Computer Security
[EN] securityvulns.ru no-pyccku



28.02.2007
Detailed
6!Cisco Catalist Network Analysis Module unauthorized SNMP access
document It's possible to get full access to device via spoofed SNMP packets.
6!McAfee Virex Virus Scan for Mac OS X symbolic links problem and protection bypass
document Weak permissions and symbolic links problem on /Library/Application/Sypport/Virex/VShieldExecute.txt file creation.
6!Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007
document Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible.
 NetProxy protection bypass
document If URL in proxy request is used withouth http:// prefix, URL access restrictions are not applied and access is not logged.
 plan9 internal kernel structures overwrite
document OTRUNC/pwrite resource allows to overwrite internal kernel structures.
 Cisco Catalist MPLS vulnerability
   
 Quicksilver Social Bookmark information leak
document User login and pasword are logged to Console.log file.
 Computer Associates eTrust IDS DoS
document DoS through administrations interface TCP/9191.
 Nullsoft Shoutcast Server crossite scripting
document Crossite scripting with web administration log.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Norman SandBox Analyzer detection
document Malware code can detect sandbox presence and change it's behaviour.
  


27.02.2007
Detailed
8!Mozilla Firefox cross domain access
updated since 15.02.2007
document By using location.hostname='evil.com\x00foo.example.com' in javascript it's possible to make request for foo.example.com domain to be sent to evil.com. It makes it possible cross-domain access. Vulnerability can be used for hidden malware installation.
6!Mozilla libnss multiple security vulnerabilities
updated since 25.02.2007
document Buffer overflows and integer overflows in SSL2 client and server code implementation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Kiwi CatTools TFTO directory traversal
updated since 09.02.2007
document Built-in TFTP server directory traversal.
  


26.02.2007
Detailed
6!Debian Linux apache privilege escalation
document User can inject shell command into shell from where apache was started by using TIOCSTI ioctl on the ctty socket in CGI script.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Windows Explorer DoS
updated since 25.02.2007
document Application (explorer.exe) crashes on browsing folder with corrupted WMF file (no need to click file itself).
  


25.02.2007
Detailed
6!Supportsoft ActiveX used in Symantec's products buffer overflow
document Stack overrun (stack buffer overflow).
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.02.2007
Detailed
6!Mac OS X ImageIO integer overflow
document Integer overflow on GIF images parsing.
6!Verisign multiple products ActiveX element buffer overflow
document Buffer overflow in ConfigChk element.
6!IBM DB2 database multiple security vulnerabilities
document Multiple privilege escalations, file creation.
 Mercur Messaging 2005 multiple security vulnerabilities
document Multiple DoS conditions and buffer overflows.
 Distributed Checksum Clearinghouse unauthorized management
   
 Nortel NetDirect client for Linux weak permissions
document Weak permissions on temporary folder during installation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 JBoss insecure defaults
updated since 22.02.2007
document Web console and management instruments are available without authentication.
  


22.02.2007
Detailed
6!Linux SCSI devices unauthorized access
document pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly.
6!Microsoft Windows ReadDirectoryChangesW information leak
document ReadDirectoryChangesW() API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files.
 FTP Voyager buffer overflow
document Stack buffer overflow (stack overrun) on server reply parsing.
 Multiple Newsrover / Newsbin / Newsreactor / Grabbit / News Files Grabber security vulnerabilities
document Vulnerabilities on different XML-format files parsing.
 TurboFTP multiple security vulnerabilities
document Multiple heap overflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Trend Micro Server Protect unauthorized access
document Unauthorized TCP/14942 Web interface access.
 Linux NFS/ACL DoS
document Memory corruption on nfsacl verison 2 'ACCESS' request parsing.
 IBM DB2 database symboli links
document Symboli links problem on temporary files creation.
 Linux ftpd ls privilege escalation
document ls command is executed with effective gid 0.
 FTP Explorer DoS
document Infinite loop on oversized server response.
  


21.02.2007
Detailed
7!Cisco IP Phones unauthorized access
document It's possible to access web interface without password. There is built-in hardcoded user account with SSH access.
6!TrendMicro OfficeScan ActiveX buffer overflow
document Buffer overflow in SetupINICtrl ActiveX.
6!gnomemeeting / ekiga format string vulnerability
document Format string vulnerability on certain messages logging.
6!Qwickmail Qwik-smtpd format string vulnerability
document Format string vulnerability through HELO and hostname during logging to file.
6!TrendMicro ServerProtect multiple security vulnerabilities
updated since 21.02.2007
document Few stack overruns (stack-based buffer overflows) in RPC-based services (TCP/5168).
 Multiple Simbin games DoS
document Empty UDP packet to UDP/48942 or UDP/34297 ports causes all player to be disconnected from server.
 Cisco 802.1X Supplicant multiple security vulnerabilities
document Multiple privilege escalation vulnerabilities. Password information leak through log files.
 gnucash symbolic links vulnerability
document Symbolic links problem on temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.02.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.02.2007
Detailed
7!snort IDS buffer overflow
document Buffer overflow on DCE/RPC protocol parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 VMWare guest system weak permissions
document Unprivileged user of guest system with VMWare tools installed can perform some privileged operations, such enabling/disabling network interface.
 IrfanView DoS
document Program hangs on corrupted WMF files open.
  


19.02.2007
Detailed
 VicFTPS FTP server buffer overflow
document Buffer overflow in CWD command.
 libevent library DoS
document Endless loop on DNS reply parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 19.02.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ProFTPD xontrols module buffer overflow
document Buffer overflows in controls module.
 Apple iTunes DoS
document NULL pointer crash on xml parsing.
  


18.02.2007
Detailed
6!SpamAssassin DoS
document Oversized URLs in messages lead to DoS conditions.
6!HP ServiceGuard for Linux unauthorized accesss
   
 IBM AIX buffer overflow
   
 Axigen format string vulnerability
document Format string vulnerability on syslog() call.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux kernel privilege escalation
updated since 11.11.2004
document Invalid exception conditions handling leads to multiple reace conditions with privileged memory access.
 Oracle authentication downgrade
document It's possible for man-in-the-middle to force client and server to use weaker authentication protocol.
  


16.02.2007
Detailed
6!Microsoft Word 2000 / XP 0-day vulnerability
document Vulnerability is used in-the-wild for malware trojan installation.
 EasyMail ActiveX buffer overflow
document Buffer overflow in IMAP4 object's Connect method.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.02.2007
Detailed
8!ClamAV antivirus directory traversal
document MIME part id is used to form local filename without checking for ../. In addition, there is a DoS on CAB files parsing.
6!Multiple PHP vulnerabilities
document Multiple buffer overflows, DoS conditions, information leaks, etc.
6!Sun Solaris TCP packets processing race conditions
document DoS against system is possible.
6!HP-UX SLSd unauthorized access
document It's possible to create any file with attacker-supplied data.
 ejabberd roster ODBC module vulnerability
   
 iTinySoft Studio Total Video Player buffer overflow
document Buffer overflow on .m3U files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Lizardtech DjVu plugin multiple security vulnerabilities
document Multiple buffer overflows in different methods.
 Cisco PIX / ASA / FWSM multiple security vulnerabilities
document Multiple DoS conditions on HTTP, SIP, TCP traffic parsing.
 Comodo firewall protection bypass
document CRC32 control checksum is used for files protection making in trivial to bypass it.
 PalmOS Treo smartphones protection bypass
document Find feature allows access to locked device.
  


14.02.2007
Detailed
7!Microsoft Internet Explorer multiple security vulnerabilities
document Memory corruptions on COM objects instantiation and FTP server response parsing can be used for hidden malware installation.
6!Multiple Microsoft Office vulnerabilities
updated since 13.02.2007
document Multiple vulnerabilities with different object types handling.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple Cisco IOS IPS security vulnerabilities
document Protection bypass with fragmented IP packets. DoS if regular expressions are used.
 Microsoft Step-by-Step Interactive Training buffer overflow
updated since 13.02.2007
document Buffer overflow on bokmarks files handling (.cbl, .cbm, .cbo).
 Microsoft Excel DoS
document NULL pointer dereference on corrupted XML/XLS files.
  


13.02.2007
Detailed
8!Microsoft Malware Protection integer overflow
document Integer overflow on PDF files parsing.
7!Microsoft Windows RiсhEdit control memory corruption
document Memory corruption in RF-enbedded OLE object can be used for hidden malware installation.
7!Microsoft Windows OLE dialog memory corruption
document Memory corruption on RTF-embedded OLE object. Can be used for hideen malware installation.
7!Microsoft Windows HTML Help ActiveX code execution
document It's possible to access unsafe functions from web page. Vulnerability can be used for hidden malware installation.
6!Microsoft Windows Image Acquisition Service buffer overflow
   
6!Microsoft Windows Shell Hardware Detection privilege escalation
document Parameter of function executed during hardware detection is not validated.
 Tiny FTPd buffer overflow
document Buffer overflow in User command
 MIMEDefung buffer overflow
   
 Aruba Mobility Controller multiple security vulnerabilities
document Unauthorized access to management interface thorugh wireless network. Buffer overflow
 PHP str_ireplace DoS
document  $Data = str_ireplace("\n", "<br>", $Data); can cause PHP engine to crash Because of off-by-one overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Visual Studio 64-bit time functions DoS
document Invalid use of assert()-style macro causes application termination for time_t values behind _MAX__TIME64_T (January, 1 3000).
 Miniwebsvr web server directory traversal
document It's possible to retrieve parent directory listing with /..%00 request.
  


12.02.2007
Detailed
6!µTorrent buffer overflow
document Buffer overflow on .torrent file announce section parsing.
 Microsoft Internet Explorer / Mozilla Firefox user input hijacking
document It's possible to hijack input focus by using OnKeyDown / OnKeyPress events.
 IP3 NetAccess directory traversal
document Directory traversal in Web administration interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.02.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Trend Micro Antivirus multiple security vulnerabilities
updated since 08.02.2007
document Buffer overflow on UPX-packed executables parsing. Privilege escalation through \\.\TmComm DOS-device.
 ImageMagick buffer overflow
updated since 15.08.2006
document SGI, PALM, DCM graphics format parsing buffer overflows.
 Windows Mobile Internet Explorer DoS
document Vulnerability during WML parsing. Hard reset is required to resume operations.
  


09.02.2007
Detailed
6!SAP Web Application Server multiple security vulnerabilities
document Directory traversal, local privilege escalation, DoS.
6!HP Mercury LoadRunner Agent buffer overflow
document magentproc.exe (TCP/54345) stack buffer overrun on oversized server_ip_name paramter.
 HP OpenView Storage Data Protector privilege escalation
   
  


08.02.2007
Detailed
 pam_ssh allow_blank_passphrase protection bypass
document The allow_blank_passphrase option was defeatable by entering a random but non-blank passphrase.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Axigen Mail Server DoS
document Off-by-one overflow in POP3 CRAM-MD5 authentication, NULL pointer dereference in IMAP APPEND command.
 3proxy user account locking
document It's possible to lock user's account if user's password is stored as NT-hash via HTTP proxy. Service restart or configuration reload is required to restore account in working state. In addition, Basic authentication is offered as first authentication protocol, it can lead to shoosing weak (cleartext) authentication protocol even if stronger one (NTLM) supported. Vulnerability is fixed in 0.5.3 version.
 WinRAR / unrar buffer overflow
document Buffer overflow on password protected archives parsing.
  


07.02.2007
Detailed
6!Linux kernel keyctl DoS
document Race condition during unique key generation cause NULL pointer dereference on multiprocessor box.
 SGI propack information leak
document Content of last session's frame buffer is shown after reboot.
 FreeProxy DoS
document Request to it's own address and port causes proxy to hang.
 Alibaba Alipay ActiveX memory corruption
document Memory free() by controlled address in Remove() function.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 07.02.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.02.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 OSF/1 ps information leak
document ps show environment variables for all processes.
 Firefox / Opera phishing protection bypass
document It's possible to bypass phishing protection by adding "." character to hostname or additional "/" after hostname.
  


05.02.2007
Detailed
6!WinProxy buffer overflow
document Buffer overflow on parsing HTTP CONNECT proxy request.
6!PostgreSQL multiple security vulnerabilities
document Server internal memory regions reading because of invalid datatype handling in SQL functions and with ALTER COLUMN TYPE during request execution.
6!Samba file server multiple security vulnerabilities
updated since 05.02.2007
document Solaris nss_winbind.so.1 gethostbyname() and nss_winbind.so.1 functions buffer overflow. Remote DoS in smbd with infinite loop. Format string vulnerability in VFS afsacl.so plugin.
 ColdFusion crossite scripting
document User-Agent field from HTTP request is used unfiltered in error message text. It's possible to manipulate client's User-Agent field through Flash.
 Jetty web server weak pseudo-random number generator
document Weak PRNG generator is used for session cookie making it's possible to spoof the session id.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mozilla Firefox weak PRNG generator
document Weak PRNG generator is used to generate temporary files names for XMLHttpRequest. It may be used to access content of local files by creating temporary HTML file with predictable name.
 Multiple VMWare clipboard problem
document Content removed from clepboard may reapper during switching between host and guest systems.
  


04.02.2007
Detailed
6!Microsoft Windows XMLHTTP proxy problem
document Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser.
 WebRoot SpySweeper protection bypass
document Content is blocked only by filename. Multiple archive formats are not supported.
 CheckPoint FireWall-1 information leak
document It's possible to retrieve certificate revocation least from internal CA (port TCP/18246).
 X-Kryptor Secure Client privilege escalation
document Privilege esclation thorugh device driver.
 Multiple RSS applications crosssite scripting
document It's possible to embed scripts in RSS content.
 Smb4K multiple privilege escalations
document Multiple vulnerabilities lead to privilege escalations.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Gom Player buffer overflow
document Buffer oveflow on oversized ref href URI in ASX file.
  


03.02.2007
Detailed
7!Microsoft Excel 0-day vulnerability
document Unknown vulnerability is used for hidden malware installation.
7!Microsoft Word 0-day vulnerabilities
updated since 31.01.2007
document Few unknown vulnerabilities are ussed for hidden malware installation.
 Ingate Firewall / SIParator weak authentication
document Authentication mechanism is vulnerable to replay attacks.
 Dazuke antivirus module DoS
document Multiple memory leaks create DoS conditions.
 Sun Solaris Loopback Filesystem protection bypass
document Users can rename and delete files in read-only file system.
 IBM
document Buffer overflow in bos.rte.libc library.
 Microsoft Internet Explorer and Pictures and Videos for Windows Mobile buffer overflow
document Buffer overflow on JPEG files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Nexuiz game unauthorized access
document gamedir command allows file system access.
 Apple WebKit library ROWSPAN DoS
document NULL pointer dereference on large rowspan number in HTTP parsing code.
 mpg123 audio player DoS
document Ebdless loop in HTTP client code if HTTP server closes connection before file ctransferred completely.
 Microsoft Internet Explorer multiple ActiveX different paramters DoS
document NULL pointer dereference.
 makeindex buffer overflows
document Buffer overflow on oversized filename.
  


02.02.2007
Detailed
6!BEA WebLogic / AquaLogic multiple security vulnerabilities
   
6!Hitachi products multiple security vulnerabilities
   
 Intel Enterprise Southbridge 2 Baseboard Management Controller unauthorized access
document It's possible to connect to server mothreboard control module and execute IPMI command without authentication.
 rPath Linux rMake multiple security vulneraiblities
   
 Mini Web Server multiple buffer overflows
   
 Multiple Symantec Web Security vulnerabilities
document CPU exhaustion on large file submission. Crossite scripting.
 Multiple Linux kernel vulnerabilities
document Multiple DoS conditions in syscalls processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 NoMachine NX Server privilege escalation
document nxconfigure.sh doesn't check invoking user, allowing configuration file modification.
  


01.02.2007
Detailed
9!Multiple Orcale security vulnerabilities.... again...
updated since 18.01.2007
document Released security update fixes 17 security vulnerabilities for Oracle Database, 9 vulnerabilities in Oracle HTTP Server, 12 security vulnerabilities for Oracle Application Server, 7 vulnerabilities for Oracle E-Business Suite, 6 security bugs in Oracle Enterprise Manager, 3 bugs in Oracle PeopleSoft Enterprise PeopleTools. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment.
7!Apple multiple applications format string vulnerabilities
document Format string vulnerabilities in multiple client applications.
7!Multiple Microsoft Excel buffer oveflows
updated since 09.01.2007
document Heap buffer overflow on oversized value of BIFF8 type column. Heap buffer overflow on oversized palette value for BIFF8 type column.
6!IBM AIX POP3 and IMAP daemons authentication problem
   
6!Cisco IP telephony routers DoS
document SIP packet (UDP/5060) to device with vois over IP support, but not configured for SIP causes device to crash.
 inotify weak permissions
   
 ZABBIX SNMP monitoring problem
   
 IPSwitch WS_FTP multiple security vulnerabilities with iFTPAddU / iFTPAddH (multiple bugs)
document Buffer overflows with iFTPAddU, iFTPAddH files parsing.
 Multiple Wireshark sniffer security vulnerabilities
document Problems with Ethernet frames parsing, HTTP and LLT packets parsing.
 Multiple Apple iChat Bonjour DoS conditions
document Multiple problems because of insecure dynamic DNS usage.
 Comodo Firewall Pro privilege escalation
document Insufficient filtering of hooked SSDT functions potentially allows code execution in system content.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 gtalkbot information leak
document Username and password are passed in command line and can be obtained with process list.
 Windows Live Messenger / Windows MSN Messenger decryptable password
document Password is stored in registry in reversable encryption.
 Bloodshed Dev-C++ buffer overflow
document Buffer overflow on oversized string in .cpp file.
 thttpd information leak
document If thttpd is started from system root, system root is used as web server root directory.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod