Computer Security
[EN] securityvulns.ru
no-pyccku

  


28.02.2011
Detailed
7!Cisco Telepresence multiple security vulnerabilities
document Unauthorized access, commands injection, information leakage, code execution.
6!Cisco FWSM / ASA DoS
document SCCP DoS, packets flood DoS.
6!Altigen VoIP Phone Systems buffer overflow
document Heap buffer overflow on SIP/TLS (TCP/5061) network packet parsing.
6!pam-pgsql buffer overflow
document Buffer overflow via IP address.
6!CA Internet Security / CA Host-Based Intrusion Prevention System code execution
updated since 24.02.2011
document SetXml and Save methods of HIPSEngine component allows to save file to any location.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco Linksys Wag120n crossite request forgery
document Web interface crossite request forgery.
 HP Web Jetadmin unauthorized access
   
  


26.02.2011
Detailed
9!Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
updated since 26.01.2011
document Quarterly security update closes nearly 70 different vulnerabilities in all applications.
6!Asterisk buffer overflows
document Multiple buffer overflows on UDPTL parsing.
 Linux pertiotions handling multiple security vulnerabilities
document Memory corruptions, information leaks, DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 tomboy code execution
document Shared library is loaded from the current directory.
  


24.02.2011
Detailed
7!Novell Netware integer overflow
document Integer overflow on XNFS (UDP/1234) processing.
6!Cisco Secure Desktop ActiveX multiple security vulnerabilities
document Few code execution possibilities.
6!Microsoft Windows application policy bypass
document It's possible to bypass application restriction policy by directly loading code into suspended process' memory via e.g. Microsoft Word macro.
 bin IXFR DoS
document Resources exhaustion on IXFR processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.02.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Avahi DNS server DoS
updated since 05.08.2010
document Crash on malformed DNS packet parsing.
  


22.02.2011
Detailed
7!Google Chrome multiple security vulonerabilities
document Memory corruptions, crossite scripting, DoS conditions.
6!Novell iPrint LPD daemon buffer overflow
document Buffer overflow on TCP/515 traffic parsing.
6!telepathy-gabble stream hijacking
document It's possible to hijack media stream with google:jingleinfo packet.
6!Cisco Security Agent code execution
document Code execution via Web management interface.
 IBM Lotus Domino Sametime crossite scripting
document stconf.nsf crossite scripting
 Novell ZenWorks TFTP Server buffer overflow
document Buffer overflow on TFTP request parsing.
 PHP grapheme_extract DoS
document NULL pointer dereference
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.02.2011
Detailed
 Kaspersky Antivirus protection bypass
document User can bypass application protection by activating inactive interface elements with EnableWindow().
  


18.02.2011
Detailed
 passwd / shadow vulnerabilities
updated since 17.02.2011
document It's possible to inject newlines into /etc/passwd
  


17.02.2011
Detailed
8!Oracle Java multiple security vulnerabilities / OpenJDK
document Over 20 of different vulnerabilities.
 Tembria Server Monitor security vulnerability
document Weak cryptography, crossite scripting.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.02.2011
Detailed
6!Accellion File Transfer Appliance multiple security vulnerabilities
document Backdoor keys, accounts and firewall rules, code execution, unauthorized access.
6!IBM Informix buffer overflow
document Buffer overflow in USELASTCOMMITTED option is not fixed for > 2 years.
6!Check Point Endpoint Security Server / Integrity Server information leaks
document Sensitive information, including private keys and passwords is accessible from Web interface.
6!OpenSSL DoS
document Uninitialized memory reference on ClientHello request parsing.
 IBM Lotus Notes code execution
document Code injection via cai: URI is not fixed for more than year.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.02.2011
Detailed
9!Adobe Reader / Acrobat multiple security vulnerabilities
updated since 11.02.2011
document Code execution, multiple memory corruptions.
9!Adobe Flash Player multiple security vulnerabilities
updated since 11.02.2011
document Integer overflows, memory corruptions.
9!Adobe Shockwave Player multiple security vulnerabilities
updated since 11.02.2011
document Multiple memory corruptions.
8!Microsoft Windows multiple security vulnerabilities
updated since 08.02.2011
document Buffer overflow in shell on thumbnail parsing, memory corruption on OpenType Compact Font Format parsing, privilege escalation via CSRSS, LSA, kernel and different drivers, Kerberos server spoofing, JScript/VBScript memory content leak.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 08.02.2011
document Multiple memory corruptions, unsafe DLL loading.
7!SCO OpenServer IMAP server buffer overflow
document Buffer overflow in IMAP service is not fixed in > 180 days.
6!CA ETrust Secure Content Manager integer overflow
document Integer overflow in TCP/1882 service is not fixed in > 180 days.
 HP StorageWorks X9000 unauthorized access
   
 DESLock+ privilege escalation
document Privilege escalation via IOCTL.
 Novell eDirectory DoS
document Hand on NCP (TCP/524) requests parsing.
 HP Power Manager crossite request forgery
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 VLC media player memory corruption
document Memory corruption on Matroska/WebM —Āontainers parsing.
 Overland Storage SnapServer unauthenticated access
document It's possible to access backup data via Web interface.
  


11.02.2011
Detailed
10!IBM Lotus Domino multiple security vulnerabilities
document Multiple security vulnerabilities are unputched for > 180 days.
8!RealNetworks RealPlayer code execution
document It's possible to save and execute file.
7!Microsoft Office multiple security vulnerabilities
document Multiple vulnerabilities in Excel and Powerpoint are unpatched during > 180 days.
6!Microsoft Visio multiple security vulnerabilities
document Multiple memory corruptions.
 MIT Kerberos 5 security vulnerabilities
document kpropd and KDC DoS.
 Linksys WAP610N unauthorized access
document Console access without authentication to TCP/1111 port.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


08.02.2011
Detailed
9!Microsoft IIS FTP Server buffer overflow
document Heap buffer overflow.
6!Apache Tomcat multiple security vulnerabilities
document Privilege escalation, DoS, crossite scripting.
 Microsoft Active Directory DoS
document Crash on SPN processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Comcast / SMC DOCSIS 3.0 Business Gateway - SMCD3G-CCR routers vulnerability
document Crossite request forgery, default account.
 HTC Peep information leak
document Application send twitter credentials in clear text.
  


04.02.2011
Detailed
7!IBM DB2 security vulnerabilities
document Buffer overflow and integer overflow in db2dasrrm (TCP/524)
7!HP OpenView Performance Insight Server backdoor
document Hidden undocumented user account is implemented in com.trinagy.security.XMLUserManager class
6!BMC PATROL Agent integer overflow
document Integer overflow on TCP/6768 traffic parsing.
 PostgreSQL buffer overflow
document Buffer overflow in intarray on large numbers parsing.
 pango / libpango buffer overflow
document Buffer overflow in pango_ft2_font_render_box_glyph()
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.02.2011
Detailed
9!Exim memory corruption and remote code execution
updated since 12.12.2010
   
6!Aruba Mobility Controller security vulnerabilities
document DoS and authentication bypass.
 Cisco Tandberg C Series default account
document Device is shipped via empty root password.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


02.02.2011
Detailed
7!Linux kernel multiple security vulnerabilities
document DoS via sendmsg, mprotect, setsockopt, Hypervisor/KVM etc, information leaks, privilege escalation.
 Nvidia CUDA drivers for Linux information leak
document Information leak from kernel to user space via cudaHostAlloc/cuMemHostAlloc calls.
 IcedTea for Java OpenJDK protection bypass
document Protection bypass in JNLP SecurityManage, JAR files digital signature spoofing.
 Cisco WebEx Recording Format Player multiple security vulnerabilities
updated since 16.12.2009
document Multiple vulnerabilities on .wrf / .arf files parsing.
  


01.02.2011
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru