The advisories are simple text documents for describing the details and the information about a specific vulnerability in a specific software. The amount and the depth of the details contained in them naturally depends by various reasons, anyway often more details are (directly or indirectly) available also in the source code of the relative proof-of-concept I provide. Usually the vulnerabilities can be classified in the following macro groups: - buffer-overflow/memory corruption: possibility to write custom data outside the limit of the target memory dedicated to contain that specific type of data, in this category is also possible to include other bugs like array overflow and arbitrary memory overwriting ever with the possible effect for an attacker to execute malicious code - off-by-one: similar to the buffer-overflow but limited to only one byte, in some rare cases could be possible to cause code execution but I consider them mostly a Denial of Service - format string: the classical bug in the printf-like functions where is missed the format argument, possible code execution - directory traversal: reading/writing/executing of files in the system or in the disk where is running the vulnerable program - information disclosure: everything which allows to retrieve more or less important information from a system, the best example are the CGI/ASP source disclosures in some webservers - security bypass: everything which allow to get high privileges without knowing the right keyword/password - Denial of Service: a generic way for specifing a bug where the only effect is the termination of the program or in some rare cases where the causes are not so clear, in this category are included also the socket unreachable and termination, NULL pointer and access violations - design vulnerabilities: they are my preferred bugs and some examples are the socket unreachable bugs (udp packets with a size of 0 or bigger than how much expected) and the "ping-pong" packets loop where a spoofed udp packet with the same IP and port of the server is sent and received by itself forever - other bugs which don't match the previous categories or that simply I don't remember at the moment 8-) A short explanation of the "broadcast client bug" and the "socket unreachable/termination" terms is available here: http://aluigi.org/adv/broadinfo.txt http://aluigi.org/adv/socket_unreachable_info.txt The "Fix" field in my advisories is referred to the current fix, patch or work-around at the time of the release of the advisory. Only rarely or after request of the vendor/developers I update that field with new information about a solution provided after the release of my advisory so it's possible that the bug has been already fixed officially or unofficially by me.