Computer Security
[EN] securityvulns.ru no-pyccku



31.01.2008
Detailed
 OpenBSD BGP daemon crossite scripting
document Web-interface crossite scripting.
 xdg-utils shell characters vulnerability
document Shell characteres vulnerability on invoking external application by URI.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


30.01.2008
Detailed
 Netkit ftpd FTP server DoS
document uninitialized pointer reference.
 LSrunasE and Supercrypt cryptogoraphic vulnerabilities
document Cryptography is implemented in insecure way.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.01.2008
Detailed
6!Firebird SQL server integer overflow
document Integer overflow on XDR parsing leads to memory corruption.
 Move Networks Quantum Streaming Player ActiveX buffer overflow
document QMPUpgrade.dll buffer overflow
 yarssr RSS reader shell characters vulnerability
   
 ngIRCd IRC daemon DoS
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Tripwire Enterprise/Server crossite scripting
document Web management interface crossite scripting.
  


27.01.2008
Detailed
 pulseuadio privilege escalation
document setuid() result is not checked.
 PatchLink Update Unix client symbolic links vulnerability
document Symbolic links vulnerability on temporayr files creation.
 icu / libicu multiple security vulnerabilities
document Multiple vulnerabilities on regular expressions execution.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Boundless Source: crossite scripting.
 GE Fanuc Cimplicity buffer overflow
   
  


25.01.2008
Detailed
6!IBM Tivoli Provisioning Manager for OS Deployment buffer overflow
document Buffer overflow on oversized HTTP request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: SQL injection and crossite scripting.
 IBM AIX pioout utility buffer overflow
   
  


24.01.2008
Detailed
6!Cisco Application Velocity System default account
document Password for default account is not generated during installation.
 ImageShack Toolbar ActiveX unauthorized access
document Insecure method allows local files reading access.
 HTTP File Serve multiple security vulnerabilities
document Crossite scripting, information disclosure, unauthroized files creation, log manipulation, user name spoofing.
 Cisco PIX / Adaptive Security Appliance DoS
document Crash on TTL processing if decrement-ttl enabled.
 SDL_Image library buffer overflow
document Buffer overflow on GIF parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: SQL injection and crossite scripting.
 Apache multiple security vulnerabilities
updated since 12.01.2008
document mod_proxy_balancer —Ārossite scripting, crossite requests forgery, memory corruption, DoS, mod_proxy_ftp and mod_status, mod_negotiation - crossite scripting.
 HP-UX ARPA transport DoS
updated since 15.02.2007
   
 Mozilla Firefox chrome: URL directory traversal
document It's possible to access local script files
  


22.01.2008
Detailed
 Belkin F5D9230-4 wireless router unauthorized access
document It's possible to access few web administration pages without password.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 scponly privilege escalation
document Code execution with Subversion, Unison, rsync.
  


21.01.2008
Detailed
7!Axigen AXImilter format string vulnerability
document CNHO header buffer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: crossite scripting
 AliceGate 2 ADSL WiFI routers unauthorized access
document It's possible to access few administration pages, including WiFi encryption configuration, without authentication.
  


20.01.2008
Detailed
7!SocksCAP buffer overflow
document Buffer overflow on oversized host name.
6!Citrix Presentation Server buffer overflow
document IMA service(TCP/2512, TCP/2513) heap buffer overflow.
6!BitDefender Update Server directory traversal
document HTTP server directory traversal with /../
 CORE FORCE firewall buffer overflow
document Buffer overflow on IOCTLs and SSDT-hooked functions processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Dell Remote Access Card DoS
updated since 16.08.2007
document nmap scan causes SSH service to crash.
 OKI C5510MFP printers unauthroized access
document Web interface password is checked on client site.
  


17.01.2008
Detailed
7!Cisco Call Manager / Cisco Unified Communications Manager buffer overflow
document Buffer overflow in CTL Provider Service (TCP/2444).
7!Apple QuickTime multiple security vulnerabilities
updated since 16.01.2008
document Buffer overflow on parsing Macintosh resources embedded into QuickTime movie. Quicktime Image IDSC atom memory corruption.
6!BitTorrent / uTorrent buffer overflow
document Buffer overflow on peer information displaying.
6!Linux kernel filesystem DoS
document Local user can corrupt filesystem.
 boost library DoS
document Insufficient regular expression validation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 apt-listchanges privilege escalation
document Library is loaded by relative path.
  


16.01.2008
Detailed
6!Linux kernel IPv6 DoS
document Uninitialized memory reference.
6!TIBCO SmartSockets RTserver multiple security vulnerabilities
document Buffer overflows, arrays overflows, pointers manipulation.
6!FreeBSD libc / libbind memory corruption
document Off-by-one heap overflow in inet_network() .
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 16.01.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch PHP: crossite scripting
 FreeBSD pty hijacking
document 'script' users openpty in insecure way, ptsname incorrectly extracts device name.
  


15.01.2008
Detailed
7!Macrovision FlexNet Connect ActiveX code execution
document Insecure methods are available through ISDM.exe and isusweb.dll.
 IBM Tivoli Storage Manager Express Backup Server buffer overflow
document TSM Express Backup Server (TCP/1500) buffer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch PHP: crossite scripting
 F5 BIG-IP crossite scripting
updated since 15.01.2008
document Administration interface crossite scripting
 Apple Safari DoS
updated since 15.01.2008
document Malcrafted HTML causes browser to crash.
  


13.01.2008
Detailed
7!Sun Solaris ICMP DoS
updated since 01.02.2007
document Malformed ICMP packets cause system to crash.
6!Linux kernel multiple security vulnrabilities
document unask is not correctly applied on CIFS filesystem, DoS via hugetlb_vmtruncate_list and hugetlb_vmtruncate, IA32 emulation subsystem processor registors access, ieee80211_rx integer overflow, Philips USB Webcam driver DoS, wait_task_stopped DoS.
 StreamAudio ChainCast ProxyManager ActiveX buffer overflow
document Buffer overflow in InternalTuneIn().
 autofs privilege escalation
document nosuid and nodev flags are not specified for NFS.
 libxml DoS
updated since 13.01.2008
document Hanging on XML parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch: crossite scripting
  


12.01.2008
Detailed
6!Apple QuickTime Player buffer overflow
updated since 12.01.2008
document Buffer overflow on HTTP error message displaying.
 OpenAFS race conditions
document Race conditions on acquiring and giving back file callbacks.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


10.01.2008
Detailed
6!Novell Netware Client privilege escalation
document \\.\nicm device allows memory manipulation in kernel context.
 Sun Identity Manager multiple security vulnerabilities
document Crossite scripting, frame injection, crossite request forgery.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 XFCS multiple security vulnerabilities
document Buffer overflow, access to free()'d memory.
  


09.01.2008
Detailed
10!Microsoft Windows TCP/IP stack multiple security vulnerabilities
document Memory corruption on IGMP/MLD processing, DoS on fragmented ICMP router discovery.
8!SAP MaxDB shell characters security vulnerability
document Shell characters vulnerability on executing pre-authentication exec_sdbinfo command.
6!McAfee E-Business Server buffer overflow
document TCP/1718 administration interface buffer overflow.
6!Microsoft Windows LSASS LPC requests privilege escalation
document It's possible to execute code with LocalSystem privileges.
 Gateway WebLauncher ActiveX code execution
document Insecure methods and buffer overflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 unp shell characters security vulnerability
document shell characters vulnerability thorugh filenames.
  


08.01.2008
Detailed
7!Linksys WRT54GL wireless router unauthorized access
document Some administrative functions, including firewall rules changing, may be performed without authentication.
6!OpenPegasus buffer overflow
document PAM authentication byffer overflow.
6!SynCE shell characters vulnerability
document Shell characters vulnerability on external application execution.
6!Microsoft Windows Vista / XP / 2000 audio drivers privilege escalation
document Ensoniq PCI 1371 WDM audio driver privilege escalation.
 SUN Java Runtime Environment DoS
document NULL pointer dereference on HTML-embedded RFC 2397 encoded applets.
 Level One WBR-3460A wireless ADSL router unauthorized access
document Username/password is not required for telnet configuration access.
 Motorola netOctopus agent privileg eescalation
document \\.\NantSys system device allows processor registers modification.
 PostgreSQL database server multiple security vulnerabilities
document Privilege escalation with indexing functions, privilege escalation with DBLink, DoS with regular expressions.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Geeklog: crossite scripting thorugh different form fields.
  


06.01.2008
Detailed
6!Aruba Mobility Controller unauthorized access
document Unauthorized access without password if LDAP authentication module enabled.
6!Novell ZENworks Endpoint Security Management security client privilege escalation
document Application launch with SYSTEM privileges by relative path, temporary executable files creatin in user-controlled directory.
 loop-aes-utils / util-linux privilege escalation
document Group privileges are not properly dropped.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


04.01.2008
Detailed
7!YaSSL library / MySQL multiple security vulnerabilities
document Buffer overflows in ProcessOldClientHello and operator>>, memory exhaustion in HASHwithTransform::Update.
7!PHP multiple security vulnerabilities
document DoS conditions, internal state modification, code execution, integer overflows, information leaks.
 VanDyke VShell DoS
document DoS on keys exchange.
 Seattle Lab telnet Server DoS
document NULL pointer dereference on telnet options parsing.
 Pragma TelnetServer DoS
document NULL pointer dereference on TELOPT PRAGMA LOGON telnet option.
 Pragma FortressSSH SSH server DoS
document Multiple user-reachable assert()'s.
 Foxit Remote Access Server telnet server DoS
document Crash on oversized option.
 MaraDNS DNS server DoS
document CNAME record fails to resolve on malformed packet.
 tcpreen buffer overflows
document FD_SET buffer overflow on large number of incvoming connections.
 Wireshark multiple security vulnerabilities
document Infinite loop in RPC dissector, memory exhaustion in CIP dissector.
 FortiGuard URL filtering protection bypass
document It's possible to bypass filtering by removing Host:header from HTTP request of by fragmenting request.
 Dovecot password caching vulnerability
document Under some conditions user can be logged with different account with same password.
  


03.01.2008
Detailed
8!Adobe Flash Player multiple security vulnerabilities
updated since 20.12.2007
document Heap buffer overflow on JPEG processing, universal crossite scripting, information leak.
6!Georgia SoftWorks SSH server multiple security vulnerabilities
document Format string vulnerabilities and buffer overflows.
 Asterisk SIP Also transfer DoS
document NULL pointer dereference on BYE message parsing.
 White_Dune VRML editor multiple security vulnerabilities
document Buffer overflow and format string vulnerability on WRL files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. AwesomeTemplateEngine: crossite scripting.
  


02.01.2008
Detailed
7!IBM Lotus Domino Web Access multiple ActiveX components security vulnerabilities
document inotes6.dll, dwa7w.dll, inotes6w.dll buffer overflows.
6!Opera browser multiple security vulnerabilities
document Crossite scripting, problem with TLS certificates, information leak.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: local file include, directory traversal, files modification and information leak.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod