Computer Security
[EN] securityvulns.ru no-pyccku



29.02.2008
Detailed
6!Trend Micro OfficeScan multiple security vulnerabilities
document Buffer overflow and DoS conditions.
 Beehive/SendFile.NET - Secure File Transfer Appliance hardcoded credentials
document There is hardcoded FTP account sfoutbox/sfoutbox.
 Apple Mac OS X Loginwindow.app information leakage
document Username and password can be found in process memory.
 am-utils unauthorized access
   
 lighthttpd DoS
document DoS on large number of connections.
 VideoLAN VLC media player memory corruption
document Memory corruption on .MOV MP4 files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 dbus-daemon protection bypass
document User can bypass security access policy for some methods.
 Canon Multi Function Devices FTP bounce attack
document Device can be used for network attacks bouncing.
  


27.02.2008
Detailed
8!Mozilla Thunderbird buffer overflow
document Buffer overflow on external-body MIME type parsing.
6!Symantec antiviral engine API multiple security vulnerabilities
document Multiple DoS conditions and buffer overflow on RAR archives parsing.
 Cups multiple security vulnerabilities
document Code execution on URI handling, multiple DoS conditions.
 Nortel IP Phone DoS
document Large fragmented ICMP packet causes device to crash.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mozilla Firefox / Opera information leak
updated since 16.02.2008
document Error on BMP files displaying allows to read content of heap memory.
 Ghostscript buffer overflow
updated since 27.02.2008
   
 SurgeFTP FTP server DoS
document Administration web interface Content-Length memory consumption.
  


26.02.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 BEA WebLogic Server account locking bypass
document It's possible to bruteforce username/password of locked account.
  


24.02.2008
Detailed
6!Double-Take / HP StorageWorks Storage Mirroring disaster recovery software multiple security vulnerabilities
document Multiple DoS conditions and information leakage.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Scuttle: multiple XSS.
  


23.02.2008
Detailed
 Mozilla Firefox information leak
updated since 23.02.2007
document It's possible for script to check if given web page was visited by user.
  


22.02.2008
Detailed
6!ZyXel Prestige routers multiple security vulnerabilities
document Crossite scripting, crossite request spoofing, privilege escalation, unauthorized SNMP access, information leak.
 splitvt privilege escalation
document Group privileges are not dropped on external application execution.
 Sybase MobiLink buffer overflows
document Multiple buffer overflows during authentication.
 EMC Replistor multiple security vulnerabilities
document Multiple security vulnerabilities on TCP/7144 and TCP/7145 traffic parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.
  


20.02.2008
Detailed
6!NowSMS SMS/MMS gateway multiple security vulnerabilities
document Buffer overflows on authentication and on SMPP packets parsing.
 webcamXP information leak
document Memory content leakage.
 Foxit Remote Access Server (WAC Server) multiple security vulnerabilities
document Buffer overflow with telnet options, buffer overflow on oversized SSH packet.
 FreeSSHd DoS
document NULL pointer dereference on SSH2_MSG_NEWKEYS message.
 Lyris list manager multiple security vulnerabilities
document Privilege escalation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.
  


19.02.2008
Detailed
 Apple iPhoto DPAP server DoS
document Malformed request causes server to crash.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.
  


18.02.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.02.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.
  


16.02.2008
Detailed
7!FreeBSD IPSec DoS
document NULL pointer dereference on IPSec packet parsing.
6!Cisco Unified IP Phones multiple SIP security vulnerabilities
document Buffer overflows, DoS.
6!Cisco Unified Communications Manager / Cisco CallManager SQL injection
document Multiple SQL injections in user and admin pages.
 OpenDAL DoS
   
 Mailman crossite scripting
   
 Sami FTP Server multiple security vulnerabilities
document Multiple DoS conditions and buffer overflows.
 UniversalFtp Server multiple security vulnerabilities
document Buffer overflows and DoS conditions.
 IP Diva VPN SSL multiple security vulnerabilities
document Unlimited number of passwords attempts, CSS.
 FreeBSD sendfile() privilege escalation
document Syscall allows read access to write-only files.
 Mplayer / Xine multiple security vulnerabilities
updated since 05.02.2008
document Buffer overflow on FLAC data parsing, uninitilized pointer dereference on MOV parsing.
 SOPHOS Email Security Appliance crossite scripting
document Administration interface crossite scripting.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.02.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ultraseek: Cross-Site Scripting, Directory Traversal и Local File Inclusion уязвимостях, Verity Ultraseek
  


13.02.2008
Detailed
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.02.2008
document Multiple memory corruptions.
7!Apple QuickTime ActiveX buffer overflow
document Multiple buffer overflows in different methods and properties.
7!Apple Mac OS X multiple security vulnerabilities
document Service Location Protocol buffer overflow, Safari code execution, Time Machine code execution, Mail file:// URI code execution, Parental Control information leakage, Terminal URI code execution,Open Directory weak authentication, NFS client and server DoS.
6!Adobe Flash Media Server multiple security vulnerabilities
document Integer overflows and memory corruptions on parsing TCP/1935 and TCP/19350 RTMP messages.
6!ClamAV antivirus integer overflow
document Integer overflow on PE files parsing.
6!Microsoft Office memory corruption
document Memory corruption on malformed embedded objects.
6!Microsoft Publisher multiple security vulnerabilities
document Uninitialized memory reference and DoS conditions on .pub files processing.
6!Microsoft Works / Microsoft Office multiple security vulnerabilities
document Multiple buffer overflows and integer overflows on .wps files parsing.
 Fortinet Forticlient privilege escalation
   
 Gnumeric buffer overflow
document Buffer overflow on .XLS files parsing.
 Intermate WinIPDS multiple security vulnerabilities
document DoS, directory traversal.
 Brooksnet Remote Print Manager buffer overflow
document Buffer overflow on oversized filename.
 Novell Netware Client buffer overflow
document NWSPOOL.DLL EnumPrinters buffer overflow.
 HP Mercury SiteScope multiple security vulnerabilities
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 13.02.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.02.2008
Detailed
8!Adobe Acrobat / Reader multiple security vulnerabilities
updated since 10.02.2008
document Multiple buffer overflows and integer overflows, unsafe methods, unsafe dynamic library loading.
7!Microsoft Windows OLE buffer overflow
document Heap buffer overflow
7!Microsoft Windows Web Client service buffer overflow
document Buffer overflow on WebDAV server response parsing.
7!Linux kernel multiple security vulnerabilities
updated since 11.02.2008
document Kernel memory access with vmsplice syscall, access between virtual machines with /proc
6!Microsoft Word memory corruption
document Memory corruption on .doc file parsing.
6!Microsoft Internet Information Services privilege escalation
document Privilege escalation through file change notification. ASP files processing privilege escalation.
6!Microsoft Windows Active Directory DoS
document Crash on LDAP request handling.
6!Apache mod_jk2 multiple security vulnerabilities
document Multiple buffer overflows, including oversized Host: header.
 Larson Software Technology Network Print Server multiple security vulnerabilities
document Format string vulnerability and buffer overflow.
 Cyansoftware Opium OPI Server / cyanPrintIP multiple security vulnerabilities
document Format string vulnerability, DoS conditions.
 Grouplogic EztremeZ-IP file and print server multiple security vulnerabilities
document DoS conditions, directory traversal.
 WML symbolic links vulnerability
document Symbolic links problem on temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting, information leakage.
 Microsoft Windows Vista DoS
document Crash on DHCP server response parsing.
  


11.02.2008
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities
updated since 10.02.2008
document Multiple memory corruptions, input focus stealing, code execution, stored information corruption, directory traversal, information leaks, dialog spoffing.
  


10.02.2008
Detailed
6!Tk library buffer overflow
document Buffer overflow in ReamImage function on GIF parsing.
 IBM DB2 database server multiple security vulnerabilities
document TCP/523 remote administration service memory corruption. Dynamic livrary loading by relative path.
 jetAudio buffer overflow
document Buffer overflow on oversized ASX file URI.
 Sony Imagestation ActiveX buffer overflow
document Buffer overflow in SetLogging method.
 Ipswitch Instant Messaging multiple security vulnerabilities
document Format string vulnerability, multiple DoS conditions.
 CheckPoint SecuRemote / Secure Client weak permissions
document Cached logon credentials are stored in registry key accessed by everyone group.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS SiteEdit: crossite scripting.
 Apache Tomcat multiple security vulnerabilities
updated since 21.01.2008
document Crossite scripting, information disclosure.
 IEA multiple network applications DoS
document Integrated web administration server multiple security vulnerabilities.
 Netpbm buffer overflow
document giftopnm utility GIF parsing buffer overflow.
  


07.02.2008
Detailed
7!Symantec Backup Exec System Recovery Manager unauthorized access
document It's possible to upload files with TCP/8080 Web server.
6!IPSwitch WS_FTP Server Manager / Whats Up unauthorized access
document It's possible to access script files with localhostnull account without password. Scripts source code leak.
 TinTin++ MUD client multiple security vulnerabilities
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Select Identity unauthorized access
updated since 15.10.2007
   
  


06.02.2008
Detailed
6!HP Virtual Rooms unauthorized access
document Unauthorized access is possible via ActiveX component under Windows.
6!HP Storage Essentials SRM unauthorized access
   
6!Nero Media Player buffer overflow
document Buffer overflow on M3U files parsing.
 Yahoo JukeBox ActiveX buffer overflow
document Buffer overflow in AddBitmap() method.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP OpenView Network Node Manager DoS
updated since 06.02.2008
document DoS against Topology Manager Service (TCP/2532)
 IBM Informix Dynamic Server multiple security vulnerabilities
document SQLIDEBUG and onedcu operators allow to access arbitrary files.
 WinCom LPD Server multiple security vulnerabilities
document LPD buffer overflow with oversized filename, unauthorized web admin interface access, buffer and integer overflows.
 SAPlpd LPD server multiple security vulnerabilities
document Multiple buffer overflows and DoS conditions on lpd commands.
 IPSwitch FTP Log Server DoS
document Few large packets to UDP/5151 port cause server to stop normal operations.
 Weak initial sequence number generation
updated since 03.05.2001
document Weak initial sequence number generation allows to spoof TCP connection.
  


05.02.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Anon Proxy Server buffer overflow
document Buffer overflow on oversized username with double quote characters.
  


03.02.2008
Detailed
6!IpSwitch WS_FTP Server SFTP server buffer overflow
document Buffer overflow on oversized CWD.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Titan FTP Server buffer overflow
updated since 01.09.2004
document Buffer overflow on oversized commands.
  


01.02.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod