Computer Security
[EN] securityvulns.ru
no-pyccku




31.01.2007
Detailed
6!libgd graphics library code execution
document JIS fonts parsing problem in gdImageStringFTEx() function.
 Sun Solaris kcms_calibrate privilege escalation
   
 Sami HTTP Server DoS
document Crash on large number of requests to non-existent files.
  


30.01.2007
Detailed
7!Microsoft Agent memory corruption
updated since 14.11.2006
document Memory corruption on parsing .ACF files.
6!Multiple Oracle security vulnerabilities... again
document Multiple privilege escalations. Virtual private database protection bypass.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco Catalyst switches VTP DoS
updated since 28.01.2007
document Switch crashes on malformed VTP (VLAN Trunking Protocol) Subset-Advert message.
  


29.01.2007
Detailed
6!Apple Mac OS X Software Update / Apple Installer format string security vulnerability
document Format string vulnerability on parsing filename of application/x-apple.sucatalog+xml files (.sucatalog и .swutmp). Format string vulnerability in .pkg file name.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 29.01.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mac OS X crashdump symbolic links security vulnerability
document Symbolic links problem on creating dump file in user's home. Allows admin group user to escalate privileges to root.
 Telestream Flip4Mac format string vulnerabilities
document Momory corruption on malformed WMV file ASF_File_Properties_Object size field.
 Mac OS X CFNetwork library DoS
document NULL pointer dereference on HTTP server response parsing.
  


28.01.2007
Detailed
7!Yahoo Messanger crossaplication scripting
document Chat sign in / sign out messages are shown with Internet Explorer allowing scripting in local computer zone.
6!PHP Safe Mod protection bypass
document It's possible to traverse working directory protection by using writing mode (srpath://../ file prefix for fopen()).
6!Multiple QNX security vulnerabilites
document Unprivileged user can debug suid applications. Clipboard is world accessible.
6!IPSwitch WS_FTP unfilterd shell characters security vulnerability
document Shell charCters problem on SCP files parsing.
6!ulogd buffer overflow
   
6!chmlib library memory corruption
document Value from file is used directly in alloca() function call.
6!PGP Desktop code execution
document PGPServ.exe/PGPsdkServ.exe Service doesn't validate data received through named pipe \pipe\pgpserv or \pipe\pgpsdkser.
 bind named DoS
document 2 errors (use-after-free and type ANY response parsing) on response parsing of DNSSEC request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Trend Micro VirusWall for Linux buffer overflow
document Buffer overflow in libvsapi.so library used by vscan suid root application.
  


25.01.2007
Detailed
7!Citrix Metaframe Presentation Server / Javvin DiskAccess printer provider buffer overflow
document Buffer overflow in cpprov.dll EnumPrintersW() and OpenPrinter() functions.
6!CA personal firewall multiple privilege escalations
document Multiple vulnerabilities in HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys)drivers.
 gtk library DoS
document Crash on GIF files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Earthlink TotalAccess AtciveX protection bypass
document It's possible to manage sender and domain whitelists.
  


24.01.2007
Detailed
10!Cisco routers and code execution with IP options DoS
document ICMP, UDP or TCP packets with some IP options set can cause device reload and potentially code execution.
6!Apple QuickDraw libraries memory corruption
document Memory corruption on maleformed PICT image ARGB record.
6!Apple Mac OS X UserNotificationCenter privilege escalation
document Application doesn't droup wheel group privileges.
6!Cisco routers IPv6 DoS
document Router crash on parsing IPv6 packet RH (routing header).
6!Cisco routers memory leak DoS
document Memory leak on incoming TCP packets.
 Sun Ray Server password information leak
document /cgi-bin/mail scripts records utadmin administrator's password is recorded into log file.
 OpenBSD IPv6 ICMPv6 DoS
document Infinite loop on ICMPv6 packet parsing.
 pam unauthorized access
document Any password is accepted if password hash contains some set of characters.
 Sun Solaris tip privilege escalation
document Privilege escalation to 'uucp' user.
 Sienzo Digital Music Mentor ActiveX buffer overflow
document Buffer overflow in NCTAudioFile2.AudioFile SetFormatLikeSample() method.
 Multiple IP Phones unauthorized access
document After administrative login it's possible to access administration interface from any IP without password validation.
 xine-ui format string vulnerability
document Format string vulnerability in errors_create_window() on media files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.01.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 OpenLDAP installation symbolic links vulnerability
document gencert.sh installation script insecure tempoary files creation.
 Multiple mobile phones bluetooth DoS
document Flood with ussp-push messages causes user interface blocking by multiple download prompt messages.
 Microsoft Visual Studio buffer overflow
document Buffer overflows on oversized filename in different paramters.
 Apple Safari / Konqueror SCRIPT tag filtering bypass
document Brower follows <script> tags within HTML comment. It violates HTML standard.
  


23.01.2007
Detailed
8!Sun Java memory corruption
updated since 18.01.2007
document Memory corruption on GIF files parsing with 0 width block. Can be used for hidden malware installation.
  


22.01.2007
Detailed
7!Mac OS X writeconfig privilege escalation
document launchctl utility is executed by relative path from suid application.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.01.2007
Detailed
8!Apple QuickTime HREFTrack crossite scripting
document Script can refer to local resources. Vulnerability is used in-the-wild for malware code installation.
7!Intel Centrino ipw2200 wireless drivers buffer overflow
document Buffer overflow on oversized SSID
7!Mac OS X SLP daemon buffer overflow
document Buffer overflow on parsing arguments list of SLP request.
6!Apple iChat format string vulnerability
document Format string vulnerability on aim:// URI parsing.
6!Apple Mac OS X transmit.app buffer overflow
document Buffer overflow on ftps:// URI parsing.
6!Rumpus FTP server multiple security vulnerabilities
document Shell characters problems, buffer overflows, weaklpermissions.
6!Colloquy IRC client multiple format string vulnerabilities
document Multiple format string vulnerabilities, e.g. invite IRC command.
 Unsanity Application Enhancer privilege escalation
document Multiple privilege escalation issues.
 netrik shell characters problems
document Shell characters problem on temporary files creation.
 AVM IGD CTRL Service directory traversal
document HTTP directory traversal with TCP/49001 (UPNP) port.
 WzdFTPD FTP server DoS
document NULL pointer dereference on FTP commands parsing.
 T-Com Speedport ADSL router unauthorized access
document Constant Cookie value is set for Web access verification.
 Multiple PDF library PDF parsing DoS
updated since 18.01.2007
document Infinite loop on page model tree parsing.
 VLC Media Player buffer overflow
updated since 03.01.2007
document Buffer overflow on oversized udp:// URI during M3U file parsing.
  


20.01.2007
Detailed
7!grsecurity privilege escalation
updated since 12.01.2007
document Privilege escalation with expand_stack().
6!Cisco CS MARS and Cisco ADSM TLS, SSL, SSH certificates validation problem
document On connecting to managed device, device certificate is not validated.
6!HP-UX ipfilter DoS
document System crash on malcrafted packet.
 AVM Fritz!Box VoIP router DoS
document Crash on empty UDP packet to UDP/5060 (SIP) port.
 Mac OS X syscall DoS
document Arguments of shared_region_map_file_np() syscall are not checking, making it's possible to exhaust all available memory.
 BitDefender client format string vulnerability
document Format string vulnerability on scan settings logging.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Help Workshop buffer overflow
updated since 18.01.2007
document Buffer overflow on .cnt / .hpj files parsing.
  


18.01.2007
Detailed
8!Unzuthorized file access via file stdio decriptors in multiple Unix systems
updated since 22.04.2002
document By exhausting all file descriptors and closing stderr it's possible to causesituation called application will open new file with descriptor 2 and all stderr output will be redirected to file. In few systems it's enougth to close standard descriptor.
 MBSE BBS for Unix buffer overflow
document Buffer overflows in multiple suid utilities on environment variables parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.01.2007
Detailed
6!Multiple Squid cache proxy security vulnerability
document external_acl queue infinite loop, FTP client code DoS on parsing FTP server listing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 wget FTP client code DoS
document Multiple blank 220 FTP responses on FTP SYST command cause application crash.
  


16.01.2007
Detailed
7!Multiple Mac OS X security privilege escalation
document Few suid application binaries are user-writable.
6!Mac OS X AppleTalk protocol buffer overflow
document Heap buffer overflow.
6!libgtop buffer overflow
document Buffer overflow on /proc FS parsing.
6!Mac OS X / Apple Finder multiple file system parsing vulnerabilities
updated since 11.01.2007
document Buffer overflow on oversized DMG volume label in Apple Finder. Integer overflows on UFS DMG image parsing. DoS on processing UFS and HFS+ volumes.
6!Kaspersky Antivirus privilege escalation
updated since 21.10.2006
document Privilege escalation with KLIN and KLICK system drivers IOCTL.
 Ooutpost self-protection bypass
document It's possible to bypass self-protection by using NTFS hard links.
  


15.01.2007
Detailed
6!Multiple GnuPG potential vulnerabilities
document Multiple potential buffer overflow and integer overflow with unknonwn exploitability.
 BMC Remedy Action Request System user enumeration vulnerability
document Messages for invalid password and invalid user name are different.
 WFTPD Pro FTP server DoS
document Incomplete SITE ADMIN command causes server to crash.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 libneon array index overflow
document Index overflow on URI parsing with non-ASCII characters in 64-bit systems.
 libsoup library DoS
document DoS on parsing HTTP headers.
  


13.01.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.01.2007
Detailed
6!Multiple F5 FirePass security vulnerabilities
document URL restrictions bypass, crossite scripting. Restrictions bypass with dotless IP address. Acounts enumeration.
6!Sun Solaris rpcbind DoS
   
 IBM AIX ftpd DoS
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Open View Network Node Manager multiple vulnerabilities
document Remote file access and code execution is possible.
 FreeBSD jail rc.d symbolic links problem
document Multiple conditions allow to write files begind jailed environment, as an example symbolic link /var/log/console.log.
 snort integer overflow
document Signed integer type overflow on GRE protocol parsing.
  


11.01.2007
Detailed
7!TIS Internet Firewall Toolkit buffer overflow
document Buffer overflow on FTP proxy oversized user name.
6!Multiple Microsoft Outlook security vulnerabilities
updated since 09.01.2007
document DoS. Buffer overflow on .iCal and .oss files parsing.
 Microsoft Windows WMF invalid pointer dereference
document Invalid pointer dereference in GDI on CreateBrushIndirect function.
 EIQ Networks Network Security Analyzer DoS
document Crash on malformed command to TCP/10618 port.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco IOS Data-link Switching DoS
document Device reload on malformed DLSw message parsing.
 Securekit Steganography / Camouflage protection bypass
updated since 09.01.2007
document File with hidden information has strong signature, password protection is implemented in interface only.
  


10.01.2007
Detailed
7!Adobe Reader buffer overflow
document Heap buffer overflow on PDF parsing.
6!Adobe Macromedia ColdFusion source code leak
document Adding twice encoded NULL byte to path allows .CFM file content disclosure.
6!X.org / XFree68 multiple integer overflows
updated since 09.01.2007
document Integer overflow in DBE and Renderer extensions.
 Cisco UCC / IPCC JTapi DoS
document Service restart on invalid data received through TCP port.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.01.2007
Detailed
9!RPC library / MIT Kerberos kadmind uninitialized function pointer
document Function call by uninitialized pointer in RPC server code allows code execution.
8!GSS-API library / MIT Kerberos kadmind (uninitialized pointer free)
document free() of unallocated memory pointer in mechglue GSS API layer.
8!Microsoft VML buffer overflow
document Buffer overflow and integer overflows on Vector Markup Language parsing. May be used for hidden malware installation.
7!Hewlett Packard multiple printers privilege escalation
document Local user have full access to printer service "PML Driver HPZ12" thorugh service manager, making it possible to configure any executable to be run with local system privileges.
7!Opera browser multiple security vulnerabilities
updated since 06.01.2007
document Memory corruption on JPEG parsing, function call via user-controlled pointer.
7!Multiple Cisco Clean Access vulnerabilities
updated since 04.01.2007
document Shared secret for client access is same for all devices and can not be changed. Location of database backup (snapshot) can be bruteforced and downloaded without authentication.
 Microsoft Office 2003 grammar checking memory corruption
document Memory corruption on Brazilian and Portuguese grammar checking.
 Sina UC instant messenger ActiveX buffer overflow
document Buffer overflow in SendChatRoomOpt() method.
 Packeteer PacketShaper multiple buffer overflow
document Buffer overflow in Web and command line interfaces.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Avahi DNS response DoS
document Malcrafted DNS response causes endless loop.
 ksirc client DoS
document NULL pointer dereference on malformed server reply.
  


08.01.2007
Detailed
7!OpenBSD vga privilege escalation
updated since 05.01.2007
document vga_ioctl() syscall allows code execution in kernel.
6!Apple OmniWeb Format string vulnerability
document Format string vulnerability in javascript alert() function.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Novell Netware client restriction bypass
document Problem with profile handling under terminal session.
 CenterICQ buffer overflow
document Buffer overflow in LiveJournal support module.
  


07.01.2007
Detailed
8!Apple QuickTime buffer overflow
updated since 03.01.2007
document Buffer overflow on oversized rtsp:// URLs.
6!Cisco Secure ACS multiple security vulnerabilities
document Buffer overflow and DoS on malformed RADIUS packet parsing, buffer overflow on malformed HTTP request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Fetchmail multiple security vulnerabilities
document Multiple password leak problems on inability to establish secured authentication, DoS.
  


06.01.2007
Detailed
6!Eudora WorldMail buffer overflow
document Buffer overflow in remote management interface (TCP/106).
6!Kaspersky Antivirus DoS
document Endless loop on invalid NumberOfRvaAndSizes field value of PE file.
 OpenVMS multiple security vulnerabilities
document HP DecNet-Plus undisclosured vulnerability, cleartext password in log files.
 Apple Mac Os X DiskManagement.framework privilege escalation
document File integrity for file with original permissions database is not checked during permissions restoration.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


05.01.2007
Detailed
6!Multiple browsers race conditions
updated since 18.08.2006
document There are different race condition with threading synchronization on different concurrent events.
 Perforce client insecure design
document Server has full control under client.
 Business Objects Crystal Reports buffer overflow
document Buffer overflow on parsing .RPT files.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Power Archiver buffer overflow
document Buffer overflow on parsing .ISO files.
 Multiple security vulnerabilities in Bluetooth protocol and Bluetooth stacks implementations
document Buffer overflows, weak authentication algorithm, weak pseudo-random number generators, directory traversals, etc.
  


04.01.2007
Detailed
7!Adobe reader plugin PDF files universal crossite scripting
updated since 03.01.2007
document 1. By using URIs like http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where document is stored. There are also more bugs exploitable thorugh a web page.
6!OpenOffice buffer overflow
document Integer overflow leads to heap buffer overflow on EMF/WMF files parsing.
 DWR protection bypass
document Protection againsts functions access is implemented in client side.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.01.2007
Detailed
6!WinZip ActiveX buffer overflow
updated since 15.11.2006
document Buffer overflow in WZFILEVIEW.FileViewCtrl.61 element.
 ICONICS Dialog Wrapper Module ActiveX control buffer overflow
document Buffer overflow in DoModal() method.
 Miredo authentication bypass
document HMAC-MD5-64 authentication can be bypassed.
 QK SMTP server buffer overflow
document Buffer overflow on oversized RCPT TO: SMTP command argument.
 MoviePlay buffer overflow
document Buffer overflow on .lst files parsing.
 Linux ATMEL wireless drivers buffer overflow
document Buffer overflow in Get_Wep() function.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru