Computer Security
[EN] securityvulns.ru no-pyccku



25.01.2015
Detailed
9!Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
document Over 150 vulnerabilities in different applications are closed in auqrterly update.
6!Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP security vulnerabilities
document SQL injections, crossite scripting, information disclosure, protection bypass.
6!jasper library multiple security vulnerabilities
updated since 08.12.2014
document Buffer overflows in jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn() functions, double free(), heap buffer overflow.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Samba privilege escalation
document Active Directory user can get UF_SERVER_TRUST_ACCOUNT bit.
 elfutils directory traversal
document Directory traversal on ar extraction.
 Different iOS / Android applications vulnerabilities
updated since 18.01.2015
document Information leaks, code execution, protection bypass, etc.
 AVM FRITZ!Box protection bypass
document Image integrity protection bypass.
  


19.01.2015
Detailed
9!Adobe Flash Player multiple security vulnerabilities
document typejacking, code execution, memory corruptions, buffer overflows, information disclosure.
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Memory corruptions, headers injection, restrictions bypass.
7!Microsoft Windows multiple security vulnerabilities
document Application Compatibility Cache privilege escalation, telnet service buffer overflow, User Profile Service privilege escalation, TS WebProxy directory traversal, Network Location Awareness Service restrictions bypass, Windows Error Reporting restrictions bypass, WebDAV driver privilege escalation.
6!Microsoft Network Policy Server DoS
document Crash on username processing in RADIUS request.
6!GNU coreutils memory corruption
document Memory corruption in date and touch on date parsing.
 cgmanager information disclosure
document Invalid nested groups processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 gtk+ protection bypass
document Screen lock bypass.
 mpfr buffer overflow
document Buffer overflow in mpn_set_str().
 libsndfile out-of-bounds read
document sd2_parse_rsrc_fork() out-of band read and devision by zero.
 Brother printing devices crossite scripting
document Crossite cripting in web interface.
  


18.01.2015
Detailed
8!Linux kernel multiple security vulnerabilities
document Protection bypass, privilege escalation, DoS.
 libvirt / qemu DoS
document Deadlocks.
  


14.01.2015
Detailed
8!Microsoft Office multiple security vulnerabilities
document Memory corruptions, index overflows, use-after-free, uninitialized pointers.
8!Microsoft Windows multiple security vulnerabilities
document Multiple Internet Explorer vulnerabilities, VBScript Scripting Engine code execution, graphics system JPEG parsing information leakage.
6!GNU binutils multiple security vulnerabilities
document Multiple memory corruptions.
 HP Insight Control server deployment information disclosure
document 
 Kodi / XBMC crossite scripting
document Crossite scripting in web interface.
 Apache qpid DoS
document Multiple assert()s.
 Multiple snom IP phones vulnerabilities
document Crossite scripting, CSRF, directory traversal, authentication bypass, privilege escalation, code execution, backdoor access.
 F5 BIG-IP Application Security Manager crossite scripting
document self-XSS
  


13.01.2015
Detailed
8!OpenSSL multiple security vulnerabilities
document DoS, incorrect fingerprint handling, insufficient certificates validation, downgrade attacks, authentication bypass.
7!libjpeg buffer overflow
document Stack overrun.
6!libssh double free vulnerability
document ssh_packet_kexinit() double free() vulnerability.
6!Apache Subversion DoS
updated since 23.12.2014
document mod_dav_svn NULL pointer dereference on REPORT request processing.
 OpenXchange XSS
document Dangerous content from application/xhtml+xml is not removed.
 Strongswan DoS
document DoS on IKEv2 key exchange.
 PCRE buffer overflow
document Buffer overflow on regular expressions parsing.
 exivw library DoS
document Crash on videofiles parsing.
 unrtf memory corruption
document Memory corruption on RTF parsing.
 pwgen weak passwords generation
document Weak passwords generation, weak PRNG usage.
 MIT Kerberos 5 DoS
document NULL pointer dereference then LDAP is used.
 Multiple znc security vulnerabilities
document Multiple DoS conditions.
 libevent integer overflow
document evbuffers integer overflow.
 Corel multiple appliucations unsafe DLL search path
document Unsafe DLL search path.
 wireshark multiple security vulnerabilities
document Memory corruptions in multiple protocols dessectors.
 libCurl headers injection
document Headers injections in URL.
 ZTE Ucell 3G Modem App / Datacard privilege escalation
updated since 29.12.2014
document Weak permissions for sustem service files.
  


02.01.2015
Detailed
7!EMC RSA BSAFE triple handhsake TLS attacks
document Certificate is not validated on renegotiation.
 EMC Replication Manager / EMC AppSync privilege escalation
document Registry path is stored without quotes.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod