Computer Security
[EN] securityvulns.ru
no-pyccku




28.01.2010
Detailed
6!Cisco Unified MeetingPlace multiple security vulnerabilities
document SQL injection, unauthorized access, information leak, privilege escalation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Serversman HTTP server DoS
document Crash on HEAD request.
 Netsupport Manager DoS
document Crash on invalid request to application port.
 SAP BusinessObjects crossite scripting
   
 Rising Antivirus privilege escalation
document IOCTL privilege escalation.
 Geo++ GNCASTER multiple security vulnerabilities
document Weak Digest authentication, buffer overflow, DoS.
 lintian multiple security vulnerabilities
document Directory traversal, format string vulnerabilities, shell characters vulnerabilities.
 hybrid and ratbox IRC servers multiple security vulnerabilities
document LINKS command, integer overflow, HELP command DoS.
 HP OpenView Storage Data Protector privilege escalation
   
 HP System Management Homepage crossite scripting
document Crossite scripting in getuiinfo.
  


27.01.2010
Detailed
6!Apache mod_proxy integer overflow
document Integer overflow leading to heap overflow on server reply chunked encoding parsing.
 IBM DataPower XS40 security gateway DoS
document ICMP packet with destination address 0.0.0.0 causes device to hang.
  


26.01.2010
Detailed
9!Internet Explorer memory corruption
updated since 22.11.2009
document Memory corruption then setting outerHTML from body style.
8!Microsoft Windows kernel privilege escalation
document Invalid exception handling in #GP trap handler allows ring0 privilege escalation
6!Google Chrome memory corruption
document Use-after-free on blocked pop-up windows processing.
 Novell ZENworks Asset Management SQL injection
document SQL injection via docfiledownload parameter.
 Files2links F2L-3000 SQL injection
document SQL injection on authentication page.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 TheGreenBow VPN Client privilege escalation
updated since 18.08.2009
document Buffer overflow on IOCTL processing in tgbvpn.sys.
 GNU coreutils symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation in dist-check.mk
 Apache Tomcat multiple security vulnerabilities
document Files deletion, weak permissions after re-installation.
 Safari DoS
document Allocating large amount of memory with Javascript causes NULL pointer dereference.
  


23.01.2010
Detailed
8!Microsoft Internet Explorer Multiple security vulnerabilities
updated since 19.01.2010
document 0-day use-after-free vulnerability on createEventObject processing: <body onload="for(var i=0; i!=10000; i++) ev.srcElement"> <img src=. onerror="ev=createEventObject(event); outerHTML++">, Multiple memory corruptions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.01.2010
Detailed
7!gzip integer overflow
document Integer overflow on LZW decompression.
7!Adobe Shockwave Player integer overflows
updated since 20.01.2010
document Integer overflows and buffer overflow on Shockwave processing.
6!Cisco CiscoWorks Internetwork Performance Monitor buffer overflow
document Buffer overflow on CORBA GIP request processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Power Manager code execution
updated since 05.11.2009
document Buffer overflow during authentication via web form. Buffer overflow in /goform/formExportDataLogs, directory traversal.
  


20.01.2010
Detailed
7!glibc getpwname information leak
document Records from passwd.adjunct.byname map are added to passwd map leading to crypted NIS password disclosure.
6!Cisco IOS XR DoS
document DoS against SSH server leading to system resource exhaustion.
 Kingsoft DuBa Browser Shield ActiveX memory corruption
   
 Baidu Security Center memory corruption
document FireFoxProxy ActiveX memory corruption.
 Xunlei XPPlayer / Xunlei KanKan Player ActiveX integer overflow
   
 QvodPlayer ActiveX memory corruption
document ColorFilter ColorFilter memory corruption.
 Wireshark sniffer multiple security vulnerabilities
document DoS via SMB and SMB2 packets, buffer overflow on Daintree SNA files parsing.
 S.O.M.P.L. Player buffer overflow
document Buffer overflow on .M3U playlists parsing.
  


19.01.2010
Detailed
6!AOL ActiveX buffer overflow
document Buffer overflow in BindToFile method.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Sogou privilege escalation
document It's possible to launch explorer with Local System rights.
 MySQL multiple security vulnerabilities
document Certificate spoofing, privilege escalation, DoS.
 OpenOffice NULL pointer dereference
updated since 17.01.2010
document NULL pointer dereference on CSV and SLK files parsing.
  


17.01.2010
Detailed
6!Adobe Flash Player memory corruption
document Memory corruption (use-after-free).
6!MIT Kerberos 5 integer overflows
document Integer overflows on RC4 and AES decription.
 Novatel MiFi WiFi access point multiple security vulnerabilities
document Crossite scripting and crossite response forgery.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Sendmail SSL certificate spoofing
document It's possible to spoof SSL certificate by using NULL character in CN.
 TurboFTP Server FTP Server buffer overflow
document Buffer overflow on DELE command.
 OpenSSL memory leak
document It's possible to exploit memory leak to create denial of service conditions via resources exhaustion.
 Rockwell Automation Allen-Bradley MicroLogix products multiple security vulnerabilities
   
 Gnome network-manager-applet unauthorized access
updated since 04.03.2009
document Unauthorized access to network connections through dbus, WPA certificate spoofing.
 HP Web Jetadmin multiple security vulnerabilities
document Crossite scripting, DoS.
 bash terminal characters injection
document It's possible to inject ESC-sequences into ls command output.
 Mozilla Firefox Yoono extension code execution
document It's possible to inject code via img tag events.
 libthai integer overflow
document Integer overflow on oversized strings.
 Google SketchUp memory corruption
document Memory corruption on 3DS files parsing.
  


15.01.2010
Detailed
9!Oracle multiple application security vulnerabilities
document >20 vulnerabilities are fixed in different Oracle applications.
8!Microsoft Windows Embedded OpenType (EOT) Fonts multiple security vulnerabilities
updated since 14.07.2009
document Integer overflows, heap buffer overflows.
  


13.01.2010
Detailed
6!libpurple / Pidgin / Adium directory traversal
document emoticon download directory traversal
  


12.01.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Audiotran media player buffer overflow
document Buffer overflow on playlists parsing.
 ACDSee applications buffer overflow
document Buffer overflow on XBM files parsing.
 Panda Global Protection / Panda Internet Security weak security permissions
updated since 02.11.2009
document Weak permissions for executable files.
 Multiple applications log files terminal control characters injections
document ESC-sequences filtering is not performed.
  


08.01.2010
Detailed
8!BSD-based systems (FreeBSD, NetBSD, OpenBSD) index array overflow
updated since 27.06.2009
document Index array overflow in libc gdtoa() function (used by printf()).
7!PHP multiple security vulnerabilities
document safe_mode bypass, open_basedir bypass, memory corruption.
 Novell iManager eDirectory plugin buffer overflow
document Buffer overflow on schema parsing.
 Transmission bittorent client directory traversal
document Directory traversal via .torrent files.
 Microsoft Windows Live Messenger DoS
document Crash on ActiveX ViewProfile method.
 Adobe Illustrator buffer overflow
updated since 04.12.2009
document Buffer overflow on .EPS files parsing.
  


07.01.2010
Detailed
7!PowerDNS multiple security vulnerabilities
document Buffer overflow, records spoofing.
 Novell Netware DoS
document Resources exhaustion via AFP and CIFS protocols.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeBSD zfs weak permissions
document Weak file permissions may be set during transaction replay.
  


05.01.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PDF-XChange memor corruption
document Memory corruption on PDF files parsing.
 httpdx Web server information disclosure
document It's possible to obtain script source by adding space symbol.
 n.player buffer overflow
document Buffer overflow on skin file parsing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru