26.12.2011 Detailed

9! Microsoft Windows multiple security vulnerabilities updated since 15.12.2011   Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution. 9! Adobe Flash Player multiple security vulnerabilities updated since 11.11.2011   Multiple memory corruptions, buffer overflows, crossite data access. 6! Enterasys NetSight buffer overflow   nssyslogd buffer overflow on UDP/514 packet parsing.

6! Microsoft Internet Explorer multiple security vulnerabilities updated since 15.12.2011   Information leakage, insecure library loading.

WhatsApp messenging protocol multiple security vulnerabilities   Unauthroized user status change, registration bypass, cleartext data transmission.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

WellinTech KingView buffer overflow   Buffer overflow on TCP/777 request parsing.

pfSense invalid certificates issue   All certificates are issued with CA:true flag.

Unbound DNS resolver DoS conditions   Different denial of service conditions

IBM TS3100 / IBM TS3200 tape libraries authentication bypass   Authentication bypass in Web interface.

libarchive library buffer overflow   Buffer overflow on ISO 9660 image parsing.

tor buffer overflows   Heap buffer overflow on SOCKS request parsing.

Asterisk SIP processing security vulnerabilities updated since 11.12.2011   DoS, information leakage.

Google Crome for Androind certificate information spoofing   It's possible to spoof certificate information by using IFRAME.

22.12.2011 Detailed

9! Microsoft Windows win32k.sys memory corruption   Integer overflow on the frame with large height.

19.12.2011 Detailed

8! Adobe Acrobat / Reader multiple security vulnerabilities   Vulnerabilities are used in-the-wild for unauthorized access 6! Restorepoint security vulnerabilities   Code execution, privileg escalation. 6! Websense multiple security vulnerabilities   Code execution, crossite scripting.

6! libxml library security vulnerabilities   Buffer overflow, unallocated memory reference.

6! Microsoft Windows multiple applications DLL hijacking updated since 26.08.2010   If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory.

EMC RSA Adaptive Authentication (On-Premise) security vulnerabilities   Protection bypass is possible.

zFTPServer irectory traversal   Directory traversal in rmdir command.

JasPer library security vulnerabilities   Buffer overflow and memory corruption on JPEG2000 parsing.

Nova unauthroized access   It's possible to overwrite files.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

bzip2 bzexe symbolic links vulnerability   Insecure temporary files creation.

libpurple / Pidgin DoS updated since 27.11.2011   Crash on SILC protocol parsing, crash on OSCAR parsing (AIM, ICQ).

Sterling Trader integer overflow updated since 02.10.2011   Interger overflow on network request parsing.

libcap protection bypass   chdir() is not called after chroot().

15.12.2011 Detailed

7! Microsoft Office multiple security vulnerabilities   Privilege escalation, use-after-free, insecure DLL loading, memory corruption. 6! Microsoft Active Directory buffer overflow   Buffer overflow on LDAP request parsing.   Microsoft Windows Media memory corruption   Memory corruption on .dvr-ms files parsing.

12.12.2011 Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.   Linux kernel multiple security vulnerabilities   Multiple vulnerabilities in file systems implementations.   ACPI scripts privilege escalation   invalid power button events processing, invalid umsk handling.

WinAmp integer overflows   Different integer overflows in AVI parsing.

colord SQL injection

Dovecot insufficient SSL certificates validation   Insuficcient certificate validation if used as an SSL proxy.

11.12.2011 Detailed

7! RealNetworks RealPlayer multiple security vulnerabilities updated since 05.12.2011   Multiple vulnerabilities on different media formats parsing. 6! Trend Micro Control Manager buffer overflow   Buffer overflow on TCP/20101 request parsing.   chasen library buffer overflow   Buffer overflow on text string parsing.

ISC DHCP DoS   Incorrect regular expressions handling.

HP Application Lifestyle Management symbolic links vulnerability   Insecurty temporary files creation.

CA SiteMidner crossite scripting   login.fcc crossite scripting

Novell ZENworks Asset Management directory traversal updated since 14.04.2011   Directory traversal on file upload.

HTC Touch2 memory corruption   Memory corruption on 3g2 video files processing.

07.12.2011 Detailed

Serv-U FTP server security vulnerabilities   Resource exhaustion, administrative session hijacking.   MIT Kerberos 5 DoS   TGS Null pointer dereference. TGS assertion failure.

05.12.2011 Detailed

7! Multiple HP printers unauthorized access   Remote Firmware Update option is enabled by default and allows to replace firmware via TCP/9100. 6! Siemens Automation License Manager multiple security vulnerabilities   Code execution, unauthorized files access, DoS.   Siemens SIMATIC WinCC flexible multiple security vulnerabilities   HmiLoad and miniweb multiple security vulnerabilities.

Oxide M0N0X1D3 HTTP server directory traversal   There are multiple weays to download arbitrary files.

3S CoDeSys multiple security vulnerabilities   Buffer overflow, integer overflow, DoS conditions.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 04.12.2011   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

04.12.2011 Detailed

9! FreeBSD libc code execution   lib/nss_compat.so.1 library in chroot environment is loaded. Vulnerability is used in-the-wild remotely against FTP-servers. 8! glibc multiple security vulnerabilities   Privilege escalation via shared libraries, fnmatch() buffer overflow, DoS conditions, crypt() blowfish weak ecnryption implementation.