Computer Security

Search:Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku




31.01.2011
Detailed
7!Symantec Antivirus Corporate Edition Alert Management Service code execution
updated since 29.07.2010
document It's possible to execute commands without authentication via TCP/38292 service.
6!Novell ZENworks Handheld Management buffer overflow
document Buffer overflow on TCP/2400 traffic parsing.
 FreeBSD DoS
document Crash on setting different sockets options for different sockets types for large number of sockets.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apache Axis2 code execution
updated since 03.01.2011
document Default account.
  


28.01.2011
Detailed
7!Novell GroupWise buffer overflow
document Buffer overflow on oversized VCALENDAR TZID variable.
 HP OpenView Storage Data Protector DoS
   
 Huawei HG520 / HG530 wireless routers weak default keys
document Default WPA/WEP key is generated from the MAC address.
 Cisco Content Services Gateway multiple security vulnerabilities
document Protection bypass, DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft IIS code execution
document Files placed inside folder with lodername ending with .asp are treated as ASP files regardless of extension.
  


27.01.2011
Detailed
 libuser weal passwords
document Weak LDAP password is used.
  


26.01.2011
Detailed
6!syslog-ng weak permissions
document On some platforms syslog files are created with 07777 permissions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


25.01.2011
Detailed
6!Automated Solutions Modbus/TCP OPC Server memory corruption
document Memory corruption on Modbus packet parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


24.01.2011
Detailed
6!OpenSC / PCSC-Lite library buffer overflow
updated since 19.01.2011
document Buffer overflow on oversized smart card serial number.
 HP Business Availability Center / Business Service Management crossite scripting
updated since 24.01.2011
   
 Multiple browsers memory corruptions
document Memory corruption on URL handling
 RSA Key Manager SQL injection
document It's possible to manipilate key cache.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Fax Cover Page Editor double free vulnerability
document Double free vulnerability on .cov files parsing.
  


20.01.2011
Detailed
 HP LoadRunner code execution
   
 hplip memory corruption
document Memory corruption on SNMP response processing.
 HP OpenView Storage Data Protector code execution
   
 sudo privilege escalation
document Under some conditions it's possible to execute code with group rights.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Wireshark buffer overflow
updated since 11.01.2011
document Buffer overflow on ENTTEC DMX RLE decompression and MAC-LTE parsing.
  


19.01.2011
Detailed
7!Asterisk buffer overflow
document Buffer overflow in SIP Caller ID.
6!OpenAFS security vulnerabilities
document Buffer overflow, uninitialized pointer dereference.
 gif2png buffer overflow
document Buffer overflow on GIF processing.
 Xfig multiple security vulnerabilities
document Multiple vulnerabilities on .fig files processing.
 D-Bus DoS
document Crash on message processing.
 pimd symbolic links vulnerability
document Symbolic links vulnerability on signals processing.
 Kingsoft AntiVirus DoS
document Crash on hoocked KiFastCallEntry kernel function procesing.
  


18.01.2011
Detailed
 ICQ update server spoofing
document Server and updates identity is not checked during automated update.
 SAP Management Console security vulnerabilities
document Information leakage, DoS.
 Prewikka weak permissions
document Weak permission for configuration file with database password.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Objectivity/DB unauthorized access
document It's possible to execute commands without authentication.
  


17.01.2011
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.01.2011
Detailed
6!HP OpenView Network Node Manager code execution
document Unfiltered shell characters in CGI scripts allow code execution.
 PHP DoS
document zend_strtod function infinite loop.
  


12.01.2011
Detailed
 Microsoft ADO security vulnerabilities
document Buffer overflow, memory corruption.
 Microsoft Windows backup manager insecure DLL loading
document insecure DLL loading on .wbcat file opening.
  


11.01.2011
Detailed
 SGI Irix kernel integer overflow
document Integer overflow in SGI_XLV_ATTR_GET syscall.
 NewV SmartClient ActiveX multiple security vulnerabilities
document Buffer overflows, files access, code execution.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.01.2011
Detailed
7!GNU libc regcomp buffer overflow / resources exhaustion
document Resources exhaustion and buffer overflow on regular expressions like ".*{10,}{10,}{10,}{10,}{10,}"
 Apache mod-fcgid stack overflow
document Untrusted FCGI application may cause stack overflow.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 OpenFire crossite scripting
updated since 09.01.2009
document Multiple crossite scriptinf possibilities.
 Linux privilege escalation
document It's possible to elevate privileges from CAP_SYS_ADMIN to root via Phonet protocol.
 LinkSys BEFSR41 router crossite scripting
document Crossite scripting via administration interface.
 evince buffer overflows
document Buffer overflows on malformed fonts during DVI files processing.
 dpkg directory traversal
updated since 11.03.2010
document Directory traversal on package content extraction.
  


03.01.2011
Detailed
9!Multiple security vulnerabilities in all browsers
document With cross_fuzz fuzzed approximately one hundred of different vulnerabilities were identified, mostly caused by dynamic memory allocation/deallocation problems.
7!Citrix Access Gateway shell characters vulnerability
document Shell characters vulnerability during authentication.
 HP StorageWorks Storage Mirroring code execution
   
 Chilkat Software FTP2 ActiveX code execution
document GetFile method allows file upload to any location.
 VMware ESXi authentication bypass
document SFCB access without authentication is possible during update.
 Apple Mac OS X WiFi DoS
document System kernel panicin network with disabled mcs.
 ActiveX HP Photo Creative ActiveX buffer overflow
document Buffer overflow in Resample parameter.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru