Computer Security
[EN] no-pyccku

 Mitel 3300 ICP IP PBX VOIP device Web session hijack
document Predictable session id allos to hijack Web administration session.
 NX Server / FreeNX X Server protection bypass
 report bug bug reporting application weak permissions
document Per-user configuration file is world readable and may contain sensitive information, such as SMTP server password.
 Mozilla and Firefox browsers buffer overflow
document Heap based buffer overflow in text processing functions.
 kppp KDE dialer file descriptors leak
document File descriptors are leaked for /etc/hosts and /etc/resolv.conf.
 WebMod Half-Life dedicated server plugin integer overflow
document Integer overflow with Content-Length: POST request.
 gaim instant messanger DoS
updated since 25.02.2005
document Application crashes on receiving file with with parenthesis in the name and during HTML parsing.
 Insecure GFI Languard Network Security Scanner password storage
document Password is stored in memory in cleartext.

 Novell Ximan Evolution gropware e-mail client DoS
document Large number of text attachments leads to resource exhaustion.
 Badblue Web server ext.dll buffer overflow
document Buffer overflow on oversized ext.dll mfcisapicommand parameter.
 cmd5checkpw CRAM-MD5 mail authentication program privilege escalation
document Elevated privileges are not dropped then user-supplied program is launched.
 Knet web server buffer overflow
document Buffer overflow on oversized GET request.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 21.02.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

6!Trend Micro AntiVirus library ARJ archives buffer overflow
document Heap overflow during ARJ parsing.
 PeerFTP FTP Server weak encryption
document User passwords are stored in the world readable file.
 IBM HMC (Hardware Management Console) privilege escalation
 Sun Solaris stfontserverd symboli links problem
 CIS WebServer directory traversal
 bsmtpd batched SMTP mailer shell characters problem
document Shell characters problem during address parsing.
 Multipl Cisco ACNS (Application and Content Networking System) vulnerabilities
document Default administration account, DoS.
 HP-UX ftpd FTP server multiple vulnerabilities
updated since 22.12.2004
document Buffer overflow in debug mode, unauthorized files access.

7!Cyrus IMAP mail server multiple bugs
updated since 24.11.2004
document Multiple buffer overflows, memory corruptions.
6!Knox Arkeia Network Backup multiple vulnerabilities
updated since 13.01.2005
document Database files and password file have weak security premossions by default. Default root password is empty. Buffer overflow.
 fallback-reboot DoS
 Argosoft FTP server SITE COPY .lnk files directory traversal
document With SITE COPY command it's possible to place .lnk file pointing outside FTP root directory.
 Sun Solaris kcms_configure (Kodak Color Management System) symbolic links problem
document Symbolic links problem then accessing current directory KCS_ClogFile file with elevated privileges.

 Apache Batik Squiggle SVG browser protection bypass
 SD Server HTTP server directory traversal
 Multiple Gigafast EE400-R router vulnerabilities
document DoS, configuration access (including administration password in cleartext).
 cURL file download agent and library authentication buffer overflow
document Buffer overflow during NTLM and Kerberos authentication.
 PuTTY SSH client integer overflow
updated since 21.02.2005
document Integer overflow in SFTP (SSH File Transfer Protocol) implementation.
 Tarantella Secure Global Desktop user enumeration
document If RSA SecurID is used for authentication error messages differes for invalid username.

6!Knox Arkeya backup agent unauthorized access
document It's possible to access remote filesystem with Arkeia backup agent installed.

 Multiple Thomson TCW690 security vulnerabilities.
document It's possible to access web interface without username and password. Denial of Service.
 webfsd web server integer overflow
document Integer overflow on directory listing.
 gFTP FTP client directory traversal
document Directory traversal during downloading file from server.
 glFTPD FTP server plugin directory traversal
document Обратный путь в каталогах в плагинах,,
 Multiple TrackerCam webcam http server vulnerabilities
document Buffer overflow, directory traversal, information disclosure, crossite scripting, DoS.
 gProFTPD ProFTPD FTP server monitoring tool format tring bug
document Format string bug during server log file parsing.
 Yahoo messenger multiple security vulnerabilities
document Filename spoofing, local privilege escalation with Audio Setup Wizard.
 PHP/ASP/CGI web applications security bugs
updated since 14.02.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, spam sending, etc.
 WinFTP FTP Server buffer overflows
updated since 12.02.2005
document Buffer overflows in different FTP commands.
 Bidwatcher eBay watching and bidding tool format string bug
document Format string bug on server reply processing.

6!Microsoft .Net Framework ASP.NET crossite scripting
document By using Unicode characters 0xff-0xff60 it's possible to bypass special charactesr filtering in ASP.NET application.

8!SHA family hash functions cryptographic weakness
document Cryptographic weakness found making real strength against coliisions: collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length. Collisions in SHA-0 in 2**39 operations. Collisions in 58-round SHA-1 in 2**33 operations.
6!Multiple HP/Compaq products Web interface buffer overflow
6!Multiple Linux kernel security vulnerabilities
document Arbitrary process memory control, race conditions, buffer overflow, DoS, IP filtering bypass.
 Sami HTTP Server multipel vulnerabilities
document Directory traversal, DoS.
 Sun Solaris FTP server system wide DoS
document By issuing PASV command it's possible to consume all available TCP ports.
 Sun Solaris arp flood DoS
document ARP flood causes system to hang.
 MacOS X with HFS+ filesystem multiple web servers information disclosure
document By accessing named file streams it's possible to access protected file data.
 lighttpd script source code leak
document It's possible to retrieve CGI script source code.
 wpa_supplicant (WPA/WPA2 IEEE 802.11i support) buffer overflow
document Buffer overflow on EAPOL-Key frames parsing.
 KDE fliccd (INDI support) buffer overflows
document Setuid root application buffer overflows.
 typespeed keyboard touch-typist trainer format string bug
document Format string bug in setgid games application.

 MacOS X AFS (Apple File Server) AFP (Apple Filing Protocol) FPLoginExt DoS
 synaesthesia sound visualisation symbolic links problem
document Symbolic links problem due to access to user's file with elevated privileges.
 Debian Toolchain symbolic links problem
document Symbolic links problem in tpkg-* scripts.
 VMWare virtual machine privilege escalation
document Dynamic libraries are searched in world writable directory.

6!BrightStor ARCserve Backup buffer overflow
updated since 10.02.2005
document Discovery serice (UDP/41524) buffer overflow.
 IBM WebSphere Java Server Pages (JSP) source code leak
 ht://Dig HTTP indexing and searching system crossite scripting
document Crossite scripting vulnerability during error message generation.

 rwhod (remote who daemon) DoS
 sympa mailling list manager buffer overflow
document Buffer overflow in setuid sympa script.
 KDE desktop manager dcopidlng script symbolic links problem
document Unsafe temporary files handling.
 Unauthorized Barracuda Spam Firewall message relaying
document If there is a whitelisted domain any mail originated from this domain is relayed.
 PHP/ASP/CGI web applications security bugs
updated since 08.02.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
 xpcd PhotoCD viewer buffer overflow
updated since 10.08.2003
document Buffer overflow in xpcd-svga on oversized HOME environment variable.
 ZoneAlarm personal firewall DoS
document NtConnectPort() API hook allows invalid pointer dereference.

6!Multiple F-Secure antiviral programs ARJ archives buffer overflow
document Buffer overflow on ARH files handling.
 Multiple IBM AIX utilities bugs
document Buffer overflow, privilege escalation: ipl_varyon, lspath, netpmon.
 Computer Associates BrightStor ARCserve Backup backdoor account
document There is backdoor account Username: \x02root\x03 Password: \x02<%j8U]`~+Ri\x03
 xview buffer overflow
document xv_parse_one() buffer overflow.

8!Multiple IBM DB2 bugs
updated since 02.09.2004
document Multiple bugs including buffer overflows.
 Frox transparent FTP proxy protection bypass
document Deny ACLs may not work properly.
 Emdro annotated text database engine memory leak
document MQL parser memory leak.
 emacs movemail buffer overflow
document Buffer overflow on POP3 server reply parsing in setgid mail application.
 Mailman mailing lists manager directory traversal
document It's possible to bypass filtering with URL like .../..../// and retrieve any file from from the system.

9!Microsoft Internet Explorer DHTML Edit and Help ActiveX crossite scripting
updated since 15.12.2004
document DHTML ActiveX and Help allows code injection into context of different server. By combining this vulnerability it's psosible to execute code in local machine zone. This vulnerability can potentially be used for silent spyware/adware installation.
7!Microsoft Windows Hyperlink Object Library buffer overflow
7!Microsoft Windows COM/OLE multiple bugs
document Privilege escalation during parsing files with COM structure (e.g. MS Office), buffer overflow on OLE objects, including MS Exchange MS-TNEF data format.
7!Multiple Microsoft applications PNG images buffer overflows
document Buffer overflow during processing of different PNG image parameters.
7!Microsoft Windows Drag-and-Drop vulnerability
document It's possible to trick user to drag-n-drop malicious file into special (for example autostart) folder.
6!Microsoft Office XP document URL buffer overflow
document During attempt to opend document located on long URL buffer overflow occures.
6!Microsoft ASP.NET directory traversal
document It's possible to traverse directory.
 Avaya Call Management System DoS
 SafeNet SoftRemote VPN client weak password encryption
document Password is stored in registry in reversable encryption and in memory in cleartext.
 IBM AIX auditselect format string bug
document Buffer overflow on parsing command line argument.
 Microsoft SharePoint Services crossite scripting
document Multiple possibilities for crossite scripting and data spoofing.

 AIX chdev format string bug
document Format string bug in first command argument.
 SquirrelMail WebMail S/MIME Plugin unfiltered shell characters problem
document Data from user's certificate is used to invoke external application without filtering.
 3COM 3CServer FTP Server multiple buffer overflows
document Buffer overflows in multiple FTP commands.

7!perl PERLIO_DEBUG privilege escalation
document By using PERLIO_DEBUG variable it's possible to redirect debug output of suid application to any file. Oversized PERLIO_DEBUG causes buffer overflow.
6!Eudora mail reader multiple vulnerabilities
document Multiple vulnerabilities lead to ability of code execution with specially crafted e-mail message of mailbox file.
 PowerDNS DNS server DoS
document Random sequence of deta causes server to hang.
 D-BUS message bus system session hijack
document Malicious local user can connect to another user's session bus.
 Postfix mail server IPv6 configuration unauthorized mail relaying
document In specific configurations, for example if ran in chroot environment on IPv6 network, message relaying is not limited allowing relay to be used for SPAM sending.
 Linksys PSUS4 print server DoS
document Invalid Web interface POST requests processing causes device to crash.
 LanChat Pro local area network chat program DoS
document Program crashes on malformed UDP packet.
 PHP/ASP/CGI web applications security bugs
updated since 24.01.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

6!ngIRCd Internet Relay Chat daemon format string bug
document Format string bug in logging feature.
 Python library unauthorized access
document It's possible to access internal objects.
 DeskNow Mail and Collaboration Server Directory Traversal
document WebMail interface directory traversal.

6!PostgreSQL Database Server privilege escalation
document By using LOAD command it's possible to load dynamic library with server process privileges. Buffer overflow on large cursor's arguments number. Protection bypass on functions execution.
6!HP VirtualVault multiple bugs
updated since 01.02.2005
document TGA Daemon DoS, multiple bugs in proxy and web servers (HP WebProxy, Apache).
6!Multiple bugs in Savant Web Server
updated since 11.09.2002
document Buffer overflow on long URL, directory traversal, buffer overflows in CGI, etc.
 RitLabs TinyWeb Web Server DoS
document Invalid NULL character handling in path leads to server crash.
 Eternal Lines Web Server DoS
document Concurrent connections number is limited and timeout is not implemented.
 NewsPost/NewsFetch news reader buffer overflow
document Buffer overflow on parsing news server reply.
 Squid HTTP cache proxy oversized reply headers DoS
 Cisco IP/VC Videoconferencing System default SNMP community unauthorized access
document There are hardcoded SNMP communities for device management.

 ClamAV antivirus protection bypass
document Inline HTML images and ZIP files with special headers are not scanned.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod