Computer Security
[EN] securityvulns.ru
no-pyccku




27.02.2009
Detailed
 POP Peeper mail notifier buffer overflow
document Buffer overflow UIDL server reply parsing.
  


26.02.2009
Detailed
7!Cisco ACE multiple security vulneraiblities
document Privilege escalation, default accounts, DoS.
7!Cisco Unified MeetingPlace Web Conferencing multiple security vulnerabilities
document Authentication bypass, crossite scripting.
6!BitDefender crossaplication scripting
document Filename is displayed without filtering during scanning.
6!Apache Tomcat information leak
document Under some conditions it's possible to retrieve data from previous POST request.
 Shoutcast server buffer overflow
document Buffer overflow in DNAS Relay service on master server reply parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Orbit Downloader buffer overflow
document Buffer overflow on oversized URL.
 HP Virtual Rooms ActiveX code execution
   
 Huawei HSDPA routers SMS crossite scripting
document SMS text is shown unfiltered.
 OpenSG / EasyHDR Pro / ksquirrel-libs buffer overflow
updated since 20.01.2009
document Buffer overflow on Radiance RGBE (*.hdr) images parsing.
  


25.02.2009
Detailed
9!Adobe Flash Player code execution
document Invalid processing of virtual functions.
6!libpng multiple security vulnerabilities
document Few vulnerabilities potentially allow code execution on PNG parsing.
 PyCrypto python module DoS
document DoS on ARC2 key processing
  


23.02.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Drupal: Crossite scripting. E107: crossite scripting.
  


21.02.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.02.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Drupal: Crossite scripting
  


18.02.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: HTTP response splitting, SQL injection, directory traversal.
 fglrx code execution
document Usafe shared libraries search path.
  


17.02.2009
Detailed
9!FreeBSD telnetd privilege escalation
updated since 16.02.2009
document LD_xxx environment variable are not cleared on 'login' execution, makeing it's possible to execute code witi root privileges. For remote exploitation it's required to have ability to upload the file to remote system (via FTP, Web, etc).
 Enomaly ECP / Enomalism symbolic links vulnerability
updated since 01.02.2009
document Insecure temporary files creation.
  


16.02.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 cryptsetup functionality problem
document It's impossible to delete keyslot while using key from same keyslot.
  


12.02.2009
Detailed
7!ProFTPd SQL injection
document SQL injections in database modules.
 Swann DVR4 video monitoring digital video recorder information leakage
document Unauthenticated access to configuration files is possible.
 Nokia Phoenix Service Software ActiveX buffer overflow
document SelectDevice method buffer overflow
 Geovision Digital Video Surveillance System directory traversal
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.02.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 pam_kerberos multiple security vulnerabilities
document Privilege escalation, DoS.
 Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS
updated since 30.09.2008
document Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval.
 Mozilla DoS
document Server reply with 206 code causes application to hang.
  


11.02.2009
Detailed
8!Microsoft Exchange multiple security vulnerabilities
document Memory corruption on TNEF (Exchange format) messages parsing, DoS.
6!Microsoft Internet Explorer multiple security vulnerabilities
document Few memory corruptions.
 Microsoft Visio multiple security vulnerabilities
document Multiple memory corruptions.
 Microsoft SQL Server memory corruption
document sp_replwritetovarbin stored procedure memory overwrite.
  


10.02.2009
Detailed
7!OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities
updated since 09.01.2009
document Multiple vulnerabilities in SSL/TLS DSA/ECDSA certificate chain validations.
6!Trend Micro InterScan Web Security Appliance / Trend Micro InterScan Web Security Suite information leak
document Proxy-Authorization header is not removed from client request, leaking proxy username/password.
 Netgear SSL312 VPN router DoS
document DoS thorugh Web interface.
 ZeroShell unauthorized access
document Command executionthorugh web interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 OpenCore / Android memory corruption
document Memory corruption on MP3 parsing.
 3COM OfficeConnect routers unauthroized access
document Authentication bypass for web pages with sensitive information and device configuration.
 Nokia N95 / Nokia E90 DoS
document Device crashes on malformed JPEG parsing.
  


07.02.2009
Detailed
6!RealPlayer multiple security vulnerabilities
updated since 07.02.2009
document Multiple vulnerabilities on IVR format parsing.
6!HP OpenView Network Node Manager code execution
document Information leakage, command injection.
6!HP OpenView Network Node Manager multiple security vulnerabilities
updated since 10.01.2009
document Multiple vulnerabilities in CGI interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP-UX DoS
document DoS against NFS.
 HP multiple printers unauthorized access
   
  


05.02.2009
Detailed
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Memory corruption, crossite scripting, local files access, HTTP-only cookie leakage, caching for no-cache files.
7!UltraVNC / TightVnc multiple integer overflows
   
7!HP-UX IPv6 multiple security vulnerabilities
document Unauthorized access, Denial of Service.
7!Novell Netware GWIA buffer overflow
document Off-by-one on oversized SMTP RCPT TO: command.
7!Mozilla / Firefox / Firebird / Netscape array overflow
updated since 31.05.2006
document Array ovrflow on high marquee tag recursion level.
6!AREVA T&D e-terrahabitat multiple security vulnerabilities
   
6!QiP DoS
document Crash on RTF message parsing.
6!Cisco Wireless LAN Controller multiple security vulnerabilities
document Multiple DoS conditions, privilege escalation.
6!NaviCopa HTTP Server buffer overflow
updated since 28.03.2007
document Stack buffer overflow (stack overrun) on oversized request to cgi-bin directory. Script content leak with "." added to path.
 FeedDemon buffer overflow
document Buffer overflow on OPML files parsing.
 Nokia Multimedia Player buffer overflow
document Heap buffer overflow on .pls parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco IOS crossite scripting
updated since 16.01.2009
document Crossite scripting in different scripts.
 LCPlayer buffer overflow
document Buffer overflow on .qt files parsing.
 Euphonics Audio Player buffer overflow
document Buffer overflow on .pls files parsing.
  


04.02.2009
Detailed
6!Squid cache proxy server DoS
document Denial of Service on invalid HTTP protocol version.
  


02.02.2009
Detailed
6!Free Download Manager multiple security vulnerability
document Buffer overflow in remote control HTTP server, buffer overflow on torrent stream parsing.
 Multiple Kaspersky Lab applications privilege escalation
document Access to kernel memory regions from usermode on IOCTL processing.
  


01.02.2009
Detailed
6!sudo privilege escalation
updated since 01.02.2009
document It's possible to elevate privileges to root even if configured to run under different account.
 HP Select Access crossite scripting
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.01.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-Upload Manager 1.0: SQL injection, crossite scripting.
 netatalk shell characters vulnerabilities
updated since 18.01.2009
document Shell characters vulnerability on PostScript print jobs processing.
 EleCard MPEG PLAYER buffer overflow
document Buffer overflow on .m3u playlists parsing.
 MediaMonkey buffer overflow
document Buffer overflow on .m3u files parsing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru