Computer Security
[EN] securityvulns.ru no-pyccku



29.01.2014
Detailed
7!Apple iTunes multiple security vulnerabilities
document Multiple vulnerabilities on different formats parsing.
7!OpenJPEG library multiple security vulnerabilities
updated since 09.12.2013
document Memory corruptions, buffer overflows, information leakage.
6!Juniper SSG20 DoS
document Crash on ICMP packet processing.
6!libsvg information leakage
document Information leakage via external entities.
6!Mozilla NSS SSL connection spoofing
document Invalid TLS False Start feature implementation.
6!memcached multiple security vulnerabilities
updated since 08.01.2014
document Authentication bypass if SASL is used, few DoS conditions.
 PHP DoS
document Crash on parsing date intervals.
 elinks SSL vulnerability
document User is not warned on certificate problems.
 libvirt security vulnerabilities
document Few DoS conditions.
 Augeas multiple security vulnerabilities
document Weak permissions, symbolic links vulnerabilities.
  


19.01.2014
Detailed
7!Cisco Secure Access Control System multiple security vulnerabilities
document Uauthorized access, commands injection.
7!bsnmpd buffer overflow
document Buffer overflow on GETBULK request processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 cups information leakage
document lppasswd allows to read information from local files.
 libxslt DoS
updated since 02.04.2013
document Crash on XSLT documents parsing.
 Starbucks mobile application information leakage
document Insecure user data storing.
 ejabberd weak cypher
updated since 12.10.2013
document Weak cyphers vulnerability allows to lower protocol version.
  


15.01.2014
Detailed
7!Microsoft Office multiple security vulnerabilities
document Multiple memory corruptions on Microsoft Word documents parsing.
6!Microsoft Windows security vulnerabilities
document Privilege escalations via NDProxy and win32k.
 Microsoft Dynamics AX DoS
document Query filter hangs on request processing.
 graphviz buffer overflow
document Buffer overflow on file parsing.
  


14.01.2014
Detailed
8!Cisco routers backdoor
document Undocumented test interface.
7!ntp traffic amplification
document monlist ntp feature is used in-the-wild for traffic amplification.
6!ISC bind DoS
document Crash on parsing malformed request to NSEC3-signed zone.
6!Apache CloudStack security vulnerabilities
document Protection bypass, information leakage.
6!Cisco srtp library buffer overflow
document crypto_policy_set_from_profile_for_rtp() function byffer overflow
 Lorex DVR ActiveX buffer overflow
document INetViewX control buffer overflow
 Netgear routers unauthorized password reset
document Bug in password recovery logic.
  


13.01.2014
Detailed
 Conceptronic IP cameras CSRF
document Web interface crossite request forgery.
  


09.01.2014
Detailed
7!Android sandbox bypassing
document It's possible to bypass sandbox restrictions via android.app.Fragment
6!ATI video drivers DoS
document Video driver vulnerability leads to system crash. Browser flash plugin may be used as an attack vector.
6! IBM Lotus Notes Traveler security vulnerabilities
document Crossite scripting, CSRF.
 AppStore applications security vulnerabilities
document Different iOS applications security vulnerabilities.
 Evernote Android security vulnerabilities
document Different protection bypass vulnerabilities.
 IBM Web Content Manager information leakage
document It's possible to obtain configuration data.
 hplip multiple security vulnerabilities
document Symbolic links vulnerability, code execution, weak permissions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IcoFX buffer overflow
document Buffer overflow on .ICO files parsing.
 Hancom Office buffer overflow
document Buffer overflow on HTML parsing.
  


08.01.2014
Detailed
8!Samba buffer overflow
document Buffer overflow on DCE-RPC packet parsing.
8!libXfont memory corruption
document Memory corruption on BDF font parsing.
7!HP Data Protector multiple security vulnerabilities
document Code execution, privilege escalation, DoS.
6!SpamTitan multiple securtity vulnerabilities
document Crossite scripting, SQL injection, code execution.
6!EMC Data Protection Advisor / Connectrix Manager security vulnerabilities
document Code execution.
6!djvulibre code execution
document Memory corruption.
6!QuickHeal AntiVirus buffer overflow
document Buffer overflow on PE files parsing.
6!OpenSSL security vulnerabilities
document TLS 1.2 MitM attacks, potentialy weak PRNGs, DoS.
 MobileIron crossite scripting
document Crossite scripting in web interface.
 Feeder.co Chrome plugin crossite scripting
document Crossite scripting via RSS
 VMware vSphere multiple security vulnerabilities
document DoS, privilege escalation.
 HP ProCurve Manager multiple security vulnerabilities
document Crossite scripting, code execution.
 clutter privilege escalation
document Invalid handling of system resume.
 HP Officejet Pro 8500 crossite scripting
document Crossite scripting in web interface
 EMC Watch4net information leakage
document Devices passwords are stored in cleartext.
 EMC Replication Manager directory traversal
document Directory traversal via user scripts.
 EMC RSA Archer crossite scripting
document Multiple XSS conditions.
 EMC RSA Security Analytics vulnerabilities
document Privilege escalation.
 EMC NetWorker information leakage
document Cleartext password in audit reports.
 HP SAN Network Advisor code execution
   
 HP Autonomy Ultraseek crossite scripting
   
 devscripts uscan code execition
document Code execution on server reply parsing.
 Spamina email firewall directory traversal
document Directory traversal in multiple requests.
 HP Service Manager security vulnerabilities
document Crossite scripting, code execution.
 puppet symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
 Apache libcloud pritection bypass
document Parameter to scrub data after deletion does not acutally work.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod