Computer Security
[EN] securityvulns.ru
no-pyccku

  


25.02.2010
Detailed
8!Novell NetStorage buffer overflow
document Heap buffer overflow on file request processing.
8!Symantec multiple antiviral applications buffer overflow
document Buffer overflow on content parsing. Buffer overflow in ActiveX.
8!Adobe multiple server application information leak
document It's possible to access loca files by AMFX request with XML External Entities.
8!Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
updated since 19.02.2010
document Multiple memory corruptions, use-after-free, crossite scripting.
6!EMC HomeBase Server directory traversal
document Directory traversal via SSL services.
 Kojoney DoS
document Insufficient URL filtering in curl and wget emulation allows access to local files and devices, causing memory exhaustion.
 Avast! antiviral applications memory corruption
document Memory corruption on IOCTL processing in aavmker4.sys.
 CA eHealth Performance Manager crossite scripting
updated since 25.02.2010
   
 Xerox WorkCentre printers backdoor
document Multiple administration pages are available without authentication.
 Linux kernel privilege escalation
updated since 25.02.2010
document Privilege escalation with wake_futex_pi function.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 squid proxy server DoS
document Crash on HTCP packets processing.
 Apache Tomcat crossite scripting
updated since 04.06.2008
document host-manager username crossite scripting.
 Bournal information leak
document Command line paramters including encryption key are visible in processes list. Insecure temporary files creation.
  


22.02.2010
Detailed
6!Cisco Security Agent multiple security vulnerabilities
document Directpry traversal, SQL injection, DoS.
6!Cisco ASA multiple security vulnerabilities
document NTLM authentication bypass, multiple DoS conditions.
 polipo proxy server DoS
document Crash on processing HTTP request and response headers.
 Asterisk dialplan modification
document Atacker can control dialplan if ${EXTEN} macro is used.
 Cisco Firewall Services Module DoS
document DoS on Module Skinny Client Control Protocol (SCCP) inspection.
 IBM Cognos Server backdoor
document Undocumented Apache Tomcat account for TCP/19300 administration server.
 Portwise SSL VPN crossite scripting
document Crossite scripting on login page.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 SAP Web AS multiple security vulnerabilities
updated since 21.01.2010
document Code execution with Internet Communication Framework, information leak, crossite scripting, directory traversal.
  


19.02.2010
Detailed
 Pidgin / Adium messenger multiple security vulnerabilities
document Memory corruption on SLP (MSN) messages parsing. Multiple DoS conditions.
  


17.02.2010
Detailed
7!Microsoft Windows code execution
updated since 10.02.2010
document URL code injection.
6!OpenOffice buffer overflow
document Buffer overflow on Microsoft Word documents parsing.
 Enomaly ECP code execution
document VMCasting payload signing is not implemented during software update process.
 MIT Kerberos 5 DoS
document KDC crash on request processing.
 Huawei HG510 crossite request forgery
document Crossite request forgery allows to reboot device.
  


16.02.2010
Detailed
9!Linux kernel multiple security vulnerabilities
document DoS conditions, privilege escalations, kernel memory access, weak permissions.
8!Oracle quarterly security update
updated since 16.07.2009
document Approximately 30 vulnerabilities in different applications are fixed.
6!Cisco IronPort Encryption Appliance multiple security vulnerabilities
document Multiple vulnerabilities in HTTPS interface.
6!HP Operations Agent unauthorized access
   
 Hyleos ChemviewX ActiveX buffer overflows
document Stack based buffer overflows (stack overruns) in SaveasMolFile and ReadMolFile methods.
 HP Network Node Manager code execution
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Facebook for iPhone multiple security vulnerabilities
updated since 05.01.2010
document Crosste scripting via notes page, session hijacking.
 fetchmail buffer overflow
document Buffer overflow in verbose mode on SSL certificate paramters printing.
 Google Chrome information leak
document Password manager allows username/password from external source to be automatically filled.
 Motorolla Milestone DoS
document Browser crash on Javascript.
  


12.02.2010
Detailed
7!Microsoft Office applications multiple security vulnerabilities
updated since 10.02.2010
document Buffer overflow on Microsoft office files parsing, multiple memory corruptions on Microsoft PowerPoint fiels parsing.
 HP ProLiant Support Pack multiple security vulnerabilities
document Code execution, information leak.
 HP DreamScreen information leak
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


10.02.2010
Detailed
9!Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities
updated since 09.02.2010
document Multiple memory corruptions in ICMPv6, IPSec, TCP implementations.
8!SSL data injection
updated since 09.11.2009
document Data injection possibility connected with SSL in-session renegotiation.
7!Microsoft Windows SMB server multiple security vulnerabilities
document Memory corruptions, buffer overflow, DoS conditions, cryptography weakness.
7!Microsoft Data Analyzer ActiveX Control memory corruption
   
6!Microsoft Windows kernel privilege escalation
document Double free() vulnerability, exception handler vulnerability.
6!Microsoft DirectShow buffer overflow
document Buffer overflow on AVI parsing.
6!Microsoft Windows Client/Server Run-time Subsystem
document Invalid process termination on user's logout.
 Microsoft Windows Kerberos DoS
document NULL pointer dereference on TGT renewal request processing.
 Microsoft Hyper-V DoS
updated since 10.02.2010
document Insufficient instruction set validation in virtual machine.
 Microsoft Paint integer overflow
document Integer overflow on JPEG parsing.
  


09.02.2010
Detailed
7!Multiple Web servers information leak
document It's possible to access script sources and/or bypass access restrictions by using Windows 8.3 filenames and space characters.
6!JDownloader download manager code execution
document TCP/9666 port HTTP interface used for application management is vulnerable to form redirection attacks.
 TVUPlayer ActiveX code execution
document Insecure method allows local files access.
 Clearweb GeFest Web HomeServer directory traversal
document It's possible to access files behind web root.
  


08.02.2010
Detailed
 Ipswitch IMail multiple security vulnerabilities
document Weak permissions for registry and installation folder. Passwords are stored in readable location with reversible encryption.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 08.02.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Gnome Nautilus code execution
document HTML script is executed in local machine context on HTML prveiew.
  


06.02.2010
Detailed
7!Samba directory traversal
document It's possible to access any directories in the sysmte by symbolic links.
  


05.02.2010
Detailed
 chrony multiple security vulnerabilities
document Traffic amplification, resources exhaustion.
 Apple Safari DoS
document Memory corruption on Javascript processing.
  


04.02.2010
Detailed
8!Microsoft Internet Explorer information leak
document It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag.
6!squid proxy server DoS
document Crash on authentication, crash on DNS reply parsing.
6!maildrop privilege escalation
   
6!jBCrypt library cryptographic vulnerability
document non-ASCII characters are converted to '?' befor hash calculation.
 Samba race conditions
document Race conditions in mount.cifs utility.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apple iPhone cryptographic weakness
document Certificate key usage is not checked during validation of .mobileconfig wireless autoconfiguration file.
 Cisco Secure Desktop crossite scripting
document Crossite scripting via POST request to https://{IP}//+CSCOT+/translation?textdomain=csd&prefix=trans&lang=en-us
 Linux kernel multiple security vulnerabilities
updated since 04.02.2010
document Buffer overflow on ISDN HDLC packet, gdth driver IOCTL privilege escalation, devtmpfs weak permissions.
 HP OpenVMS Record Management Services privilege escalation
   
 Asterisk integer overflow
document Integer overflow on T.38 over SIP FaxMaxDatagram field parsing.
 AOL buffer overflow
document Buffer overflow on vCard (.vcf) files parsing.
 HP StorageWorks Tape Autoloader privilege escalation
document Web interface allows non-privileged user to obtain administrative privileges.
 Corel Paint Shop Pro buffer overflow
document Heap buffer overflow on FPX format parsing.
 HP System Management Homepage crossite scripting
updated since 21.05.2009
   
 Xerox Workcenter 4150 DoS
document assert() on PJL parsing
  


02.02.2010
Detailed
6!lighttpd DoS
document Memory exhaustion on HTTP request reading.
6!RealNetworks RealPlayer multiple security vulnerabilities
updated since 21.01.2010
document Memory corruptions, buffer overflows on different codecs and media formats.
6!IBM AIX rpc.cmsd buffer overflow
updated since 09.10.2009
document Buffer overflow on RPC request parsing.
 HP Enterprise Cluster Master Toolkit privilege escalation
   
 Qihoo 360 Security Guard privilege escalation
document IOCTL privilege escalation.
 Oracle (Sun) Solaris DoS
document UCODE_GET_VERSION IOCTL NULL pointer dereference.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru