Computer Security
[EN] securityvulns.ru no-pyccku



28.02.2004
Detailed
 Multiple Mac OS X AFP client bugs
document Cryptographic weakness allows interception of users credential via connection proxying.
 FreeBSD jail_attach jail protection bypass
document Process from one jail may enter into different jail via jail_attach.
 xboing buffer overflow
   
  


27.02.2004
Detailed
6!ISS multiple products SMB parsing buffer overflow
document Remote buffer overflow during SMB parsing leads to system account compromise.
 Calife buffer overflow
document Heap overflow on oversized password.
 WinZIP mail format buffer overflow
document Heap overflow on parsing different mail formats.
 Internet Explorer crossdomain keystrokes leak
document Script from one site can access keystrokes send do another site.
 Extremail password weakness
document It's psosible to access without passwords if password begins with digit.
 Symantec Gateway Security crossite scripting
document Crossite scripting in web managment.
  


26.02.2004
Detailed
 Dell TrueMobile privilege escalation
document it's possible to obtain local system privileges through help subsystem.
 Dell OpenManage buffer overflow
document Heap overflow on oversized Application variable in POST request.
 FreeCHAT DoS
   
 libxml buffer overflo
document Buffer overflow during file downloadgin on oversized URL.
 Mozilla crossite scripting
document It's possible to access document content befor page downloaded completely.
  


25.02.2004
Detailed
10!Multiple Windows ASN.1 bugs
updated since 11.02.2004
document Heap corruptions, heap buffer overflows open possibilities for attack via different protocols and applications.
 mformat privilege escalation
document It's possible to access any file for reading and create world-writable root-owned files.
 Alcatel Omniswitch 7000 ВщЫ
   
 FlexWATCH unauthorized access
document Authentication can be bypassed.
 Gigabyte Broadband Router unauthorized access
document It's possible to bypass authentication.
  


24.02.2004
Detailed
6!Windows XP EMF buffer overflow
document Heap overflow on image preview.
6!QuickTime/Darwin Streaming Server multiple bugs
updated since 26.02.2003
document Multiple bugs including uncommented shell characters, buffer overflows, etc.
 TypSoft FTP Server DoS
document DoS on UNC filename.
 MacOS X ppd format string bug
document It's possible to read process memory.
 Load Sharing Facility multiple bugs
document Code execution, DoS.
 Confirm shell character problem
document shell characters problem on e-mail address parsing.
 CGI bugs
   
 TeamFactor integer overflow
document Integer overflow on signed/unsigned conversion.
 nCipher HSM information leak
document Under special conditions it's possible access private application data, including keys.
 Avirt buffer overflow
document Buffer overflow in web interface on oversized GET request.
  


23.02.2004
Detailed
 Proofpoint protection server unauthorized access
document User root with empty password can access mySQL.
 Gatekeeper Pro buffer overflow
document Buffer overflow on oversized GET request.
 synaesthesia privilege escalation
document It's possible to write any file with root privileges.
 lbreakout2 buffer overflow
document Buffer overflow on environment parsing.
 hsftp format string bug
document filename format string bug
 PSOProxy buffer overflow
document Buffer overflow on oversized GET request.
  


20.02.2004
Detailed
 ZoneAlarm buffer overflow
updated since 19.02.2004
document Buffer overflow on oversized RCPT TO: in SMTP.
 CGI bugs
updated since 16.02.2004
   
 Multiple bugs in Cisco ONS
updated since 01.11.2002
document DoS and unauthorized access via TFTP, FTP, SNMP, telnet.
  


19.02.2004
Detailed
 smallftpd buffer overflow
document Buffer overflow on large number of / in the path.
 metamail format string bugs
updated since 18.02.2004
document Few format string bugs.
  


18.02.2004
Detailed
6!Ipswitch IMail buffer overflow
document Buffer overflow in LDAP service.
 SNMP information leak in Linksys
document It's possible to retrieve all community strings.
 CesarFTP DoS
updated since 23.12.2003
document Server hangs on CWD ......... command.
  


17.02.2004
Detailed
 APC AP9606 backdoor account
document Universal password is TENmanUFactOryPOWER
 Vizer Web Server multiple bugs
document No input validation.
 Robot FTP Server buffer overflow
document Buffer overflow on oversized USER command. LIST command before authorization causes server to crash.
 Sami HTTP Server buffer overflow
document Buffer overflow on oversized HTTP GET request.
  


16.02.2004
Detailed
 Purge Jihad buffer overflow
document Buffer overflow on parsing server reply.
 SignatureDB buffer overflow
document Buffer overflow in sdbscan.
 Symantec AntiVirus Scan Engine for Red Hat Linux symbolic links problem
document Symbolic links problem during LiveUpdate logging.
 Sami FTP Server DoS
document Multiple conditions leading to server crash.
 mailmgr symbolic links problem
document Symlink problem during temporary files creation.
 Multiple XLite FTP bugs
updated since 18.12.2003
document Directory traversal, DoS.
  


12.02.2004
Detailed
 monkeyd DoS
document Malformed HTTP request causes server to crash.
 CGI bugs
updated since 09.02.2004
   
  


11.02.2004
Detailed
8!XFree font.alias buffer overflow
document buffer overflow on oversized font name.
6!WINS buffer overflow
document Buffer overflow on network packet parsing.
 Virtual PC for the Macintosh symbolic links problem
document Insecure temporary files creation.
  


10.02.2004
Detailed
6!Multiple Internet Explorer bugs
updated since 03.02.2004
document Crossite scripting in Travel Log, URL spoofing.
 smbmnt privilege escalation
document Few distributions have smbmnt installed suid root. It allows user to mount external drive and run any application as suid.
 Real player directory traversal
document Directory traversal in .rjs files allows to place file in any directory.
 InnoculateIT weak file permissions
document Weak directory permissions, symbolic links problems.
 Multiple RED-M RedAlert bugs
document Multiple bugs with user authentication.
 EvolutionX buffer overflow
document Buffer overflow on ftp and telnet protocols.
 eggdrop unauthorized access
document It;s possble to obtain share.mod access.
  


09.02.2004
Detailed
6!clamav integer overflow
document Integer overflow on UUENCODE parsing.
 TrackMania DoS
document random data to TCP/2350 causes program to crash.
 php.ini PHP protection bypass
document It's possible tyo bypass protection (register_globals = on for example) of virtual host by requestin host without protection in same HTTP keep-alive connection before.
 ApacheSSL protection bypass
document In basic authentication emulation mode it's possible to access server without certificate.
 vserver virtual machine protection bypass
document it's possible to escape virtual root Catalog regardless of permission.
 DreamFTP formatstring bug
document Format string bug in username.
 Palace buffer overflow
document Buffer overflow on parsing palace:// URL
  


06.02.2004
Detailed
9!Multiple bugs in Orcale
updated since 17.02.2003
document Multiple bugs including remote buffer overflow in authentication process.
6!Multiple RealPlayer/RealOne buffer overflows
document Buffer overflows on parsing different file types.
6!BSD smat privilege escalation
document It's possible to access unallocated page of phisical memory.
 Multiple IBM cloudscape bugs
document Code injection, DoS, information leakage
 CGI bugs
updated since 03.02.2004
   
  


05.02.2004
Detailed
8!Checkpoint VPN-1/SecureClient buffer overflow
document Buffer overflow on ISAKMP processing.
7!Checkpoint Firewall-1 format string bugs
document Format string bugs in HTTP Application Intelligence component.
 GNU Radius DoS
document NULL reference on empty Acct-Session-Id attribute.
  


04.02.2004
Detailed
 TypSoft FTP DoS
updated since 04.02.2004
document DoS on empty username.
 OpenBSD IPv6 DoS
document Kernel crashes on TCP connection request received after small MTU requested with ICMPV6_PKT_TOOBIG.
 Chaser DoS
document DoS on network packet parsing.
 WebCrossing DoS
document DoS on negative Content-Length in HTTP POST request.
  


03.02.2004
Detailed
 Cisco link level frames DoS
document Link level frame with size mismatched to network leyer size can cause device to crash or hang.
 UnrealIRCd format string bug
document If NO_IDENT_CHECKING is defined during compilation format string bug is possible in username.
 chatterbox DoS
document Crash on unrecognized request.
 CrobFTP multiple bugs
document Directory traversal, DoS.
 OverKill multiple bugs
document Multiple buffer overflow.
 GNU libtool simbolic links problem
document Symbolic links problem during compilation.
 apache local protection bypass
document It's possible to bypass few security settings with ErrorDocument.
 Windows XP/2003 server service memory leak
document Memory leak on directory cration/deletion.
  


01.02.2004
Detailed
 Web Froums Server crossite scripting
document Input filtering is missed in few forms procesing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod