Computer Security
[EN] securityvulns.ru no-pyccku



23.02.2015
Detailed
8!Samba memory corruption
document Uninitilezed pointer free'ing potentially leads to code execution.
7!Cisco WebEx Meetings Server code execution
document Shell injection.
6!Apache Tomcar request spoofing
document Request spoofing on chunked encoding processing.
 HP UCMDB information disclosure
document 
 HP SiteScope privilege escalation
document 
 condor code execution
document Unfiltered shell characters on mailx invocation.
 EMC Captiva Capture information leakage
document Cleartext password may be logged.
 vorbis-tools DoS
document out-of-bounds read on raw files processing.
 liveMedia integer overflow
document Integer overflow on RTSP parsing.
 IBM Endpoint Manager crossite scripting
document Relay Diagnostics crossite scripting.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 22.02.2015
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 LG On Screen Phone authentication bypass
document Authentication is IP address based.
 Mooplayer buffer overflow
document Buffer overflow on .m3u files parsing.
  


22.02.2015
Detailed
6!ISC bind named DoS
document DNSSEC parsing assert().
6!PHP multiple security vulnerabilities
updated since 11.02.2015
document exif_process_unicode() DoS, var_unserializer.re code execution, information disclosure.
 Elasticsearch restrictions bypass
document Sandbox restrictions bypass.
 Google mail application DoS
document DoS on message parsing.
 Netatmo Weather Station information leakage
document Information leakage.
 NetGear WNDR security vulnerabilities
document Information leakage, authentication bypass.
 LibreOffice memory corruption
document Memory corruption on RTF parsing.
 UnZip multiple security vulnerabilities
updated since 23.12.2014
document Few buffer overflows.
  


16.02.2015
Detailed
6!vlc multiple security vulnerabilities
document Integer overflows, buffer overflows.
 libmspack / cabextract DoS
document Infinite loop on extraction.
 X.Org information disclosure
document XkbSetGeometry information disclosure and DoS.
 Cisco Secure Access Control System SQL injection
document SQL injection via Web interface
 Open-Xchange restrictions bypass
document It's possible to bypass file sharing restrictions.
 perl-Gtk2 use-after-free
document Gtk2::Gdk::Display::list_devices use-after-free.
 dbus DoS
document Incorrect errors handling.
  


11.02.2015
Detailed
8!Microsoft Office multiple security vulnerabilities
document Code execution, use-after-free.
8!Microsoft Windows multiple security vulnerabilities
document Multiple Internet Explorer memory corruptions, kernel privilege escalation, group policies code execution and restrictions bypass, process creation privilege escalation, TIFF parsing information leakage.
8!ntpd multiple security vulnerabilities
updated since 23.12.2014
document Authentication bypass, buffer overflow, information leakage, restrictions bypass.
6!PostgreSQL multiple security vulnerabilities
document Memory corruptions, information leakage, SQL injections.
6!ClamAV memory corruptions
document 
6!MIT Kerberos 5 multiple security vulnerabilities
document Information leakage, double free.
 libvirt information disclosure
document It's possible to manipulate VIR_DOMAIN_XML_SECURE flag.
 Microsoft Virtual Machine Manager privilege escalation
document Insufficient users role checking.
 Asus RT routers unauthorized access
updated since 07.04.2014
document Full anonymous access is allowed be default. Authentication bypass. Crossite scripting.
 busybox restrictions bypass
document Modules loading restrictions bypass.
  


02.02.2015
Detailed
9!Apple Mac OS X multiple security vulnerabilities
document Protection bypass, memory corruptions, buffer overflows, code execution, crossite access, information disclosure.
9!GNU glibc gethostbyname functions buffer overflow
document Buffer overflow in __nss_hostname_digits_dots().
8!Google Chrome / Chromium multiple security vulnerabilities
document Multiple vulnerabilities on HTML and different formats parsing.
8!Apple Safari / Webkit multiple security vulnerabilities
document Multiple memory corruptions.
8!Apple Safari / Webkit multiple security vulnerabilities
updated since 04.08.2014
document URI spoofing, information leakage, memory corruptions.
7!Apple iOS multiple security vulnerabilities
document Protection bypass, memory corruptions, buffer overflows, code execution, crossite access.
7!FreeBSD security vulnerabilities
document Memory corruption, memory disclosure, DoS on SCTP handling.
6!Apple TV multiple security vulnerabilities
document Protection bypass, memory corruptions, buffer overflows, code execution, crossite access.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apache Qpid security vulnerabilities
document DoS, non-switchable anonymous access.
 Android DoS
document WiFi direct function DoS.
 Xen DoS
document Invalid page reference handling.
 Pexip Infinity static ssh keys
document Static ssh key is used on nodes creation.
 EMC Unisphere Central open redirect
document Open redirect in web interface.
 VMware vSphere Data Protection certificate validation bypass
document Insufficient server certificate validation.
 EMC Avamar certificate protection bypass
document Insufficient certificate validation.
 Privoxy use-after-free
updated since 25.01.2015
document Multiple use-after-free cases.
 Asterisk DoS
updated since 13.01.2015
document Crash on empty WebSocket frame. File descriptor leak on incompatible codecs.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod