Computer Security
[EN] securityvulns.ru no-pyccku



31.03.2005
Detailed
6!Cisco VPN 3000 SSL certificates DoS
document Malcrafted SSL packets can cause VPN server to crash, hang or drop connections.
 FastStone 4in1 Browser web server directory traversal
   
 mtftpd FTP server format string bug
document Format string bug on syslog() call.
 SPECTral Personal SMTP Server buffer overflow
document Application crashes on oversized e-mail header.
  


28.03.2005
Detailed
6!Linux Kernel Bluetooth support integer overflow
document Integer overflow in socket call processing.
 Maxthon search bar information leak
document Javascript may access search strings.
 mpg321 MP3 player ID3 tags format string vulnerability
document Format string bug on IDv3 tags processing.
 Apple QuickTime JPEG buffer overflow
document Buffer overflow on JPEG format parsing.
  


26.03.2005
Detailed
 Netcomm 1300NB DSL modem DoS
document Device hangs after strong network activity.
 smail mail transfer agent multiple vulnerabilities
document Remote buffer overflow, signals handling problem.
 OpenMosixView symbolic links problem
document Unsafe temporary files handling.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 22.03.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
  


25.03.2005
Detailed
6!Multiple Trillian instant messenger buffer overflows
document Multiple buffer overflow on parsing HTTP-based protocols, including RSS.
 Dnsmasq DNS forwarder multiple vulnerabilities
document Buffer overflow, DNS poisoning.
  


24.03.2005
Detailed
 mathopd Web server symbolic links problem
document Unsafe dump files creation.
 Oracle Report Server crossite scripting
   
 Sun Java System Application Server crossite scripting
   
 AS/400 terminal client backdoor functions
document There are few terminal function allows to execute command on client PC.
 Surgemail crossite sripting
updated since 04.06.2004
   
  


22.03.2005
Detailed
7!Apple MacOS X environment variable buffer overflow
document Buffer overflow on oversized CF_CHARSET_PATH variable.
6!rxvt-unicode terminal emulator buffer overflow
   
6!BOA Web server directory traversal
updated since 09.10.2000
document Directory traversal by using ESC sequences (/%2E%2E/) allows to access any system file.
 Ocean FTP Server DoS
document Large number of established conenction causes server to crash.
 dyndnsupdate dyndns.org DNS update program multiple buffer overflows
document Multiple buffer overflows.
 PVDasm disassembler/debugger buffer overflow
document Buffer overflow on oversized module name.
 Buffer overflow in multiple IMAP clients
updated since 15.05.2003
document Buffer overflows on long replies, large message sizes, etc.
 Multiple xloadimage image viewer bugs
updated since 10.07.2001
document Buffer overflows, shell metacharacters problem.
 Nortel VPN client weak encryption
document Cleartext password is stored in memory.
  


20.03.2005
Detailed
 OllyDbg debugger buffer oveflow
document Buffer overflow on oversized program module.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 14.03.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
 MagicWinmail SMTP/POP3/IMAP/Webmail/FTP/LDAP Server multiple bugs
updated since 28.01.2005
document Directory traversal in Webmail and IMAP, webmail crossite scripting, FTP bouncing attack.
  


19.03.2005
Detailed
6!J2SE Java Web Start sandbox protection bypass
document By using JLNP files it's possible to manipulate with JAVA virtual machine settings.
 Cain & Abel sniffer buffer overflow
document Heap buffer overflow on oversized PKI ID parameter.
  


18.03.2005
Detailed
7!McAfee AntiVirus buffer overflow
document Buffer overflow on LHA archives antiviral checking.
 Novell Netware Xsession Authentication Bypass
   
 ir Squid proxy plugin buffer overflow
document Off-by-one overflow.
 LSH lshd secure shell server DoS
   
 Citrix Metaframe secondary application password leak
document It's possible to obtain secondary application password from the HTML source.
 Linux ISO9660 filesystem multiple memory corruptions
document Multiple bugs leading to memory corruptions.
 Windows 2000 GetEnhMetaFilePaletteEntries() API DoS
document Application may crash on malcrafted EMF file processing.
 MailEnable mail server format string bug
document Format string bug in SMTP MAIL FROM: command.
  


17.03.2005
Detailed
7!Windows License Logging Service buffer overflow
updated since 09.02.2005
document Buffer overflow during request parsing.
 Servers Alive servers monitoring tool privilege escalation
document With help subsystem it's possible to start application with LocalSystem privileges.
 OpenPGP/GnuPG chosen ciphertext cryptography attack
document With CFB mode encryption attacker can recover part of the plaintext if 2 first bytes of the message block are known.
 KDE desktop environment multiple bugs
document Local Desktop Communication Protocol (DCOP) DoS, symbolic links problem in dcopidlng.
 PlatinumFTP FTP Server format string vulnerability
updated since 14.03.2005
document Format string bug in username during FTP authentication.
 DataRescue Interactive Disassembler Pro (IDA Pro disassembler/debugger) buffer overflow and format string bug
updated since 25.01.2005
document Buffer overflow on oversized inported library name, format string bug in library name.
  


16.03.2005
Detailed
8!Multiple Microsoft Internet Explorer browser security vulnerabilities
updated since 09.02.2005
document Drag-n-Drop vulnerability, URL Decoding Zone Spoofing Vulnerability, DHTML Method Heap Memory Corruption Vulnerability, Channel Definition Format (CDF) Cross Domain Vulnerability. This vulnerability can potentially be used for silent spyware or adware installation.
6!LimeWire Gnutella peer-to-peer network agent directory traversal
document Directory traversal and absolute path during GET request profcessing.
6!Multiple MySQL database vulnerabilities
updated since 11.03.2005
document Symbolic links problem during tamporary database tables creation, loading dynamic library from untrusted source, buffer overflows, DoS.
6!Novell iChain access control solution multiple bugs
updated since 30.08.2004
document DoS, information leak (including authentication data), crossite scripting, session hijacking.
 Apache Tomcat JavaServer Page technology server AJP12 DoS
   
 GoodTech telnet server buffer overflow
document Buffer overflow in web administration interface.
 LuxMan game buffer overflow
   
  


14.03.2005
Detailed
 OpenSLP (Service Location Protocol) buffer overflow
document Multiple buffer overflow on SLP packets parsgin.
 UTStarcom iAN-02EX ATA (VoIP Analog Terminal Adaptor) defaul password unauthorized access
document Access from WAN network with default password.
 Multiple Ehereal sniffer bugs
updated since 09.03.2005
document Buffer overflow during parsing of CDMA 2000 RADIUS authentication. Buffer overflow on IAPP parsing.
  


13.03.2005
Detailed
 PHP, ASP, CGI web applications security vulnerabilities
updated since 09.03.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
  


11.03.2005
Detailed
 IPSwitch IMAIL Mail server IMAP buffer overflow
updated since 15.11.2004
document Buffer overflow in IMAP DELETE and EXAMINE commands.
  


10.03.2005
Detailed
 HP Tru64 Unix message queue DoS
document Denial of service with system message queue interface.
 Active Webcam / DCAM WebCam multiple bugs
updated since 22.12.2003
document Directory traversal, crossite scripting.
  


09.03.2005
Detailed
6!Yahoo Messenger Instang messaging agent buffer overflow
document Buffer overflow during offline status message displaying.
6!Multiple bugs in trillian instant messaging client
updated since 03.08.2002
document Buffer overflows, format string bugs.
 Multiple Xerox WorkCentre products unauthorized access
document It's possible to bypass authentication for Web interface access.
 Libexif buffer overflow
document Buffer overflow during EXIF tags parsing.
 Microsoft Exchange 2003 multiple nested folders DoS
document Renaming or moving folder with large number of sub-folder causes service to stop.
 Gene6 FTP Server privilege escalation
document Administration interface has no access restriction, allowsing any local user to execute commands with SYSTEM privileges.
 Oracle database UTL_FILE object directory traversal
document Directory traversal in UTL_FILE methods.
 SafeNet Sentinel License Manager buffer overflow
document SentinelLM service buffer overflow.
  


07.03.2005
Detailed
 Multiple Abuse game vulnerabilities
document Buffer overflow, privileged file access.
 HashCash antispam token generation utility format tring bug
document From: e-mail message header format string bug.
 mlterm (multilignual termional emulator) integer overflow
document Integer overflow on background image processing.
  


05.03.2005
Detailed
7!PaX non-executable memory protection privilege escalation
document Bug in vma mirroring feature allows to execute code with privilege of the different application.
  


04.03.2005
Detailed
 Squid proxy Set-Cookie header race conditions cookie leak
document Race condition leads to the situation Set-Cookie header is leaked to different connection.
  


03.03.2005
Detailed
6!Computer Associates Licensing client and server multiple vulnerabilities
document Multiple buffer overflows on different network protocol commands processing.
 HP OpenVMS privileged files access
   
 Computalynx CProxy proxy server multiple vulnerabilities
document Directory traversal, DoS.
 Einstein school file sharing network agent weal file permissions
document Sensitive information is stored in world readable file.
 Real Player media player .smil and .wav files buffer overflow
updated since 02.03.2005
document Stack based overflow on oversized system-screen- size parameter. Heap overflow on .wav files parsing.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 28.02.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
 FoxMail Mail server buffer overflow
updated since 08.02.2005
document Buffer overflow on SMTP "MAIL FROM:" and "USER" command.
  


02.03.2005
Detailed
 Symantec hardware firewall devices SMTP messages leak
document Under certain conditions SMTP messages may be sent with insecure external connection instead of internal one.
 Multiple RaidenHTTPD Web Server vulnerabilities
document Buffer overflow, script source leak.
  


01.03.2005
Detailed
 PHP readfile() DoS
document Denial of service during large file access.
 Microsoft VBScript Engine memory leak
document Regular expression functions memory leaks.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod