Computer Security
[EN] securityvulns.ru
no-pyccku

  


31.01.2009
Detailed
6!FFMpeg (VLC, MPlayer, Perian, Xine) integer overflow
document Integer overflow on 4X format parsing.
6!Google Chrome code execution
document chromehtml: URI parameter injection.
6!dBpowerAMP Audio Player buffer overflow
updated since 06.02.2008
document Buffer overflow on m3u and pls files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. E107: обход CAPTCHA, межсайтовый скриптинг.
 Linux kernel multiple security vulnerabilities
document Multiple DoS conditions.
 Ralinktech wireless adapter driver integer overflow
updated since 20.01.2009
document Integer overflow on oversized SSID.
  


30.01.2009
Detailed
 Motorola CPEi300 WiMAX modem web interface multiple security vulnerabilities
document Directory traversal, crossite scripting.
  


28.01.2009
Detailed
6!CUPS symbolic links vulnerability
document Insecure /tmp/pdf.log file creation.
6!Apache Tomcat multiple security vulnerabilities
updated since 01.08.2008
document Crossite scripting, information leak.
 SonyEricsson mobile phones WAP DoS
document Crash on SMS or UDP/2948 WAP PUSH message handling.
 Linux syscall filtering bypass
document 32 bit application can use 64 bit syscall and vice versa to bypass syscall filtering, because syscall numbers are different.
 ganglia cluster monitoring tool buffer overflow
document gmetad buffer overflow.
 BEA (Oracle) WebLogic Server crossite scripting
document Crossite scripting in administration console.
 JetAudio buffer overflow
document Buffer overflow on .m3u files parsing.
 Total Video Player off-by-one overflow
updated since 25.11.2008
document Off-by-one heap buffer overflow on .au files parsing.
 VUPlayer buffer overflow
updated since 22.01.2009
document Buffer overflow on .ASX / .VAX files parsing.
 Browser3D buffer overflow
document Buffer overflow on .sfs file parsing.
 CA Antivirus protection bypass
document Invalid archives handling.
  


25.01.2009
Detailed
6!EMC AutoStart code execution
document Integer user controlled argument is used to calculate function pointer in ftbackbone.exe (listens TCP/8042).
 AXIS Camera Control ActiveX buffer overflow
document Buffer overflow in image_pan_tilt property.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.01.2009
Detailed
7!Apple QuickTime multiple security vulnerabilities
updated since 22.01.2009
document Memory corruptions on Cinepak, VR Track, STSD, AVI parsing.
  


22.01.2009
Detailed
7!Cisco Security Manager unauthorized access
document Unauthorized MySQL database access is possible if used with Cisco IPS Event Viewer.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco Unified Communications Manager DoS
document Certificate Authority Proxy Function service DoS (TCP/3804).
 Axis 70U Network Document Server multiple security vulnerabilities
document Privilege escalation, unauthorized files acccess, crossite scripting.
 scilab symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
  


21.01.2009
Detailed
 Microsoft Windows fails to disable autorun
document None of documented methods to disable autorun does it completely. This way of distribution is actively used by malware. CERT advises to add next record into registry (@ means default value for key). [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist"
  


20.01.2009
Detailed
 Microsoft Windows Mobile bluetooth stack directory traversal
document OBEX FTP directory traversal.
 Windows NTP Time Server Syslog Monitor DoS
document Crash on malformed syslog packet
 Trend Micro OfficeScan / Trend Micro Internet Security multiple security vulnerabilities
document Firewall settings manipulations, DoS.
 Fujitsu SystemcastWizard Lite buffer overflow
document Buffer overflow on oversized PXE request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.01.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: SQL injection, DoS.
  


18.01.2009
Detailed
6!Cisco ONS TCP DoS
document Crash on TCP connection establishing.
6!Cusci IronPort Encryption Appliance / PostX multiple security vulnerabilities
document Unauthorized access to encrypted messages, unauthorized access to administration interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 TFTPUtil GUI TFTP Server multiple security vulnerabilities
document DoS, directory traversal.
 VirtualBox symbolic links vulnerability
document Insecure temporary files creation.
 Avira Antivir multiple security vulnerabilities
document Multiple DoS conditions and privilege escalations.
 Excel Viewer ActiveX buffer overflow
document Buffer overflow in Open method.
 Sagem F@ST 2404 router DoS
updated since 09.09.2008
document Device crash on oversized Web interface URL string. Unauthorized access to router reset Web page.
 OTSTurntables buffer overflow
document Buffer overflow on .ofl files processing.
  


16.01.2009
Detailed
 Syslserve DoS
document Crash on malformed syslog message parsing.
 WowWee Rovio webcam unauthorized access
document Unauthorized access to RTSP stream and different configuration pages is possible.
 Cisco VLAN trunking DoS
document Switch reloads on malformed VTP packet.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. e-Vision CMS: crossite scripting.
 Cisco SIP VoIP phones DoS
document Crash on malformed RTP header parsing.
  


15.01.2009
Detailed
 Netsurf browser multiple security vulnerabilities
document Integer overflows and memory exhaustion.
 Novell Netware ICEbrowser denial of service
document Resources exhaustion with Javascript.
  


14.01.2009
Detailed
9!Microsoft Windows SMB multiple security vulnerabilities
updated since 13.01.2009
document Buffer overflows and DoS conditions.
6!RIM BlackBerry Enterprise Server buffer overflow
updated since 13.01.2009
document Buffer overflow on PDF attachments.
 JHead multiple security vulnerabilities
document Buffer overflow, symlink vulnerability, unfiltered shell characters vulnerability.
 Zaptel privilege escalation
document It's possible to overwrite kernel memory.
 Solaris integer overflow
document Integer overflow in SYS_kaio syscall.
 PHP popen() function buffer overflow
document Buffer overflow on oversized mode argument.
 HP OpenView Network Node Manager DoS
   
 Amarok multiple security vulnerabilities
document Integer overflows, memory corruption.
 KDE Konqueror DoS
document Memory exhaustion on oversized SRC and HREF parameters
  


13.01.2009
Detailed
 DevIL library buffer overflow
document Buffer overflow in iGetHdrHeader() function on Radiance RGBE files processing.
 PDFBuilderX ActiveX unauthorized filesystem access
document Unsafe methods are available.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FCKeditor: crossite scripting, information leak. WOSendNews: crossite scripting, information leak.
  


11.01.2009
Detailed
6!CA Service Metric Analysis / CA Service Level Management code execution
document It's possible to execute commands with snmp service.
6!Cisco Global Site Selector Appliances DoS
document Crash on malformed DNS requests sequence.
 NETGEAR WG102 wireless router SNMP information leak
document It's possible to retrieve write community with read community
 IBM DataPower XS40 Security Gateway DoS
document Crash on malformed SSL data.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Xaraya: crossite scripting
 TSC2 Help Desk ActiveX buffer overflow
document CTab ActiveX buffer overflow
 Multiple FTP servers unsafe fgets() vulnerability
updated since 30.09.2008
document It's possible to embed additional commands into URLs.
  


09.01.2009
Detailed
6!VMWare ActiveX buffer overflow
document VMDBCOMLib.VMList Initialize method buffer overflow.
 Asterisk user account enumeration
document Different replies for invalid username and password in IAX2 authentication.
 Virgilio toolbar ActiveX DoS
   
 Microsoft Internet Explorer DoS
document Crash on recursive script creation with createElement().
  


06.01.2009
Detailed
6!Samba directory traversal
document Root filesystem access is possible if "registry shares = yes" option is enabled.
 Coolplayer buffer overflow
document Buffer overflow on skin file parsing
  


05.01.2009
Detailed
 Walusoft TFTPServer2000 directory traversal
document Directory traversal in GET command.
 Destiny Media Player buffer overflow
document Buffer overflow on .lst files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting
 Multiple FTP clients FTP bounce attack
updated since 05.03.2007
document Passive FTP implementation in multiple client allows to use FTP bounce attack for port scanning.
  


04.01.2009
Detailed
 Linux kernel DoS
document Race conditions during socket message input/ouput processing on Unix sockets.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru