No ale protože ještě určitě nebyly nalezeny všechny chyby tohoto druhu, tak se můžeme těšit na
pokračování těchto radovánek i v roce 2005. Můžeme jen doufat že jich už nebude tolik a že se
neobjeví podobný zásadní problém jiného druhu. 
PF 2005
ale seznam se postupně rozrůstá, takže jsem ho vyjmul z aktualit... Časem s tím možná ještě
něco provedu, kromě doplňování . Seznam si
žádným způsobem nečiní nárok ani na úplnost, ani na pravidelnost doplňování... Případný opakovaný
výskyt určitého produktu není způsoben senilitou či roztržitostí leč výskytem dalšího (novějšího)
problému, chyby, možnosti napadení či zneužití... ad libitum a do omrzení
Příliš k smíchu to sice není, ale brečet stejně nepomůže... Ani si už nevybavuji který
program byl poslední v seznamu, teď jsou na řadě Oracle, WinZip, Kerberos Key Distribution
Center (MIT)... takže, parafrázujeme-li: aktualizovat, aktualizovat, aktualizovat!
(aby se třeba neopakovala legrace se Slammerem 
)
[8.9.2004 8:50] pokračujeme: Kazaa (objeveno 6.9.), Solaris,
Trillian
[10.9.2004 8:50] F-Secure Internet Gatekeeper [13.9.2004 9:10] SquirrelMail
[14.9.2004 8:40]
Samba, Winamp, WhatsUp Gold
[15.9.2004 9:40]
majlové filtry a brány, celá plejáda produktů M$ - IE, Office, Outlook a další
(JPEG buffer overrun). Samozřejmě, podobné problémy se nevyhýbají ani Apple
(např. prohlížeč Safari) a Linuxům či Unixům
[14:15]
Netscape [17.9.2004 8:40]
Opera [20.9.2004 8:45]
Google [22.9.2004 9:50]
Trillian, MySQL
[23.9.2004 8:50] Google toolbar, Symantec Enterprise Firewall/Gateway
[28.9.2004] M$ SQL Server
[30.9.2004 8:40]
RealPlayer [1.10.2004 8:20]
IRIX, WordPress, Samba
[4.10.2004 9:10] CA Unicenter, XML toolkit
[5.10.2004 9:30]
OpenSSL, Perl, PHP fusion, GNU GLibC, PostgreSQL [5.10.2004 16:45]
QuickTime
[6.10.2004 9:30] My Blog, Norton Antivirus (a nedávno vlastně i Sophos
Antivirus) [7.10.2004 9:00]
BlackBoard, ASP.NET, AtHoc toolbar (plugin for M$ IE), Macromedia ColdFusion MX
[5.10.2004 9:30]
M$ Word, BlackBoard Internet Newsboard System, MySQL MaxDB Web Agent WebDBM
[12.10.2004 9:40]
pokud se něco opakuje tak to není projev zapomětlivosti ale jsou to nové chyby...
Mozilla, Firefox, Apple Mac OS X, WhatsUp Gold
[13.10.2004 9:50]
mraky Microsoftích programů, interface atp... např. Excel, SMTP, NNTP, různé převodníky,
opět IE, Windows shell, komprimované složky, další problémy RPC, WebDAV a NetDDE -
mimochodem M$ vydal další porci bezpečnostních oprav (security bulletin)...
[14.10.2004 8:45]
Adobe Acrobat Embedded Flash, Blackberry OS
[15.10.2004 9:10]
VERITAS Cluster Server
[19.10.2004 8:45]
Kaspersky, Sophos, RAV, Eset, CA, McAfee - jejich AV programy (a možná i AV jiných společností)
neodhlalí viry v ZIPových archivech se zvláštním způsobem upravenou hlavičkou.
Stále nové chyby se objevují v M$ Windows, IE, ... záplaty nezáplaty
[20.10.2004 10:40]
MediaWiki, Google Desktop Search ("beta"), PHP memory_limit, Apache Mod_SSL SSL_Util_UUEncode_Binary
[21.10.2004 11:10]
"záložkové" prohlížeče: Mozilla, Firefox, Camino, Opera, Konqueror, Netscape, Avant Browser,
Maxthon. Jiná chyba (HTML Parsing Errors) může vést k odepření služby prohlížečem
Lynx. A ještě jednou Excel
[27.10.2004 11:00]
Novell ZENworks, phpCodeGenie, Samba for Solaris, Mozilla Firefox
[1.11.2004 10:45]
Google Gmail, RealPlayer
[2.11.2004 16:00]
PostNuke
[4.11.2004 9:50]
yChat, FsPHPGallery, Sun Java System Web Proxy Server 3.6 SP4
[8.11.2004 8:30]
602LAN SUITE, WinRAR
[10.11.2004 9:10]
Kerio Personal Firewall, Sun ONE Messaging Server (iPlanet Messaging Server)
[12.11.2004 8:25]
SquirrelMail, Cisco IOS DHCP
[15.11.2004 14:00]
Webroot Spy Sweeper, NetNote Server, TWiki
[16.11.2004 9:40]
NuKed-KlaN, Samba, PowerPortal, Aztek Forum, Skype
[18.11.2004 9:10]
phpScheduleIt
[19.11.2004 10:45]
phpBB Cash Mod
[22.11.2004 9:35]
phpBB Input Validation Bug, ibProArcade Input Validation Hole, Gmail, Cisco
Security Agent, DMS POP3 Server for Windows 2000/XP 1.5.3, phpScheduleIt, ZoneAlarm (Pro,
Security Suite), phpMyAdmin, Citrix ICA klient
[23.11.2004 9:00]
Sun Java Plug-in Java-to-Javascript, ZyXEL Prestige 650HW, DynaZip, CoffeeCup FTP Client,
WodFtpDLX Client ActiveX Control, Microsoft Windows Compressed (zipped) Folder
Buffer Overflow Vulnerability, Opera
[24.11.2004 9:20]
Van Dyke SecureCRT, NuKed-KlaN Input Validation Hole, Winamp Buffer Overflow
in IN_CDDA.dll, Cyrus IMAP Server
[25.11.2004 8:40]
CMailServer, DC Open Hub, Win FTP Server, PHPNews, PHPKIT
[27.11.2004 12:40]
Microsoft WINS, phpCMS Input Validation Bug in 'parser.php', Cyrus IMAP 'imap magic plus'
Buffer Overflow
[29.11.2004 9:15]
MailEnable Stack Overflow and Pointer Overwrite in IMAP Service, Adobe Acrobat/Acrobat Reader
ActiveX Control URI Request Heap Buffer Overflow
[30.11.2004 17:00]
Mercury Mail Transport System Buffer Overflow in IMAP, WS_FTP Buffer Overflow,
IPCop Input Validation Hole, EnergyMech Buffer Overflow, MySQL Remote FULLTEXT
Search DoS, MySQL Database Unauthorized GRANT Privilege Vulnerability, EZShopper,
Insite InMail & InShop, Infinite Array Sort DoS Vulnerability found at Browsers:
Opera, Mozilla Camino, Apple Safari
[2.12.2004 9:35]
PHProjekt 'setup.php', Sun Solaris ping, CuteFTP Professional FTP client
[3.12.2004 9:00]
Blog Torrent 'btdownload.php' Input Validation Error, Cisco CNS Network Registrar,
Serendipity Input Validation Hole in 'searchTerm'
[6.12.2004 19:45]
Novell NetMail
[7.12.2004 10:10]
CA Unicenter Remote Control Authentication Bypass, RSSH/scponly
[8.12.2004 10:20]
GetRight, MaxDB WebTools WebDav Stack Overflow, Battlefield Vietnam NULL Pointer
Error, Battlefield 1942 NULL Pointer Error Adobe Version Cue Start/Stop Scripts,
Remote Execute
[9.12.2004 9:50]
Window Injection Vulnerability u většiny prohlížečů: Netscape, Konqueror, Opera, Safari,
M$ IE
[10.12.2004 9:40]
PHP Live!, Ability Server Buffer Overflow in APPE Command
[13.12.2004 9:40]
MySQL MaxDB WAHTTP Server Remote Denial Of Service Vulnerability, Darryl Burgdorf WebLibs
Directory Traversal Vulnerability, Opera Download Dialog Spoofing Vulnerability,
PunBB Install.PHP Cross-Site Scripting Vulnerability, PunBB Profile.PHP Cross-Site
Scripting Vulnerability, Cyrus IMAP Server Off-by-one Overflow in mysasl_canon_user()
[13.12.2004 9:40]
Opera Default 'kfmclient exec' Configuration May Let Remote Users Execute Arbitrary Commands,
SugarSales Input Validation Bugs, xzgv Integer Overflow in Processing PRF Files,
UseModWiki "wiki.pl" Cross-Site Scripting Vulnerability, Sun Solaris Sendmail,
Sun Java System Web/Application Server session ID access
[15.12.2004 9:00]
Microsoft HyperTerminal Buffer Overflow, Windows NT 4.0 Buffer Overflows, WINS
Buffer Overflow, Windows Kernel Buffer Overflow, WordPad Error in Converting Tables/Fonts
[15.12.2004 18:00] Symantec Automatic LiveUpdate, Kerio ServerFirewall 1.0 a
MailServer 5.x a 6.x
[16.12.2004 9:40]
Computer Associates eTrust EZ Antivirus, MoniWiki 'UploadFile.php', Adobe Acrobat Reader
Format String Flaw in Processing '.etd' Files, Microsoft Windows DHCP server on NT 4 server platforms ,
phpBB Attachment Mod Filename Input Validation Error
[17.12.2004 8:40]
Samba smbd Integer Overflow in Allocating Security Descriptors, MPlayer Has Multiple
Stack/Heap/Buffer Overflows, Sun ONE Messaging Server Bug in Webmail, Microsoft IE
dhtmled.ocx, Yet Another MP3 Tool (YAMT) Input Validation Hole in id3tag_sort(),
Veritas BackupExec Agent vulnerability
[20.12.2004 9:15]
Symantec Brightmail, CUPS lppasswd
[21.12.2004 9:20]
Crystal FTP Pro Buffer Overflow, PHPFormMail Input Validation Hole
[22.12.2004 9:30]
My Firewall Plus, Crypt::ECB 1.x (PERL module), GamePort 4.x
[23.12.2004]
Oracle zveřejnil informace o řadě chyb a vydal potřebné opravy; podobně IBM DB2
Tož to bylo loni - rok 2004 byl bohatý na chyby, převážně typu buffer overflow. Koho by
napadlo že zlomyslní hackeři schválně přeplní vstupní bafr informací kterou si umně upraví tak
aby jim usnadňovala jejich nekalé rejdy
No ale protože ještě určitě nebyly nalezeny všechny chyby tohoto druhu, tak se můžeme těšit na
pokračování těchto radovánek i v roce 2005. Můžeme jen doufat že jich už nebude tolik a že se
neobjeví podobný zásadní problém jiného druhu.
PF 2005
Pokračování po malé přetržce (viz info v aktualitách).
[19.1.2005 9:00]
Multiple high risk vulnerabilities in the Oracle Database Server; Kazaa Sig2Dat
Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations;
Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability;
Novell GroupWise WebAccess Lets Remote Users Bypass Authentication to Gain Limited Access;
Netegrity SiteMinder 'smpwservicescgi.exe' Lets Remote Users Forward the Target User to
an Arbitrary URL; CMSimple Input Valdation Bug in Search and Guestbook Let Remote Users
Conduct Cross-Site Scripting Attacks; MediaWiki Input Validation Flaw in 'wgLanguageCode'
and 'mUserLanguage' Parameters Lets Remote Users Execute Arbitrary Commands; vBulletin
Unspecified Vulnerability; NodeManager Professional V2.00 Buffer Overflow Vulnerability
[20.1.2005 11:20]
Cisco IOS Error in Processing SCCP Packets Lets Remote Users Deny Service;
Mac OS X Input Validation Flaw in parse_machfile() Lets Local Users Deny Service;
Oracle Database Create Database Link Lets Remote Authenticated Users Crash the Database;
Kazaa Lite K++ K-Sig Directory Traversal Weakness
[21.1.2005 8:20]
Multiple vulnerabilities in the AtHoc Toolbar; MSN Heartbeat Control Buffer Overflow;
M$IE Install Engine Control Buffer Overflow; RealPlayer 'ShowPreferences' Buffer
Overflow Vulnerability; RealPlayer Arbitrary File Deletion Vulnerability;
RealPlayer Miscellaneous Vulnerabilities; Playmidi Buffer Overflow in Processing
Filename May Let Local Users Obtain Elevated Privileges; Sun Java Plug-in Javascript Error
Lets Remote Users Access Files and Applications; Siteman Lets Remote Users Create
Administrative Accounts
[25.1.2005 14:10]
DataRescue IDA Pro PE Buffer Overflow in Import Library Name May Let Remote Users Execute
Arbitrary Code; Golden FTP Server Buffer Overflow in RNTO Command Lets Remote Users Execute
Arbitrary Code; MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities; Microsoft
Internet Explorer Install Engine ActiveX Control Buffer Overflow Vulnerability;
Novell GroupWise WebAccess Multiple Cross-Site Scripting Vulnerabilities; Oracle Database
Multiple Vulnerabilities; RealNetworks RealOne Player And RealPlayer Multiple Potential
Vulnerabilities
[28.1.2005 9:10]
Magic Winmail Server Input Validation Holes in Webmail and IMAP Services Allow Directory
Traversal Attacks; Cisco IOS Can Be Reloaded By Remote Users Sending Multiple IPv6 Packets;
Cisco IOS MPLS Disabled Interfaces Let Remote Users Deny Service; Cisco IOS BGP
log-neighbor-changes Processing Error Lets Remote Users Deny Service
[31.1.2005 12:00]
Cisco IOS IPv6 Processing Remote Denial Of Service Vulnerability; phpPgAds dest
parameter cross-site scripting
[1.2.2005 10:00]
Eternal Lines Web Server Lets Remote Users Deny Service With Multiple Simultaneous
Connections; Captaris Infinite Mobile Delivery Input Validation Hole Lets Remote Users
Conduct Cross-Site Scripting Attacks and Determine the Installation Path; Xpand Rally Memory
Allocation Error Lets Remote Users Deny Service
[2.2.2005 9:10]
Eurofull E-Commerce 'mensresp.asp' Permits Cross-Site Scripting Attacks; Eternal Lines
Web Server Lets Remote Users Deny Service With Multiple Simultaneous Connections; Captaris
Infinite Mobile Delivery Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting
Attacks and Determine the Installation Path; [2.2.2005 15:00] RealPlayer
RealMedia ".rm" Security Bypass Vulnerability
[3.2.2005 10:30]
Cisco IP/VC Hard-Coded SNMP Community Strings Let Remote Users Access the Device;
DeskNow Mail and Collaboration Server Directory Traversal Flaw Lets Remote Authenticated
Users Upload and Delete Arbitrary Files; Eurofull E-Commerce "nombre" Cross-Site Scripting;
Eudora
[4.2.2005 8:40]
Python SimpleXMLRPCServer May Let Remote Users Access Internal Data or Execute Arbitrary
Code; LANChat Pro Can Be Crashed By Remote Users; Mambo Bugs in Processing Global
Variables Let Remote Users Gain Administrative Access; SunShop Shopping Cart Input
Validation Hole in 'search' Parameter Permits Cross-Site Scripting Attacks
[7.2.2005 10:30]
RaidenHTTPD Input Validation Flaw Discloses Files to Remote Users; Apple Safari
Incorrectly Renders Text as HTML in Certain Cases; Microsoft Outlook Web Access
'owalogon.asp' Lets Remote Users Redirect Login Requests; LiteForum Input Validation
Flaw in 'enter.php' Lets Remote Users Inject SQL Commands; Python SimpleXMLRPCServer
May Let Remote Users Access Internal Data or Execute Arbitrary Code; Foxmail Server "MAIL
FROM:" Remote Buffer Overflow Vulnerability
[9.2.2005 9:10]
Microsoft Internet Explorer CDF Scripting Error Lets Remote Users Execute Scripting
Code in Arbitrary Domains; Microsoft Internet Explorer DHTML Method Heap Overflow Lets
Remote Users Execute Arbitrary Code; Microsoft Internet Explorer URL Encoding Error
Lets Remote Users Spoof Arbitrary URLs and Execute Scripting Code in Arbitrary Security Zone;
Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM
Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges; Microsoft Windows
Hyperlink Object Library Lets Remote Users Execute Arbitrary Code; Microsoft Windows XP
Named Pipe Validation Error Lets Remote Users Obtain Information; Microsoft Windows SMB
Lets Remote Users Execute Arbitrary Code; AppleFileServer (AFS) "FPLoginExt" Remote
Denial of Service Exploit; Microsoft Office XP Buffer Overflow in Processing URLs Lets
Remote Users Execute Arbitrary Code; Microsoft SharePoint Services Redirection Query
Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks; Microsoft MSN
Messenger Proprietary Network Graphics (PNG) vulnerability; RaidenHTTPD 1.1.27
Directory Traversal Vulnerability; Apple Safari version 1.2.4 v125.12 Input Validation
Vulnerability
[10.2.2005 18:30]
Netscape; F-Secure
[11.2.2005 10:40]
DelphiTurk FTP Discloses Passwords to Local Users; BrightStor ARCserve Backup
Buffer Overflow in Discovery Service Lets Remote Users Execute Arbitrary Code; MercuryBoard
'func/post.php' Input Validation Error ini'qu' Parameter Lets Remote Users Inject SQL Commands;
MyPHP Forum Input Validation Holes Let Remote Users Inject SQL Commands; ArGoSoft Mail
Server Input Validation Holes Allow Remote Authenticated Users to Upload/Download Files and
Create/Delete Directories; Apple Mac OS X Finder DS_Store Insecure File Creation
Vulnerability
[14.2.2005 17:20]
OpenPGP CFB Mode Is Subject to Adaptive Chosen-Plaintext Attacks; ZoneAlarm IPC
Null Pointer Dereference Lets Local Users Crash the System; Apache mod_python Publisher
Handler Discloses Information to Remote Users; ArGoSoft Mail Server Three Vulnerabilities;
Armagetron Multiple Denial of Service Vulnerabilities; Barracuda Spam Firewall 200
Open Mail Relay Vulnerability
[15.2.2005 9:00]
Open WebMail Input Validation Flaw in 'logindomain' Lets Remote Users Conduct Cross-Site
Scripting Attacks
[16.2.2005 16:30]
Sami HTTP Server Input Validation Holes Disclose Files to Remote Users and Let Remote Users
Crash the Service; HP HTTP Server Buffer Overflow Lets Remote Users Execute Arbitrary Code;
Armagetron Game Service Can Be Crashed By Remote Users
[17.2.2005 11:30]
DCP-Portal Input Validation Flaws in 'index.php' and 'forums.php' Let Remote Users Inject
SQL Commands; phpMyAdmin '\libraries\select_lang.lib.php' Discloses Installation Path to
Remote Users; Synaesthesia Lets Local Users View Arbitrary Files
[18.2.2005 9:30]
BibORB Various Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks;
NewsBruiser Lets Remote Users Bypass Comment Feature Access Controls; paNews 'comment.php'
Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks; MercuryBoard 'forum.php'
Input Validation Error in 'f' Parameter Permits Cross-Site Scripting Attacks
[21.2.2005 10:20]
pMachine Include File Error in 'mail_autocheck.php' Lets Remote Users Execute Arbitrary
Commands; Zeroboard Input Validation Holes in 'zboard.php' and 'view_image.php' Permit
Cross-Site Scripting Attacks; Bidwatcher Format String Error in 'netstuff' May Let Remote
Users Execute Arbitrary Code in Certain Cases; Yahoo! Messenger Audio Setup Wizard Privilege
Escalation; Yahoo! Messenger File Transfer Filename Spoofing; BibORB Multiple
Vulnerabilities; Gaim Two Denial of Service Weaknesses
[22.2.2005 8:50]
PuTTY; Mambo Include File Error in 'Tar.php' Lets Remote Users Execute Arbitrary
Commands on the Target System; Xinkaa WEB Station Discloses Files Outside of the Document
Directory to Remote Users; Bontago Buffer Overflow in Processing Nickname May Let Remote
Users Execute Arbitrary Code
[23.2.2005 11:30]
vBulletin 'misc.php' Lets Remote Users Injection PHP Code via the 'template' Parameter;
MediaWiki Input Validation Holes Permit Cross-Site Scripting Attacks and Directory Traversal
Flaw Lets Remote Authenticated Administrators Delete Files; Arkeia Network Backup Type 77
Request Buffer Overflow Yields Root/LocalSystem Access to Remote Users; phpBB Avatar Upload
Arbitrary File Access; Sun Java Runtime Environment Java Plug-in JavaScript Security Restriction
Bypass Vulnerability; iGeneric iG Shop Multiple SQL Injection Vulnerabilities
[24.2.2005 12:00]
PBLang Input Validation Holes in 'search.php', 'pmshow.php' and 'pm.php' Permit Cross-Site
Scripting Attacks; Chat Anywhere, SendLink & eXeem Disclose Passwords to Local Users;
iG Shop Input Validation Bugs Let Remote Users Execute SQL Commands
[25.2.2005 8:10]
Trend Micro A/V Vulnerable to ARJ Heap Overflow
[28.2.2005 8:30]
IBM's DB2 Universal Database Version 8.1 and earlier; CIS WebServer Discloses Files
Outside of the Document Directory to Remote Users; BadBlue Buffer Overflow in 'mfcisapicommand'
Lets Remote Users Execute Arbitrary Code; KNet HTTP GET Request Buffer Overflow Lets Remote
Users Execute Arbitrary Code; Trend Micro Products AntiVirus Library Buffer Overflow
[3.3.2005 9:10]
OpenVMS Unspecified Bug Lets Local Users Access Privileged Files and Resources; Woltlab
Burning Board Missing Input Validation in 'userid' and 'lastvisit' Cookies Permits SQL Injection;
Forumwa Input Validation Errors in 'search.php' Let Remote Users Conduct Cross-Site Scripting
Attacks; D-forum Input Validation Holes Permit Cross-Site Scripting Attacks; PHPNews
'auth.php' Include File Flaw Lets Remote Users Execute Arbitrary Code; PHPBB Privmsg.PHP SQL
Injection Vulnerability; CutePHP CuteNews X-Forwarded-For Script Injection Vulnerability;
SafeHTML Multiple HTML Entity Bypass Vulnerabilities; PBLang Bulletin Board System
DelPM.PHP Arbitrary Personal Message Deletion Vulnerability; Mozilla / Firefox "Save Link As"
Download Dialog Spoofing; Mozilla Firefox Image Javascript URI Dragging Cross-Site Scripting;
Mozilla / Firefox / Thunderbird Multiple Vulnerabilities; Mitel 3300 ICP Web Management
Interface Two Vulnerabilities; phpMyAdmin phpmyadmin.css.php Remote File Inclusion
[4.3.2005 7:50]
Computer Associates License Manager Remote Vulnerabilities; Carsten's 3D Engine Format
String Flaw Lets Remote Users Execute Arbitrary Code; CA Unicenter Asset Management Input
Validation Bugs Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks;
CProxy Input Validation Hole Discloses Files to Remote Users and Lets Remote Users Crash
the Service; Golden FTP Server Buffer Overflow in USER Command Lets Remote Users Execute
Arbitrary Code; auraCMS Discloses Path to Remote Users and Permits Cross-Site Scripting Attacks
[7.3.2005 10:30]
Nokia Symbian OS Phone Bluetooth Nickame Error Lets Remote Users Restart the Target System;
Form Mail Script Lets Remote Users Include and Execute Arbitrary PHP Code; phpBB 'oracle.php'
Discloses Path to Remote Users; phpBB 'sessions.php' Grants Administrative Access to Remote
Authenticated Users; CProxy Input Validation Hole Discloses Files to Remote Users and Lets
Remote Users Crash the Service
[9.3.2005 8:40]
Oracle Database Server Directory transversal; Trillian Basic PNG Image Buffer Overflow
Vulnerability; RealPlayer WAV and SMIL File Handling Buffer Overflows; Ethereal Buffer
Overflow in 3G-A11 Dissector Lets Remote Users Execute Arbitrary Code; phpWebLog Include File
Flaw Lets Remote Users Execute Arbitrary Commands; mcNews 'header.php' Include File Flaw
Lets Remote Users Execute Arbitrary Commands;
[10.3.2005 9:00]
Novell iChain Mini FTP Server Does Not Limit Invalid Authentication Attempts; Novell iChain
Mini FTP Server Discloses Installation Path to Remote Users; Novell iChain GUI Lets Remote
Users Gain Administrative Access; paFileDB Input Validation Hole in $pageurl Lets Remote Users
Conduct Cross-Site Scripting Attacks; OutStart Participate Discloses Directories to Remote
Users and Lets Remote Users Rename and Delete Directory Objects
[11.3.2005 14:40]
Ipswitch IMail Server Buffer Overflow in IMAP EXAMINE Command Lets Remote Authenticated
Users Gain Administrator Privileges; WEBinsta Website Mailing list manager Include File
Flaw Lets Remote Users Execute Arbitrary Commands; xoops 2.0.9.2 and below weak file extension
validation; PE Multiple Remote Access Validation Vulnerabilities; ArGoSoft FTP Server
1.4.2.8 Buffer Overflow Vulnerability; Ipswitch Collaboration Suite IMail Server IMAP EXAMINE
Argument Buffer Overflow Vulnerability; All Enthusiast PhotoPost PHP Pro Multiple Remote Vulnerabilities
[14.3.2005 9:50]
YaBB Input Validation Error in 'usersrecentposts' Lets Remote Users Conduct Cross-Site Scripting
Attacks; Ethereal Buffer Overflows and Other Bugs in Etheric, GPRS-LLC, 3GPP2 A11, IAPP,
JXTA, and sFlow Dissectors Let Remote Users Crash the Process or Execute Arbitrary Code; MySQL CREATE
FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code; MySQL udf_init()
Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries; MySQL CREATE TEMPORARY
TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
[16.3.2005 12:00]
MaxDB Web Agent Can Be Crashed By Remote Users Sending Invalid DBM Parameters; phpAdsNew
'adframe.php' Permits Cross-Site Scripting Attacks and Various Scripts Disclose the Installation
Path to Remote Users; Tomcat AJP12 Parsing Error Lets Remote Users Deny Service
[18.3.2005 17:00]
McAfee VirusScan ASaP Buffer Overflow in Processing LHA Headers Lets Remote Users Execute
Arbitrary Code; McAfee VirusScan Buffer Overflow in Processing LHA Headers Lets Remote Users
Execute Arbitrary Code
[18.3.2005 17:00]
Ciamos Highlight.PHP File Disclosure Vulnerability; PHP-Fusion Setuser.PHP HTML Injection
Vulnerability; CoolForum Cross-Site Scripting And SQL Injection Vulnerabilities; Cain Abel Buffer
Overflow in PSK Sniffer Lets Remote Users Execute Arbitrary Code; Icecast XSL Parser Lets Local
Users Gain Elevated Privileges and Discloses XSL Files to Remote Users
[22.3.2005 10:30]
Sybase Buffer Overflow Vulnerabilities; phpmyfamily Input Validation Holes Let Remote Users
Inject SQL Commands
[23.3.2005 9:20]
Apple Bluetooth Setup Assistant Lets Remote Users Bypass Access Controls; Apple Mac OS X Unsafe
Directory Permissions May Let Local Users Gain Elevated Privileges; Apple AFP Server Discloses
Drop Box Contents to Remote Users and Lets Remote Users Deny Service; Mac OS X Core Foundation Buffer
Overflow in CF_CHARSET_PATH Lets Local Users Gain Root Privileges; phpmyfamily Input Validation
Holes Let Remote Users Inject SQL Commands
[25.3.2005 9:20]
Topic Calendar Mod for phpBB Permits Cross-Site Scripting Attacks and Discloses Path to Remote
Users; SOGo May Disclose Private Information to Remote Authenticated Users; Microsoft Windows
Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System; ImageMagick
TIFF, PSD, and SGI Image File Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code
MercuryBoard Input Validation Flaw in Private Message 'title' Field Lets Remote Users Conduct
Cross-Site Scripting Attacks
[29.3.2005 13:50]
TinCat Buffer Overflow Lets Remote Users Execute Arbitrary Code; CPG Dragonfly Input Validation
Errors Let Remote Users Conduct Cross-Site Scripting Attacks; Nuke Bookmarks Input Validation Flaws
Permit SQL Injection, Cross-Site Scripting, and Path Disclosure; AS/400 LDAP Server Default
Configuration Discloses User Account Names to Remote Authenticated Users; WD Guestbook Authentication Error
Lets Remote Users Add Administrative User Accounts or Suppress Messages; Maxthon (dříve MyIE2)
[30.3.2005 9:30]
nějak jsem přehlédl telnet v prakticky všech UNIXovských variantách (a všech od nich odvozených - Linux,
BSD, ... s výjimkou produktů CyberSafe TrustBroker, HP-UX and HP Tru64 UNIX a produktů NetTerm, SecureNetTerm a
SNetTerm InterSoft International) trpí chybou buffer overflow; phpCOIN Lets Remote Users Inject SQL Commands
and Execute Arbitrary Files on the Target System; PortalApp Input Validation Flaws in 'ad_click.asp'
and 'content.asp' Permit SQL Injection and Cross-Site Scripting; E-Data Missing Input Validation
Lets Remote Users Conduct Cross-Site Scripting Attacks; Adventia Chat Default Configuration Permits
Cross-Site Scripting Attacks; The Settlers: Heritage of Kings Player Logging Buffer Overflow;
Sacred Player Logging Buffer Overflow Vulnerability; Symantec: AutoProtect Errors May Let Local
or Remote Users Deny Service: for Norton System Works, Norton Internet Security and Norton AntiVirus;
PhotoPost PHP Pro Cross-Site Scripting and SQL Injection; TinCat Player Logging Buffer Overflow
Vulnerability; Esmi Studio Products Cross-Site Scripting and SQL injection; BugTracker.NET
Multiple SQL Injection Vulnerabilities; E-Store Kit-2 PayPal Edition Cross-Site Scripting and File Inclusion;
PunBB version <= 1.2.2 auth bypass exploit
[31.3.2005 10:50]
Kerio Personal Firewall Access Controls Can Be Bypassed Via Application Masquerading;
Invision Power Board Input Validation Flaw in User Signature Permits Cross-Site Scripting Attacks
Chatness Input Validation Bugs Permit Cross-Site Scripting Attacks; Ublog Reload Discloses Database
to Remote Users and Permits Cross-Site Scripting Attacks
[4.4.2005 9:00]
Acrobat Reader local files discovery; SiteEnable Lets Remote Users Inject SQL Commands and Conduct
Cross-Site Scripting Attacks; AlstraSoft EPay Pro Include File and Input Validation Holes Let Remote Users
Execute Commands and Conduct Cross-Site Scripting Attacks; NetVault Buffer Overflows Let Local and Remote
Users Execute Arbitrary Code; BakBone NetVault Configure.CFG Local Buffer Overflow Vulnerability;
Microsoft Windows UNC Path Handling Unspecified Buffer Overflow Vulnerability; MaxWebPortal Events And
Links Interface Multiple Input Validation Vulnerabilities; BakBone NetVault Remote Heap Overflow
Vulnerability; FreeNX Local X Server Authentication Bypass Vulnerability; IRC Services LISTLINKS
Discloses Link Lists to Remote Users; MX Shop 'id_ctg' Input Validation Hole Lets Remote Users Inject SQL
Commands; MX Kart Input Validation Holes in 'category', 'manufacturer', and 'pages' Modules Permit SQL
Injection; BlueSoleil Object Push Directory Traversal Flaw Lets Remote Users Send Files to Arbitrary Locations
NetManage RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilities
[8.4.2005 9:10]
PopUp Plus Miranda IM Plugin Buffer Overflow Lets Remote Users Execute Arbitrary Code;
CubeCart Discloses Installation Path to Remote Users; sCssBoard Has a Cross-Site Scripting Flaw
and Other Unspecified Vulnerabilities With Unspecified Impact; Litecommerce Input Validation Bugs in 'cart.php'
Let Remote Users Inject SQL Commands; IBM Lotus Domino Server Web Service DoS Vulnerability;
Sybase ASE 12.5.2 (and older) high risk security vulnerabilities; Computer Associates eTrust Intrusion Detection
System CPImportKey DoS Vulnerability
[11.4.2005 10:00]
File Upload Script 'up.php' for phpBB Lets Remote Users Upload Arbitrary Files; PostNuke Input Validation Holes
in News Module Permits SQL Injection and in 'admin.php' and 'user.php' Permit Cross-Site Scripting Attacks;
Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses;
Microsoft Outlook 'From' Address Display Lets Remote Users Spoof Origination Addresses; Ocean12 Membership Manager
Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks; SonicWALL Pro Series Script Insertion
Vulnerability; FTP Now Disclosure of User Credentials; PunBB SQL Injection and Cross-Site Scripting Vulnerabilities;
Macromedia ColdFusion MX Updater File Disclosure Vulnerability; SurgeFTP "LEAK" Command Denial of Service
Vulnerability; Lotus Notes/Domino Multiple Vulnerabilities
[12.4.2005 9:20]
TowerBlog! Discloses Hashed Administrative Password to Remote Users; rsnapshot copy_symlink()
May Let Local Users Gain Elevated Privileges in Certain Situations; P2P Share Spy Discloses
Password to Local Users; ModernBill Include File Error in Sample 'news.php' Script Lets Remote Users Execute Commands
and Input Validation Holes in 'orderwiz.php' Permit Cross-Site Scripting Attacks; File Upload Script 'up.php' for phpBB
Lets Remote Users Upload Arbitrary Files
[13.4.2005 10:30]
Cisco IOS ICMP PMTUD Attackes Let Remote Users Deny Service; ACNews Input Validation Hole in 'login.asp'
Yields Administrative Access to Remote Users; OpenOffice StgCompObjStream::Load() Heap Overflow Lets Remote Users
Execute Arbitrary Code; zOOm Media Gallery Lets Remote Users Inject SQL Commands; Gld Format String Flaws and Buffer
Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
[13.4.2005 17:40] Oracle Database Multiple SQL Injection Vulnerabilities;
Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability; WatchGuard Products ICMP Message Handling
Denial of Service; Network Appliance Data ONTAP ICMP Message Handling Denial of Service; Gld Multiple Vulnerabilities;
OpenOffice ".doc" Document Handling Buffer Overflow; Cisco - Crafted ICMP Messages Can Cause Denial of Service;
Juniper Networks JUNOS ICMP Message Handling Denial of Service; PostNuke Phoenix SID Parameter Remote SQL Injection Vulnerability
[14.4.2005 11:10]
IBM Domino Server Buffer Overflow in Date/Time Field Lets Remote Users Execute Arbitrary Code; Veritas i3
FocalPoint Server Has Vulnerability With Unspecified Impact; Oracle Database Has Unspecified Vulnerabilities
in Multiple Components; Microsoft Internet Explorer Buffer Overflows in DHTML, URL Parsing, and Content Advisor
Let Remote Users Execute Arbitrary Code; Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute
Arbitrary Code
[15.4.2005 9:20]
Axel Buffer Overflow in Processing HTTP Location Values Lets Remote Users Execute Arbitrary Code; Kerio MailServer WebMail
Viewing Flaw Lets Remote Users Deny Service; Pavuk Buffer Overflows Have Unspecified Impact; Sun Solaris ICMP Processing
Error Lets Remote Users Deny Service; CalendarScript Discloses Installation Path and Debug Information to Remote Users and
Permits Cross-Site Scripting Attacks; S9Y Serentdipity Exit.PHP SQL injection Vulnerability
[19.4.2005 17:30]
WebcamXP Lets Remote Users Redirect Chat Sessions and Deny Service; CityPost PHP LNKX Input Validation Hole Permits
Cross-Site Scripting Attacks; CityPost Image Cropper/Resizer Input Validation Hole Permits Cross-Site Scripting Attacks;
CityPost Simple PHP Upload Input Validation Hole Permits Cross-Site Scripting Attacks; McAfee Internet Security Suite
Unsafe File Permissions Let Local Users Gain Elevated Privileges; McAfee Internet Security Suite 2005 Insecure File Permission
[20.4.2005 14:40]
LogWatch Regular Expression Error May Let Users Deny Service to Avoid Detection; Ocean12 Calendar Manager Input Validation
Errors Permit SQL Injection Attacks; Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute
Arbitrary Scripting Code; Sun Solaris May Let Local Users Hijack Non-Privileged Port Services; CVS Buffer Overflows and Memory
Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
[21.4.2005 8:50]
W2K M$IE: File Selection May Lead to Command Execution; Realplayer/RealOne RAM File Processing Buffer Overflow Vulnerability;
MPlayer MMST and RTSP Buffer Overflows Let Remote Users Execute Arbitrary Code; RealPlayer Enterprise Buffer Overflow in
'pnen3260.dll' Lets Remote Users Execute Arbitrary Code; LogWatch Regular Expression Error May Let Users Deny Service to Avoid
Detection; Ocean12 Calendar Manager Input Validation Errors Permit SQL Injection Attacks; Microsoft Windows Explorer 'webvw.dll'
Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code
[22.4.2005 14:20]
Yawcam Directory Traversal Flaw Lets Remote Users View Arbitrary Files; E-Cart Mod Input Validation Hole in 'art' Parameter
Lets Remote Users Execute Arbitrary Commands; phpBB Auction Mod Lets Remote Users Inject SQL Commands and Determine the Installation
Path; LG Electronics U8120 Phone MIDI File Processing Error Lets Remote Users Deny Service; Acrobat Reader
Invalid-ID-Handle-Error Buffer Overflow May Let Remote Users Execute Arbitrary Code
[25.4.2005 17:20]
Novell Nsure Audit 'webadmin.exe' Lets Remote Users Cause the System to Stop Responding; WoltLab Burning Board Input Validation
Hole in 'thread.php' in 'hilight' Parameter Permits Cross-Site Scripting Attacks; ASP Nuke Input Validation Holes Permit SQL Injection
and Cross-Site Scripting Attacks; MailEnable HTTPMail Vulnerability Has Unspecified Impact; KDE kimgio PCX Processing Error Lets
Remote Users Execute Arbitrary Code
[27.4.2005 9:50]
yappa-ng Input Validation Holes Let Remote Users Execute Arbitrary Commands and Conduct Cross-Site Scripting Attacks; BEA WebLogic
Administration Console Input Validation Hole in 'JndiFramesetAction' Permits Cross-Site Scripting Attacks; Citrix Program Neighborhood
Agent Stack Overflow Lets Remote Users Execute Arbitrary Code and Another Bug Lets Remote Users Create Arbitrary Shortcuts; Citrix WinCE
MetaFrame Presentation Server Client Stack Overflow Lets Remote Users Execute Arbitrary Code and Another Bug Lets Remote Users Create Arbitrary
Shortcuts; nProtect Netizen Lets Remote Users Download Arbitrary Files to the Target System; MySQL MaxDB Webtool Remote Stack Overflow
Vulnerability
[28.4.2005 14:40]
MaxDB Buffer Overflow in getIfHeader() WebDAV Function Lets Remote Users Execute Arbitrary Code
[29.4.2005 15:30]
Safari Can Be Crashed With Long HTTPS URL; phpCOIN Input Validation Holes in 'login.php' and 'mod.php' Let Remote Users Inject SQL
Commands; Ocean12 Mailing List Manager Lets Remote Users Inject SQL Commands; Uapplication Products Disclose the Database to Remote
Users and Let Remote Authenticate Administrators Upload Arbitrary Files; HP OpenView Radia Management Portal Lets Remote Users Gain Access
and Also Deny Service
[2.5.2005 9:40]
ViArt Shop Input Validation Holes Permit Cross-Site Scripting Attacks; MaxWebPortal Has Input Validation Holes in Multiple Scripts
That Permit SQL Injection and Grant Remote Administrative Access; ArcGIS Buffer Overflows and Format String Errors Let Local Users Gain Root
Privilegges; Kerio MailServer Administration Port Lets Remote Users Deny Service; Kerio Personal Firewall Administration Port Lets Remote
Users Deny Service; PHPCoin Multiple SQL Injection Vulnerabilities; Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution
Vulnerability; Amazon Webstore Multiple Cross Site Scripting Vulnerabilities; Survivor Unspecified Cross Site Scripting Vulnerability
[3.5.2005 10:00]
Invision Power Board URL Parameter Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks; Video Cam Server Lets
Remote Users Traverse the Directory, Determine the Installation Path, and Deny Service; Open WebMail Input Validation Hole Prior to open() Call
Lets Remote Users Execute Arbitrary Commands; Kerio Products Denial of Service and Brute Force Vulnerabilities; Mtp Target Format String
and Denial of Service Vulnerabilities; ArcInfo Workstation Format String and Buffer Overflow Vulnerabilities; Avaya Kerberos Telnet Client
vulnerabilities; GlobalScape Secure FTP Command Parsing Buffer Overflow; Plans Cross-Site Scripting and Password Disclosure Vulnerabilities
[4.5.2005 10:10]
602LAN SUITE Local File Detection and Denial of Service; Mac OS X chfn/chpass/chsh Code Paths May Let Local Users Gain Elevated Privileges;
AppleScript Editor URL Protocol Messaging Machanism Lets Remote Users Obfuscate Scripting Code; AppKit TIFF File NXSeek() Exception Lets
Remote Users Crash the Application; Symantec Gateway Security ICMP Processing Error Lets Remote Users Deny Service; SitePanel 2 Validation
Bugs Let Remote Users Execute Arbitrary Commands, View Arbitrary Files, and Conduct Cross-Site Scripting Attacks; Perl SuidPerl Multiple Local
Vulnerabilities; Perl RMTree Local Race Condition Vulnerability; PostgreSQL Character Conversion and tsearch2 Vulnerabilities; Joshua
Chamas Crypt::SSLeay Perl Module Insecure Entropy Source Vulnerability; TCPDump BGP Decoding Routines Denial Of Service Vulnerability
[5.5.2005 11:20]
SimpleCam Directory Traversal Flaw Discloses Files to Remote Users; Apple Mac OS X vpnd Buffer Overflow in 'Server_id' Yields Root Privileges
to Local Users; FishCart Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks; NetWin DMail Bugs Let Remote Users
Bypass Authentication and Potentially Execute; ASP Inline Corporate Calendar Lets Remote Users Inject SQL Commands; Gossamer Threads Links
User.CGI Cross-Site Scripting Vulnerability; WebCrossing WebX Cross-Site Scripting Vulnerability
[6.5.2005 8:20]
RealPlayer Flaw in Processing an Unspecified File Type Lets Remote Users Execute Arbitrary Code; ArticleLive Bugs Let Remote Users Gain
Administrative Access, Inject SQL Commands, and Conduct Cross-Site Scripting Attacks; Invision Gallery Input Validation Bugs in 'cmd' and 'show'
Parameters Permit SQL Injection and Cross-Site Scripting Attacks; Hosting Controller 'addsubsite.asp' Lets Remote Users Create User and Host Accounts;
PHPCart Authentication Flaw Lets Remote Users Modify Prices During Purchase; OSTicket Multiple Input Validation and Remote Code Injection
Vulnerabilities; Apple Mac OS X Multiple Vulnerabilities; Adobe SVG Viewer Local File Detection and libpng Vulnerability; ASP.NET ViewState
Denial of Service and Security Bypass; PHP-Nuke "phpbb_root_path" Arbitrary File Inclusion; SimpleCam Directory Traversal Vulnerability
[9.5.2005 11:20]
RSA SecurID WebAgent Heap Overflow; ASP.NET; Apple Mail New Account Wizard May Disclose Passwords Via the Network; Firefox onload()
History Access Bug and Install Function Scripting Execution Flaw Lets Remote Users Execute Arbitrary Code; HTMLJunction EZGuestbook Discloses Database
to Remote Users; qmail Integer Errors Let Remote Users Deny Service; FreeBSD 'rlm_sql.c' Contains SQL Injection and Buffer Overflow Bugs; WebApp
E-Cart index.cgi art Parameter Arbitrary Command Execution; Mozilla Firefox Install Method Remote Arbitrary Code Execution Vulnerability; Mozilla
Firefox "Extensions" Remote Code Execution Vulnerability
[10.5.2005 9:30]
IPSec ESP Lets Inline Users Modify Packets to Cause the Plaintext to Be Rerouted and Recovered; CodeThatShoppingCart Input Validation Holes Permit
SQL Injection and Cross-Site Scripting Attacks; Orenosv HTTP/FTP Server FTP Command Buffer Overflow Lets Remote Users Crash the Server and HTTP SSI Buffer
Overflow May Let Local Users Execute Arbitrary Code; Solaris NIS+ Service Endless Loop Lets Remote Users Deny Service; Sun StorEdge Arrays May Let
Remote Users Gain Access; WebApp E-Cart index.cgi art Parameter Arbitrary Command Execution; Orenosv HTTP/FTP Server Buffer Overflow Vulnerabilities;
Mozilla "IFRAME" JavaScript URL Cross-Site Scripting; phpBB Unspecified URL / BB Code Vulnerability
[11.5.2005 9:40]
Gzip zgrep Implementation May Let Remote Users Execute Arbitrary Commands; Apple iTunes MPEG4 Buffer Overflow May Let Remote Users Execute Arbitrary Code;
IPSec ESP Lets Inline Users Modify Packets to Cause the Plaintext to Be Rerouted and Recovered; CodeThatShoppingCart Input Validation Holes Permit SQL
Injection and Cross-Site Scripting Attacks; Orenosv HTTP/FTP Server FTP Command Buffer Overflow Lets Remote Users Crash the Server and HTTP SSI Buffer Overflow
May Let Local Users Execute Arbitrary Code
[12.5.2005 10:20]
Windows Media Player License Acquisition Feature May Let Remote Users Redirect Users to Arbitrary Web Pages; LibTIFF TIFFOpen() 'BitsPerSample' Buffer Overflow
Error May Remote Users Execute Arbitrary Code; Sun Solaris automountd Lets Local Users Deny Service; Gaim Bugs in Processing MSN Messages and Certain
URLs Let Remote Users Deny Service; WordPress Vulnerability Has Unspecified Impact
[16.5.2005 10:00]
Gecko Based Browsers HTTP Authentication Prompt Vulnerability (K-Meleon Browser version 0.9, Mozilla suite version 1.7.5 and prior, Firefox version 1.0 and prior,
Netscape version 7.2);
[17.5.2005 10:20]
Gurgens Guest Book Discloses Database and Passwords to Remote Users; MetaCart e-Shop Input Validation Holes in 'productsByCategory.asp' Permit SQL Injection
and Cross-Site Scripting Attacks; Ultimate Forum Discloses Database and Passwords to Remote Users; NPDS Input Validation Holes in 'comments.php' and
'pollcomments.php' Permit SQL Injection; Movable Type Cookie Authentication Flaw Lets Remote Users Gain Access; Multiple Vendor FTP Client Side File
Overwriting Vulnerability
[18.5.2005 12:00]
ignitionServer Lets Remote Users Delete Access Entries and Deny Channel Access to Operators; Help Center Live Input Validation Bugs Permit SQL Injection and
Cross-Site Scripting Attacks; Fastream NETFile Server PORT Command Address Validation Flaw Lets Remote Users Deny Service; War Times Game Can Be Crashed By
Remote Users; Linux Kernel pktcdvd and rawdevice Errors Lets Local Users Gain Elevated Privileges
[19.5.2005 9:20]
MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege; MySQL Non-existent '--user' Error May Allow the Database
to Run With Incorrect Privileges; Core CMS Has Vulnerabilities With Unspecified Impact; PROMS Input Validation Holes Permit SQL Injection and Cross-Site
Scripting Attacks; avast! antivirus May Fail to Detect Certain Viruses
[20.5.2005 9:20]
Serendipity Bugs Let Remote Authenticated Users Upload Unauthorized Files and Also Permits Cross-Site Scripting Attacks; ExtremeWare XOS Lets Remote
Authenticated Administrators Gain Access to the Operating System on BlackDiamon Switches; Novell ZENworks Remote Management Buffer Overflows in Authentication
Protocol Let Remote Users Execute Arbitrary Code; Cisco MGX WAN Switches TCP/IP Timestamp Option Error Lets Remote Users Deny Service; Cisco AP35/AP1200 TCP/IP
Timestamp Option Error Lets Remote Users Deny Service; PHP Advanced Transfer Manager Remote File Inclusion Vulnerability
[23.5.2005 10:50]
Gentoo webapp-config Unsafe Temporary File Lets Local Users Gain Elevated Privileges; Cookie Cart Discloses Authentication Data and Order Information to
Remote Users; MailScanner May Fail to Report Viruses in Zip Files; Groove Virtual Office Lets Remote Users Execute Arbitrary Code and Discloses Information
to Local Users; Groove Workspace Input Validation Error in Processing SharePoint Lists Lets Remote Users Execute Scripting Code; Extreme Networks ExtremeWare
XOS Privilege Escalation Vulnerability; Episodex Guestbook HTML Injection Vulnerability; Episodex Guestbook Unauthorized Access Vulnerability; PHP
Advanced Transfer Manager Arbitrary File Include Vulnerability
[27.5.2005 9:10]
Computer Associates Antivirus Vet Library Vulnerability; L-Soft LISTSERV
[30.5.2005 16:30]
ServersCheck Lets Remote Authenticated Users Traverse the Directory; India Software Solution Shopping Cart Input Validation Hole in 'signin.asp' Permits
SQL Injection; NPDS Input Validation Holes in 'glossaire' Module and Links Search Script Permit SQL Injection; Online Solutions for Educators Input Validation
Hole Permits SQL Injection; Hosting Controller 'resellerresources.asp' Lets Remote Authenticated Users View and Delete Reseller Plans; Advanced Encryption Standard
Cache Timing Key Disclosure Vulnerability; Libxml2 Remote URI Parsing Buffer Overrun Vulnerability; Libxml2 Multiple Remote Stack Buffer Overflow Vulnerabilities
GD Graphics Library Multiple Unspecified Remote Buffer overflow Vulnerabilities; GD Graphics Library Remote Integer Overflow Vulnerability; HP-UX Trusted
Systems Grant Access to Remote Users; shtool Temporary File May Let Local users gain Elevated Privileges; Clever's Games Terminator 3: War of the Machines
Remote Denial of Service Vulnerability
[6.6.2005 11:10]
LiteWeb Lets Remote Users Access Restricted Pages; SPA-PRO Mail @Solomon Input Validation Hole Discloses Files to Remote Users and Buffer Overflow Lets Remote Users
Execute Arbitrary Code; MWChat Include File Flaw Lets Remote Users Execute Arbitrary Commands; HP OpenView Radia Buffer Overflow in RADEXECD Lets Remote Users Execute
Arbitrary Code; Symantec Brightmail AntiSpam Uses Common Default Database Password; Crob FTP Server Buffer Overflow Vulnerabilities; CuteNews Template Creation
PHP Code Execution Vulnerability; MWChat "CONFIG[MWCHAT_Libs]" File Inclusion Vulnerability; Nortel VPN Router Malformed Packet DoS Vulnerability; LiteWeb
Protected File Access Vulnerability; Liberum Help Desk "id" SQL Injection Vulnerability; Microsoft Outlook Express Attachment Processing File Extension Obfuscation
Vulnerability
[7.6.2005 10:40]
LutelWall Unsafe Temporary File Lets Local Users Gain Elevated Privileges; RakNet Lets Remote Users Freeze the System With a Zero Byte UDP Packet; Everybuddy
Unsafe Temporary File Lets Local Users Gain Elevated Privileges; GIPTables Firewall Unsafe Temporary File Lets Local Users Gain Elevated Privileges; Sun Solaris
libc __init_suid_priv() Lets Local Users Gain Elevated Privileges; Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability; New Bluetooth Security Breach
Found; GNU Mailutils "sql_escape_string()" SQL Injection Vulnerability
[8.6.2005 15:00]
IBM WebSphere Application Server Buffer Overflow in Administrative Console Lets Remote Users Execute Arbitrary Commands; Sun ONE Application Server Discloses Files to
Remote Users; GNU Mailutils Input Validation Error in sql_escape_string() Lets Remote Users Inject SQL Commands; Mortiforo Access Control Flaw Lets Remote Users Access
Private Forums; desknet's Input Validation Error in Displaying HTML Mail Lets Remote Users Conduct Cross-Site Scripting Attacks
[9.6.2005 14:40]
Apple File Protocol (AFP) Server Buffer Overflow in Legacy Client Support Lets Remote Users Execute Arbitrary Code; Apple File Protocol (AFP) Server May Prevent Users
From Accessing Certain Files; Cisco 802.1x Voice-Enabled Interfaces Grant Anonymous Voice VLAN Access; Tcpdump Infinite Loop Error in bgp_update_print() Lets Remote
Users Deny Service; IBM AIX Buffer Overflows in invscout, paginit, diagTasksWebSM, getlvname, and swcons Commands and Multiple p Commands Let Local Users Execute Arbitrary Code
[10.6.2005 14:40]
Macromedia: eLicensing Function in Fireworks, Flash, Studio, Dreamweaver & Contribute Lets Local Users Gain Elevated Privileges
[13.6.2005 9:30]
JamMail Input Validation Hole in 'mail' Parameter Lets Remote Users Execute Arbitrary Commands; Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code;
WebHints Input Validation Bug Lets Remote Users Execute Arbitrary Commands; xMySQLadmin Lets Local Users Delete Files; Gaim Flaws in Processing Yahoo! and MSN Packets
Let Remote Users Deny Service
[14.6.2005 12:10]
Sysreport May Disclose the up2date Proxy Password Via the System Report; Symantec pcAnywhere 'Launch With Windows' Properties Let Local Users Gain Elevated Privileges;
Novell eDirectory Can Be Crashed With Requests Containing MS-DOS Device Names; JamMail Input Validation Hole in 'mail' Parameter Lets Remote Users Execute Arbitrary Commands;
Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code; FusionBB Multiple Input Validation Vulnerabilities; Symantec pcAnywhere 'Launch With Windows'
Properties Let Local Users Gain Elevated Privileges; TCPDump ISIS Decoding Routines Denial Of Service Vulnerability; TCPDump LDP Decoding Routines Denial Of Service
Vulnerability
[15.6.2005 18:20]
Telnet Client NEW-ENVIRON Command Discloses Information to Remote Users;
Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code;
Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code;
Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks;
Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code;
Microsoft Agent Trusted Internet Content Spoofing Issue (MS05-032);
Microsoft Telnet Client Information Disclosure Issue (MS05-033);
Multiple Vendor Antivirus Products Malformed ZIP Archive Scan Evasion Vulnerability;
Microsoft Web Client Service Remote Code Execution (MS05-028);
Microsoft Exchange Server Cross Site Scripting Issue (MS05-029);
Microsoft Outlook Express NNTP Remote Code Execution (MS05-030);
Microsoft Step-by-Step Interactive Training Code Execution (MS05-031);
Java Web Start java-vm-args Lets Remote Users Access and Execute Files on the Target User's System;
Java Runtime Environment Internal Classes Lets Remote Users Access and Execute Files on the Target User's System;
WIDCOMM Bluetooth Communication Software Directory Traversal Vulnerability;
Microsoft ASP.NET URI Canonicalization Unauthorized Web Access Vulnerability;
Annuaire 1Two Index.PHP Cross-Site Scripting Vulnerability;
Microsoft Windows Server Message Block Vulnerability;
Microsoft Windows Web Client Service Vulnerability;
Microsoft Windows HTML Help Input Validation Vulnerability;
Microsoft ISA Server 2000 Two Vulnerabilities (MS05-034);
Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability;
Multiple Vendor TCP Sequence Number Approximation Vulnerability;
Multiple Vendor loopback (land.c) Denial of Service Vulnerability;
Microsoft Windows Step-by-Step Interactive Training Vulnerability
[16.6.2005 9:50]
paFileDB Multiple Bugs Permit SQL Injection and Cross-Site Scripting Attacks and Let Remote Users View or Execute
Local Files; Adobe flaw puts PCs at risk; Annuaire 1Two Commentaires.PHP Multiple HTML Injection
Vulnerabilities; Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and
Establish NetBIOS Connections
[17.6.2005 11:00]
SpamAssassin Bug in Processing Long Message Headers Lets Remote Users Deny Service; Sun Solaris
lpadmin Lets Local Users Overwrite Arbitrary Files; SquirrelMail Input Validation Holes in
Multiple Scripts Permit Cross-Site Scripting Attacks; ATutor Input Validation Bugs in Several
Scripts Permit Cross-Site Scripting Attacks; mcGallery Input Validation Holes Let Remote Users
View Files and Determine the Installation Path; Dokeos Multiple Vulnerabilities; SquirrelMail Cross-Site Scripting Vulnerabilities
[20.6.2005 10:00]
Sun ONE Messaging Server (iPlanet Messaging Server) vulnerability; RealVNC Null Sessions Disclose System Information to Remote Users
Sun ONE Messaging Server Lets Remote Users Execute Arbitrary Code on a Target Webmail User's System; JBoss Input Validation Hole May
Disclose Installation Path and Configuration File to Remote Users; Yaws Web Server Discloses Script Source Code to Remote Users; Mambo
'com_contents' Input Validation Hole in 'user_rating' Parameter Permits SQL Injection; JBoss Malformed HTTP Request Remote Information
Disclosure Vulnerability
[21.6.2005 14:40]
Novell GroupWise Client Discloses Password to Local Users; Cisco VPN 3000 Lets Remote Users Determine Valid Groupnames; Ublog
Reload Input Validation Holes in 'index.asp' Permit SQL Injection and in 'trackback.asp' Permit Cross-Site Scripting Attacks; Heimdal
telnetd Buffer Overflow in getterminaltype() Lets Remote Users Execute Arbitrary Code; Trac Input Validation Hole Lets Remote Users
Upload Arbitrary Files; Yaws Web Server Discloses Script Source Code to Remote Users; JBoss Malformed HTTP Request Remote Information
Disclosure Vulnerability; Claroline E-Learning Application
[22.6.2005 10:00]
Microsoft Internet Explorer, Opera, Apple Safari, iCab, Mozilla Camino Lets Remote Users Spoof Javascript Dialog Boxes;
Fortibus CMS Multiple SQL Injection Vulnerabilities;
[23.6.2005 10:00]
Veritas Backup Exec NetBackup Request Packet Denial Of Service Vulnerability, Server Remote Registry Access Vulnerability, Remote Agent Null Pointer
Dereference Denial Of Service Vulnerability, Remote Agent for Windows Servers Authentication Buffer Overflow Vulnerability, Admin Plus Pack Option Remote
Heap Overflow Vulnerability, Web Administration Console Remote Buffer Overflow Vulnerability;
[24.6.2005 9:20]
SGI IRIX arrayd Authentication Flaw May Grant Remote Users Root Access; Affinity Path Input Validation Error in 'support_page.cgi' Lets
Remote Users Execute Arbitrary Commands; Linux Kernel IA64 Architecture restore_sigcontext() Access Control Bug May Let Local Users Gain Elevated
Privileges; Linux Kernel Subthread Exec Signal Processing Bug Lets Local Users Deny Service; Veritas Backup Exec Bugs Let Remote Users
Execute Arbitrary Code, Crash the System, and Modify the Registry; RaXnet Cacti Graph_Image.PHP Remote Command Execution Vulnerability;
ImageMagick And GraphicsMagick XWD Decoder Denial Of Service Vulnerability; PostgreSQL TSearch2 Design Error Vulnerability; Safe.PM
Unsafe Code Execution Vulnerability; CGI.pm Start_Form Cross-Site Scripting Vulnerability; HP VCRM Proxy Server Password Disclosure Vulnerability;
Linux Kernel 2.6.x Two Local Denial of Service Vulnerabilities;