31.12.2008 Detailed

8! Fake valid SSL certificate creation attack was successfully demonstrated   Valid fake SSL certificate creation attack was demonstratedby exploiting MD5 collisions and RapidSSL certificate generation procedures. The cost of attack is appoximately $2000.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: automated account registration, DoS.

29.12.2008 Detailed

9! Microsoft Windows Media Player buffer overflow   Buffer overflow on WAV parsing 9! Microsoft Internet Explorer multiple security vulnerabilities updated since 10.12.2008   Multiple memory corruptions.

6! Linux kernel multiple security vulnerabilities updated since 09.12.2008   Double listen() on the same socket causes creation of unassigned vcc table entry, which causes infinite loop in kernel on attempt to cat vc table. inotify subsystem race conditions allow privilege escalation, socket-related memory exhaustion. chip_command() NULL pointer dereference. HFS file sytem mounting buffer overflow.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 28.12.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. bbPress: crossite scripting, protection bypass

28.12.2008 Detailed

Intellitamper buffer overflow   Buffer overflow on .map file parsing.

26.12.2008 Detailed

9! Microsoft Windows Media Player integer overflow   Integer overflow on WAV parsing. 7! FreeBSD protosw privilege escalation   Uninitialized bluetooth and netgraph sockets. 6! Citrix Broadcast Server SQL injection   login.asp SQL injection.

PGP Desktop DoS   PGPweded.sys driver crashes the system on IOCTL processing.

PSI jabber client integer overflow   Integer overflow on file transfer port (TCP/8010 by default) data parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Mozilla Firefox, Microsoft Internet Explorer, Opera and Google Chrome DoS   Printing <irame> in endless loop from javascript causes resources exhaustion and leads to browser hang.

23.12.2008 Detailed

Qemu / KVM DoS   Virtual machine's VNC server infinite loop.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. NetCat CMS: directory traversal, SQL injection.   Avahi multicast DNS server DoS   assert() on UDP packet with SRC port 0.

COMTREND CT-536 / COMTREND HG-536+ routers multiple security vulnerabilities   Authentication bypass, DoS, crossite scripting and request forgery.

mailscanner symbolic links vulnerability   Multiple symlink vulnerabilities in different scripts.

Trend Micro HouseCall ActiveX memory corruption updated since 22.12.2008   Use-after-free() vulnerability.

FreeSSHD buffer overflow updated since 09.06.2008   sftp post authentication buffer overflow

22.12.2008 Detailed

6! PHP 4 multiple function buffer overflows   Buffer overflows in mb_* functions.   PowerDNS multiple security DNS   DoS, non-standard reaction to invalid query increases chances for successful spoofing attack.   Fujitsu-Siemens WebTransactions shell characters vulnerability   Unfiltered user input in system()call.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting, DoS

PHP APC local attacks   Different local attacks allow DoS conditions and crossite scripting.

21.12.2008 Detailed

PHP python module safe_mode bypass   Module doesn't check safe_mode restrictions for python code.   libvirt privilege escalation   Potentially dangeroues operations are not marked as read only.

19.12.2008 Detailed

8! Mozilla Firefox / Thunderbird / Seamonkey multiple seucrity vulnerabilities updated since 18.12.2008   Crossite scripting, crossite data access, memory corruptions, code execution, filtering bypass, user session tracking. 6! Microsoft Outlook Express / Outlook / Internet Explorer DoS updated since 17.12.2008   <dt><h1 style=width:1px><li></h1> in HTML part causes application to crash.   Sun Solaris DoS   SIOCGTUNPARAM IOCTL processing NULL pointer dereference.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 18.12.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Phpclanwebsite: multiple directory traversals, multiple SQL injections, multiple crossite scriptings,

18.12.2008 Detailed

10! Microsoft Internet Explorer memory corruption   Memory corruption leads to code execution. Vulnerability is used in-the-wild for hidden malware installation.

17.12.2008 Detailed

8! Oracle database server multiple security vulnerabilities updated since 16.04.2008   CPU for April, 2008 fixes huge number of vulnerabilities. 7! Opera memory corruption   Heap corruption on HTML parsing.   JasPer multiple security vulnerabilities   Multiple memory corruptions on JPEG parsing.

Barracuda mail filtering applications multiple security vulnerabilities   Crossite scripting, SQL injection (in Barracuda Spam Firewall)

16.12.2008 Detailed

8! Apple Mac OS X multiple security vulnerabilities   Apple Type Services DoS, BOM buffer overflow with CPIO archives, CoreGraphics buffer overflow on images parsing, invalid cookies setting for geographical domains, dangerous content warning bypass, multiple Flash Player Plugin vulnerabilities, multiple privilege escalations, Internet Sharing DoS, Podcast Producer unauthorized administrative access, UDF ISO images DoS.   Wireshark DoS   Infinite loop in WLCCP dissector.   TmaxSoft JEUS source code leakage   It's possible to access code source by using NTFS alternative streams (be adding ::$DATA to filename).

15.12.2008 Detailed

MPlayer buffer overflow   Buffer overflow on TwinVQ format parsing.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CapCC for WordPress - SQL injection, automation protection bypass, crossite request forgery.   No-IP.com DDNS client for Unix/Linux buffer overflow   Buffer overflow on HTTP response parsing.

aview symbolic links vulnerability   Insecure temporary file creation.

honeyd symbolic links vulnerability   test.sh script insecure temporary files creation.

14.12.2008 Detailed

8! Multiple security vulnerabilities in different antiviral applications   ClamAV: LZH DoS; BitDefender: multiple integer overflow on PE parsing; Avast: multiple buffer overflows on ISO and RPM parsing; AVG: crash on UPX files; Sophos: multiple DoS on different compressed formats parsing; F-Secure F-prot: protection bypass 6! uw-imap DoS   NULL pointer dereference on invalid QUIT command response.   Asterisk voice server DoS   Crash on IAX2 processing

CA ARCserve Backup code execution   handle_t RPC call insufficient arguments validation.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CapCC for WordPress - crossite scripting, information leakage. Blogsmith - crossite scripting.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 10.12.2008   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. EZ Publish: privilege escalation from user to CMS Administrator + Privilege escalation from CMS Administrator to system user.

HP-UX DCE DoS updated since 16.12.2007

12.12.2008 Detailed

lcms multiple security vulnerabilities   Buffer overflow and integer overflow on images parsing.

11.12.2008 Detailed

8! Microsoft Office multiple security vulnerabilities updated since 10.12.2008   Multiple memory corruptions on .doc and .xls parsing. 6! Microsoft SQL Server 2000 sp_replwritetovarbin privilege escalation updated since 09.12.2008   It's possible to overwrite process internal data and execute code in server context.

10.12.2008 Detailed

8! Microsoft Windows Search multiple security vulnerabilities   Code execution with saved search results and with search-ms: URI. 8! Microsoft Windows GDI library multiple security vulnerabilities   Buffer overflow and integer overflow on WMF parsing. 8! Microsoft Visual Basic multiple ActiveX security vulnerabilities   Memory corruptions in DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI, Charts, Masked Edit controls.

6! Microsoft Sharepoint unauthorized access   It's possible to access administration page without authentication.

Aruba Mobility Controller wireless routers DoS   Crash on malformed EAP authentication.

HP OpenView Reporter / HP OpenView Performance Agent DoS

Face recognition authentication bypass   Authentication can be bypassed with series of photo or video.

DD-WRT crossite request forgery   Form redirection is not checked.

BMC Patrol Agent format string vulnerability   Format string vulneerability in logging via version number.

Vinagre VNC client format string vulnerability   Format string vulnerability in VNC name.

Microsoft Windows Media Player multiple security vulnerabilities   NTLM credentials leak and relaying.

Capilano DesignWorks buffer overflow   Buffer overflow on .CCT file parsing.

Neostrada Livebox router DoS   Crash on malformed HTTP request.

09.12.2008 Detailed

6! DoS against multiple e-mail applications and anti-viruses   MIME messages with large recursion level may cause application to hang or crash. 6! PHP proc_open() safe_mode bypass   It's possible to execute any code from shared library via proc_open(). 6! Trillian multiple security vulnerabilities   Multiple AIM plugin vulnerabilities, HTML parsing vulnerabilities for multiple protocols.

PHP php_getuid() invalid implementation   Under some conditions user's uid or gid may be incorrectly identified.

04.12.2008 Detailed

6! PHP ZipArchive::extractTo() directory traversal   Directory traversal then upacking ZIP files. 6! VMWare sandbox protection bypass   It's possilbe to access phisical memory from guest machine.   Orb media server DoS   Crash on HTTP request parsing.

HP-UX DoS

OptiPNG buffer overflow   Buffer overflow on BMP images parsing.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Perl symbolic links race conditions updated since 27.12.2004   File::Path::rmtree unsecurely changes file permissions, creating race condiotns for symbolic links manipulation.

03.12.2008 Detailed

6! CUPS integer overflow   Integer overflow on PNG height value leads to buffer overflow   libsamplerate buffer overflow         Google Chrome / Opera crossite scripting updated since 28.10.2008   Page URL is written to file unfiltered when page is saved.

02.12.2008 Detailed

6! imlib2 library buffer overflow updated since 29.05.2008   Buffer overflow on PNM and XPM files parsing in load() function.   Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CoBreeder: Crossite scripting.   ClamAV antivirus JPEG files DoS   Endless recursion on malformed JPEG file processing.

Rumpus buffer overflows   Multiple HTTP and FTP buffer overflows.

flamethrower symbolic links vulnerability   Insecure temporary files creation.

01.12.2008 Detailed

6! VLC media player integer overflow   Integer overflow on RealMedia (.rm) files parsing leads to heap buffer overflow.   Linux /bin/login privilege escalation   It's possible to escalate privileges from utmp group to root.   jailer symbolic links vulnerability   updatejail insecure temporary files creation.

PHP dba_replace() DoS   It's possible to destroy ini-file content.