Computer Security
[EN] securityvulns.ru no-pyccku



28.01.2013
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.01.2013
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


27.01.2013
Detailed
8!Multiple Barracuda Networks products backdoors
document There are built-in SSH-accessible system accounts with unfiltered IP ranges.
7!HP Diagnostics Server code execution
updated since 27.08.2012
document magentservice.exe code execution on TCP/23472 request parsing.
6!Vino information leakage
document It's possible to access clipboard content without authentication.
6!EMC AlphaStor security vulnerabilities
document Command injection, format string vulnerability.
6!Cisco Wireless LAN Controller multiple security vulnerabilities
document DoS via IP packet processing in IPS, DoS via SIP packet, SNMP unauthorized access, HTTP Profiling code execution.
 PHP information leakage
document openssl_encrypt() memory disclosure
 F5 BIG-IP security vulnerabilities
document SQL and XML injections.
 Cisco Linksys WRT54GL multiple security vulnerabilities
document Code execution, crossite scripting, crossite request forgery.
 ircd-ratbox / Charybdis DoS
document Crash with assert() on connection initialization.
 EMC Avamar weak permissions
updated since 02.01.2013
document Cache files are world writable.
  


21.01.2013
Detailed
9!0-day vulnerability in Oracle Java is used to install maliscious software
updated since 14.01.2013
document Applet can grant permissions to itself.
 Cisco ASA DoS
document DoS on H.323 processing.
 SonicWALL GMS/Viewpoint/Analyzer authentication bypass
document It's possible to access few directories without authentication
 qemu buffer overflow
document Buffer overflow in e1000 emulator
 Linux kernel security vulnerabilities
updated since 02.01.2013
document Invalid hot-added memory handling, information leakage on module loading, DoS.
 Trimble Infrastructure GNSS crossite scripting
document Web interface crossite scripting.
 Axway Email Firewall information leakage
document Different authentication error codes for existant and non-existant user
  


16.01.2013
Detailed
8!Microsoft Internet Explorer use-after-free vulnerabilities
document Use-after-free vulnerability in CButton is actively used in-the-wild.
  


14.01.2013
Detailed
8!Adobe Reader / Acrobat multiple security vulnereabilities
document Multiple memory corruptions, buffer overflows, integer overflows, privilege escalations, code executions.
8!Adobe ColdFusion multiple security vulnerabilities
document Authentication bypass, privilege escalation, information leakage.
7!Adobe Flash Player memory corruption
updated since 05.01.2013
document Memory corruption on SWF parsing
6!FreeType security vulnerabilities
document Multiple vulnerabilities on BDF fonts parsing.
 ProFTPd symbolic links vulnerability
   
 HP ServiceGuard DoS
   
 Cisco Linksys router unauthorized access
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


10.01.2013
Detailed
8!Microsoft Windows multiple security vulnerabilities
document Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS.
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, buffer overflows, privilege escalations, address spoofing, misissued certificate.
7!Cisco Prime LAN Management Solution code execution
document Insufficient network traffic validation.
6!EMC Networker buffer overflow
document Buffer overflow in nsrindexd RPC based service.
 Nero MediaHome DoS
document Different vulnerabilities on TCP/54444 requests parsing.
 X.Org / XFree86 xfs DoS
document Invalid SendErrToClient function use.
 Google Chrome for Android multiple security vulnerabilities
document Multiple protection bypass and privilege escalation vulnerabilities.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft System Center Operations Manager crossite scripting
document Crossite scripting in Web console.
 Samsung Kies ActiveX multiple security vulnerabilities
updated since 17.10.2012
document Code execution, files modification.
 Cisco Unified IP Phones 7900 privilege escalation
document Insufficient syscall arguments check.
 Facebook for Android information leakage
document Malicious app can steal private files.
  


05.01.2013
Detailed
6!Asterisk security vulnerabilities
document DoS conditions caused by resources exhaustion.
 Rapid7 Nexpose security vulnerabilities
document Crossite scripting and request forgery.
 PMSoftware Simple Webserver directory traversal
document Request with relative path allows file retrieval.
 Слабая криптография в IP-телефонах Aastra
document Configuration file encryption is vulnerable to replay attacks.
  


02.01.2013
Detailed
6!EMC Data Protection Advisor information leakage
document It's possible to access files remotely.
6!CA IdentityMinder security vulnerabilities
document Code execution, privilege escalation.
 Enterpriser16 LoadBalancer multiple security vulnerabilities
document Multiple Web interface vulnerabilities.
 Firefly MediaServer DoS
document Crash on TCP/9999 request parsing.
 Cerberus FTP Server crossite scripting
document Crossite scripting in administration interface.
 AppArmor protection bypass
document It's possible to bypass protection
 Siemens SIMATIC S7-1200 controllers DoS
document Malformed data to TCP/102 port causes device to crash.
 VMWare vCSA/ESXi multiple security vulnerabilities
document Directory traversal, information leakage.
 Polycom HDX Video End Points crossite scripting
document Crossite scripting in web management interface.
 SonicWall Email Security crossite scripting
document Crossite scripting in Web administration interface.
 elinks authentication relaing
document Incorrect user credentials delegation in GSS.
 Oracle VirtualBox DoS
document Incorrect interrupt handling.
 Charybdis IRC server DoS
document assert() on client capabilities negotiation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 GnuPG memory corruption
document Memory corruption on keyring file import.
 Centrify Deployment Manager symbolic links vulnerability
updated since 09.12.2012
document Insecure temporary files creation.
 Comodo Internet Security authentication bypass
document It's possible to access settings without enteing password if desktop widget is enabled.
 Microsoft Internet Explorer stack overflow
document Stack overrun on malformed tags sequence.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod