Computer Security
[EN] securityvulns.ru
no-pyccku




31.03.2006
Detailed
 Multiple HP-UX vulnerabilities
document It's possible to change file permissions recursively with 'usermod'. DoS with 'passwd'.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


30.03.2006
Detailed
 Samba information leak
document Machine account is logged in cleartext.
 NetBSD if_bridge information leak
document ioctl call exposes content of uninitialized memory.
 Solaris Sun Cluster SunPlex Manager privilege escalation
document User with solaris.cluster.gui authorization can access any local files.
 Dia biffer overflow
document Buffer overflow on XFig import.
 Mailman Scrubber.py DoS
document Malformed multipart messages parsing DoS.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 NetBSD mail weak permissions
document Record file is created workd-readable if set record is present in .mailrc.
  


29.03.2006
Detailed
6!PHP html_entity_decode() information leak
document Iinvalid processing of non-printable characters allows to access memory content.
 Enova cryptograpic chip protection bypass
document Encryption key is stored in EEPROM.
 Genius VideoCAM NB driver privilege escalation
document When pressing snapshot button, file selection window appears running with SYSTEM privileges.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 MPlayer media player integer overflow
updated since 07.02.2006
document Integer overflow on ASF files playing and different multimedia formats.
  


28.03.2006
Detailed
7!Symantec Veritas NetBackup network backup daemons multiple buffer overflows
document Buffer overflows in vnetd, volume manager, database manager.
6!cURL command line download utility buffer overflow
updated since 20.03.2006
document Buffer overflow on parsing tftp:// URL.
 Sun Solaris ps information leak
document ps -e allows to see environment variables for any process.
 flex fast lexical analyzer generator buffer overflow
document Buffer overflow on REJECT rule parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


27.03.2006
Detailed
6!libVC library buffer overflow
document Buffer overflow in count_vcards( on VCF files parsing.
 Microsoft Office memory corruption
document Memory corruption on XLS/XLW files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 27.03.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


25.03.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP-UX swagentd DoS
updated since 24.03.2006
   
  


24.03.2006
Detailed
9!Sendmail mail server race conditions
updated since 22.03.2006
document Race conditions on signals processing with setjmp/longjmp allow remote code execution.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 NetHack, Slash'EM, Falcon's Eye games privilege escalation
document User from games group can modify game data to cause code execution if game is executed by another user.
 ISS BlackICE / ISS RealSecure intrusion prevention systems privilege escalation
document Help subsystem is launched under Local System account.
 Password Safe 3.0beta weak cryptography in PRNG
document rand() is used on systems different from Windows XP.
  


23.03.2006
Detailed
7!Linux kernel multiple vulnerabilities
updated since 22.03.2006
document Integer overflow in netfilter's do_replace() function, memory corruption in usb/gadget driver. Kernel memory content leak through sockaddr_in.sin_zero.
 Baby FTP Server file enumeration information leak
document Different messages for existing and non-existing user outside FTP home directory.
 IBM Tivoli Business Systems Manage crossite scripting
document Crossite scripting with https://[host]:9443/TbsmWebConsole/help/en/jsp/apwc_win_main.jsp?skin=[code]
 KisMac MacOS sniffer buffer overflow
document Buffer overflow on parsing SSID paramtere of Cisco vendor-specific tags.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Orion application server source code disclosure
document It's possible to access JSP page content by adding dot with space character to file extention.
  


22.03.2006
Detailed
6!FreeBSD IPSec replay attack
document fast_ipsec implementation doesn't increment packet sequence number, allowing replay attack for captured packet.
6!opie one time password system privilege escalation
document Under some conditions unprivileged user can be validated as 'root'.
 util-vserver restrictions bypass
document All unknown capacities are allowed by default.
 BEA WebLogic Portal information leak
document Incorrect caching algorithm leads to user's portlet data may be leaked to another portlet.
 WebLogic Server / WebLogic Express multiple security vulnerabilities
document DoS, local filesystem access.
 RunIt chpst privilege escalation
document It's possible to obtain root group privilege.
 Motorola cellular phones multiple bluetooth vulnerabilities
document Security dialog spoofing, buffer overflow.
 snmptrapfmt symbolic links vulnerability
document Symbolic links problem on temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ASP.NET invalid components usage DoS
document w2wp process can crash or exhaust resources on .Net applications written without “AspCompat” directive.
  


21.03.2006
Detailed
8!X.org / X11 X server privilege escalation
document By using -modulepath it's possible to specify shared libraries location to attach user's library to suid application.
6!Verisign multiple digital certificates managing products crossite scripting
document Crossite scripting with haydn.exe CGI component.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Gnome Screensaver protection bypass
document It's possible to kill screensaver with hotkey combination if server is running with AllowDeactivateGrabs and AllowClosedownGrabs option set.
 F5 Firepass 4100 SSL VPN crossite scripting
updated since 21.03.2006
document Web interface crossite scripting.
 FreeRADIUS EAP authentication bypass and DoS
document EAP-MSCHAPv2 implementation problems.
 Multiple MailEnable vulnerabilities
updated since 20.03.2006
document POP3 authentication vulnerability, crossite scripting, information leak.
 Multiple Symantec Veritas Backup Exec backup agent vulnerabilities
updated since 18.03.2006
document DoS, format string vulnerabilities.
 Gnome Evolution mail client DoS
updated since 28.01.2006
document Inline text attachment with oversized string causes application to hang.
  


20.03.2006
Detailed
6!Avast! antivirus weak file permissions
document Everyone:Full Control permissions are set to program folder.
6!jabberd instant messaging server DoS
document Crash on malformed SASL request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.03.2006
Detailed
 NWFTPD Novell Netware FTP Server DoS
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.03.2006
Detailed
 Microsoft Commerce Server authentication bypass
document It's possible to login with known username without password. Fixed with Service Pack 2.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.03.2006
Detailed
8!Microsoft Internet Explorer array index overflow
document Array index overflow for large number of HTML tag's events handlers. Vulnerability can be used for hidden malware installation.
6!MERCUR Mailserver buffer overflow
updated since 19.07.2002
document Buffer overflow in configuration interface (TCP/32000) access verification. Multiple overflows in IMAP, POP3, SNTP protocol.
 Monotone code execution versioning controle system code execution
document Problems with case insensitive filesystems.
 BorderWare MXtreme firewall Web interface vulnerability
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.03.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 zoo buffer overflow
updated since 24.02.2006
   
  


15.03.2006
Detailed
8!Microsoft Office multiple vulnerabilities
document Multiple Microsoft Excel memory corruptions, all office products, including Outlook buffer overflows.
6!Adobe Document Server / Adobe Graphics Server directory traversal
document AlterCast (TCP/8019) service allows to upload, download and execute any suste, file.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.03.2006
Detailed
6!MacOS X Mail.app mail client buffer overflow
document Buffer overflow on MacMIME format parsing.
 Apache2::Request perl library DoS
document CPU consumption.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.03.2006
Detailed
6!Ubuntu Linux information leak
document Installation log contains username/password of first system user.
 Multiple Dwarf HTTP Server vulnerabilities
document Crossite scripting, scripts source code disclosure.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Kerio MailServer IMAP mail server DoS
updated since 13.03.2006
document Crash on IMAP Login command like a001 LOGIN {4294967294}
 Multiple ENet network library vulnerabilities
document Integer overflow, DoS.
 Multiple Firebird vulnerabilities
document Few executable files are installed suid firebird, one of them has buffer overflow.
 IPSwitch IMail IMAP mail server DoS
updated since 10.03.2006
document FETCH IMAP command processing DoS and code execution.
  


12.03.2006
Detailed
 AntiVir antivirus privilege escalation
document notepad.exe is executed with local system privileges to view report files.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


10.03.2006
Detailed
 GnuPG unsigned data injection
document While decoding non-detached (with signature within text) messages unsigned data behind signature is invalidely decoded as a part of the messages.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.03.2006
Detailed
 PeerCast peer-to-peer streaming server buffer overflow
document Buffer overflow on parsing request like http://localhost:7144/stream/?AAAAAAAAAAAAAAAAAAAAAAA....(800)
 Multiple Easy File Sharing Web server security vulnerabilities
document File upload with absolute path, denial of service, crossite scripting.
 Norton Antivirus DoS
document Antivirus crash on scanning malformed PE files.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple nCipher products cryptographic problems
updated since 08.03.2006
document Weak pseudo-random numbers generation, vulnerabilities in network protocol.
  


08.03.2006
Detailed
 Novell Bordermanager proxy server DoS
   
 Multiple Symantec Ghost security vulnerabilities
document Default username/password for application and Sybase database engine. dbisqlc.exe Shatter attacks.
 Multiple Xerox CopyCentre / Xerox WorkCentre Pro security vulnerabilities
document Buffer overflow and DoS on PostScript parsing, memory corruption in built-in Web server.
 RevilloC MailServer POP3 server buffer overflow
document Buffer overflow on oversized USER command.
 Linux kernel die_if_kernel() DoS
document DoS on Itanium platform.
 capi4hylafax hylafax addon symbolic links problem
document Symbolic links problem on creation of debug and log files.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Netcool NeuSecure Security information management platform multiple security vulnerabilities
updated since 17.02.2006
document Weak file permissions, cleartext passwords, passwords logging.
  


07.03.2006
Detailed
 Dropbear SSH server DoS
document Limited static number of pre-authentication TCP connections with large timeout valued.
 Multiple Alien Arena 2006 game vulnerabilities
document Buffer overflow, format string vulnerability, DoS conditions.
 Skype emotions DoS
document Application crashes on large number of emote icons.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple Liero Xtreme Liero game clone DoS
document DoS and format string vulneraability.
 Multiple Cube / Sauerbraten game engines vulnerabilities
document Multiple buffer overflows and DoS conditions.
 IM Lock protection bypass
document Decryptable password is stored in world-readable registry key.
 Cisco PIX TCP connection DoS
updated since 22.11.2005
document Packets from the same hosts are blocked for few minutes if packet with invalid checksum, or with 1 byte data or of predefined TTL is received.
  


06.03.2006
Detailed
6!libtasn1 tiny ASN.1 library / GnuTLS TLS implementation multiple security issues
updated since 10.02.2006
document Out-of-bounds access and buffer overflows in DER decoding.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


05.03.2006
Detailed
7!L-Soft Listserv list management system web interface code execution
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 AVG antivirus weak file permissions
document Everyone:Full Control permission is set for files, including drivers, after update.
 irssi IRC client / multiple routers DoS
updated since 02.03.2006
document Crash on DCC commands processing. Multiple routers with VxWorks embedded process IRC requests and drop IRC connection.
  


03.03.2006
Detailed
6!MacOS X Safari web browser component directory traversal
document BOMArchiveHelper component directory traversal.
6!Apple MacOS X passwd privilege escalation
updated since 02.03.2006
document Few vulnerabilities (symbolic links, race conditions) allow any system files editing.
 Multiple STLport vulnerabilities
document Few buffer overflows.
 Oreka RTP packets parsing DoS
   
 EMC Dantz Retrospect backup agent DoS
document Invalid packet to TCP/497 port causes service to fail.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


02.03.2006
Detailed
 Multipl NCP Secure Communications VPN / PKI client security vulnerabilities
document Local buffer overflows and privilege escalations, remote DoS.
 Evolution mail agent DoS
document Large plain text message with large number of URL causes application to hang.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.03.2006
Detailed
6!mb_send_mail() PHP safe mode protection bypass
updated since 28.02.2006
document mb_send_mail() and imap_* unfctions allow to access system files.
 M4 Project enigma-suite unauthorized access
document "enigma-client" / "nominal" system account is created dusring installation.
 SAP Web Application Server crossite scripting
   
 NetworkActiv Web Server script source code leak
document Invalid processing of requests with forward slash character.
 gettext symbolic links problem
document autopoint and gettextize scripts insecure temporary files creation.
 McAfee Virex antivirus protection bypass
document On access scan doesn't function.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 OpenSSH + OpenPAM configuration DoS
document PAM connection is not terminated if SSH connection is terminated before password validated.
 FreeBSD bfsd DoS
updated since 28.02.2006
document Malcrafted NFS bind request to TCP/2049 causes kernel panic.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.02.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Lighttpd web server source code disclosure
updated since 16.02.2006
document Source code leak on case-insensitive file systems.
 DoS против HP ProCurve
updated since 01.03.2002
   
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru