buffer overflow in EXAMINE, SELECT, DELETE commands.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Sophos antivirus and Trend Micro antivirus RAR files DoS   Endless loops and hangs on scanning archives with pack_size and head_size of zero.

08.12.2006 Detailed

7! Intel network adapters drivers privilege escalation   Buffer overflow on processing IOCTL_NDIS_QUERY_SELECTED_STATS NDIS request. 6! madwifi buffer overflow   Buffer overflow in Atheros driver on SIOCGIWSCAN signal processing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

l2tpns layer 2 tunnelling protocol network server buffer overflow

07.12.2006 Detailed

8! GnuPG uninitialized memory problem   Using of uninitialized data allows attacked to overwrite stored function pointed and execute code. 6! Citrix Presentation Server client for Windows buffer overflow   Buffer overflow in Wfica.ocx ActiveX SendChannelData function.   Linksys WIP 330 VoIP wireless phone DoS   nmap scan causes device to crash.

2X ThinClientServer replay attacks   It's possible to create administrative account by replaying creation request with different username.

ruby DoS updated since 05.11.2006   SPU axhaustion in CGI library on parsing HTTP request with invalid MIME booundaries.

06.12.2006 Detailed

6! F-Prot antivirus buffer overflow   Buffer overflow on parsing CHM and ACE files. 6! FireWire IOCTL integer overflow in different BSD-based Unix system updated since 16.11.2006   Negative IOCTL paramter value allows read access to kernel memory. 6! Convert-UUlib / Barracuda Spam Firewall buffer overflow updated since 28.04.2005   Buffer overflow on BinHex encoding parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Adobe Download Manager buffer overflow   Stack buffer overflow on parsing AOM files.

05.12.2006 Detailed

6! IBM Tivoli Storage Manager buffer overflow   Multiple buffer overflows on parsing port TCP/1500 traffic.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Symantec LiveState Agent privilege escalation   It's possible to launch Windows Explorer with SYSTEM privileges.

KOffice integer overflow updated since 30.11.2006   OLEfilter integer overflow on .PPT file open.

02.12.2006 Detailed

6! WinRAR buffer overflow   Buffer overflow on oversized filename in 7ZIP archive.   BlzeVideo HDTV Player buffer overflow   Buffer overflow on .PLF files parsing.   VUPlayer buffer overflow   Buffer overflow on .M3U files parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Novell ZENworks multiple security vulnerabilities   Heap buffer overflows in Novell ZENworks Asset Management and Novell ZENworks Asset Management Collection client.

Microsoft Windows spoolss DoS   Memory exhaustion in GetPrinterData() function.

01.12.2006 Detailed

7! NetBSD and Mac OS X ftpd / tnftpd buffer overflow   Buffer overflow in NLST FTP command file globbing. 6! Novell Netware Client multiple security vulnerabilities updated since 29.11.2006   Buffer overflow in EnumPrinters() and OpenPrinter() functions. Format string vulnerability in Novell Modular Authentication Services.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Quintessential Player buffer overflow   .PLS, .M3U, M3u-8 playlists buffer overflow.

Songbird Media Player format string   Format string vulnerability on M3U files parsing.

libgsf buffer overflow updated since 30.11.2006   ole_init_info() heap overflow.