Computer Security
[EN] no-pyccku

10!MIT / FreeBSD / Cisco telnetd buffer overflow
updated since 28.12.2011
document Buffer overflow in BSD telnetd / MIT krb5 telnetd is actively exploited in-the-wild.
 Barracuda Spam/Virus WAF 600 multiple security vulnerabilities
document Different Web interface vulnerabilities
 logsurfer double free vulnerability
document prepare_exec() double free vulnerability

7!Microsoft Windows multiple security vulnerabilities
updated since 11.01.2012
document SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage.
6!Linux kernel multiple security vulnerabilities
document DoS conditions, information leaks, privilege escalation.
document NULL pointer dereference because on unchecked zend_strndup return value.
 Suhoshin buffer overflow
document Buffer overflow in the transparent cookis encryption code.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.01.2012
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Business Availability Center / Business Service Management information leakage
 NTR ActiveX security vulnerabilities
document Buffer overflow, unsafe method.
 GreenBrowser double free
document Double free on iframe tag
 HP StorageWorks P2000 security vulnerabilities
updated since 16.01.2012
document Default account, directory traversal.
 EMC SourceOne information leakage
document Information leakage via log files.

7!OpenSSL library multiple security vulnerabilities
document Double free(), protection bypass, information leakages, DoS conditions.
6!Apache Tomcat security vulnerabilities
document DoS, information disclosure.
6!Cisco TelePresence System Integrator / Cisco IP Video Phone E20 default account vulnereability
updated since 21.11.2011
document Default root account is enabled.
 perl security vulnerabilities
document It's possible to inject eval expression into digest module constructor. Off-by-one overflow in decode_xs.
 Microsoft AntiXSS library crossite scripting
updated since 11.01.2012
document Crossite scripting during HTML parsing.
 Xpra memory disclosure
document It's possible to access uninitialized memory chunks.
 Cisco Digital Media Manager privilege escalation
document It's possible to access administration pages by URLs.

6!HP Easy Printer Care Software ActiveX unauthorized access
updated since 12.08.2011
document Files write access is possible.
 McAfee SaaS ActiveX code execution
document MyCioScan.Scan.ShowReport() method code execution.
 MailEnable crossite scripting
document Crossite scripting in ForgottonPassword.aspx
 t1lib / xpdf library multiple security vulnerabilities
updated since 29.03.2011
document Multiple memory corruptions.

6!Citrix Provisioning Services memory corruptions
document Multiple memory corruptions.
6!PowerDNS response loop
document Resolver reponds to response, allowing DoS attacks.
6!Apache mod_proxy unauthorized internal network access
updated since 12.10.2011
document Invalid processing for URI with preceeding @ sign.
 Apache privilege escalation
document Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers.
 HP LaserJet P3015 printer unauthorized access
updated since 09.01.2012
document Web server directory traversal
 Novell Netware security vulnerabilities
updated since 09.01.2012
document TCP/32778, UDP/32778, UDP/2039, UDP/32779 RPC-based services buffer overflow.

7!OpenSWAN use-after-free
document Use-after-free in crypto helper
6!HP Database Archiving Software code execution
6!ffmpeg library multiple security vulnerabilities
document Multiple memory corruptions on QDM2, VP5, VP6, VMD and SVQ1 files parsing.
6!HP Managed Printing Administration multiple security vulnerabilities
updated since 26.12.2011
document Buffer overflows, unauthorized files access, directory raversal.
 ipmitool weak permissions
document Weak permissions on pid file creation.
 Google Chrome https address spoofing
document Few different address spoofing techniques.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 'super' script execution buffer overflow
document Buffer overflow during logging.
 HServer webserver directory traversal
document Directory traversal with HTML-encoded requests.
 IpTools security vulnerabilities
document rcmd buffer overflow, Web server directory traversal.
 HP OpenView Network Node Manager code execution
updated since 06.11.2011
 Oracle GlassFish Server authentication bypass
updated since 12.05.2011
document Unauthenticated administration console access via HTTP TRACE requests.

8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Memory corruptions, protection bypass, integer overflows, DoS conditions.
7!FreeBSD multiple security vulnerabilities
document Invalid nsdispatch() implementation for chroot'ed environment, multiple PAM vulnerabilities.
6!ICU library memory corruption
document Memory corruption on locale processing.
 squid proxy server buffer overflow
document Crash on DNS response parsing.
 lighthttpd security vulnerabilities
updated since 26.12.2011
document DoS on base64 parsing.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod