Computer Security
[EN] securityvulns.ru no-pyccku



31.03.2007
Detailed
6!PHP printf() integer overflow
document Integer overflow on 64-bit systems.
6!PHP zip_entry_read() function integer overflow
updated since 29.03.2007
document Integer overflow leads to heap memory buffer overflow.
6!dproxy DNS proxy buffer overflow
updated since 23.03.2007
document Buffer overflow on oversized DNS request UDP packet (UDP/53).
 PHP iptcembed() function information leak
document Uninitialized memory region is returned on invalid function termination.
 PHP session.save_path open_basedir protection bypass
document It's possible to create file in any directory by using environment variables.
 America Online SuperBuddy ActiveX memory corruption
document One of methods allows execute some actions under controllable address.
  


30.03.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM Lotus Sametime code execution
document LoadLibrary function is available through ActiveX element.
 AOL software DoS
   
 AIX lsmcode privilege escalation
updated since 30.05.2006
document User's environment variable is used to launch external application.
  


29.03.2007
Detailed
6!Microsoft Vista ATI drivers vulnerability
document Blue Screen of Death whiel displaying images.
6!Avant Browser buffer overflow
document Buffer overflow on oversized Content-Type: header.
6!PHP read_file safe_mode protection bypass
document It's possible to bypass protection by using php://../../ prefix to filename.
 DataDomain Web interface unfiltered shell characters
document Unfiltered shell characters vulnerability in multiple Web interface commands.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FastStone Viewer buffer overflow
document Stack memory overflow on JPEG parsing.
 Inkscape multiple security vulnerabilities
document Format string vulnerability in URIs displaying, security problems with Jabber protocol.
 FTPDMIN special DOS device access
document Access to special devices (like //A:) causes DoS against application.
 MyServer privilege escalation
document suid() is called before sgid() for CGI applications.
 Linux IPv6 socket double memory free vulnerability
document Double memory free in ipv6_fl_socklist.
 ZZIPlib / zzcat buffer overflow
document Stack buffer overflow (stack overrun) on oversized filename.
 B21Soft BASP21 SMTP lines injections
document Invalid handling of "." character allows to inject SMTP commands into message.
 Linux pam_console privilege escalation
document Invalid device permissions handling if few users are logged in.
 PHP mail() function invalid characters processing
document Unfiltered \r\n and \0 characters allows strings injection and header truncation.
 FreeBSD eject buffer overflow
document Buffer overflow in -t option.
 ReactOS multiple security vulnerabilities
   
  


28.03.2007
Detailed
6!Cisco Unified CallManager / Unified Presence Server multiple security vulnerabilities
document Denial of service with Skinny / SCCP protocol (TCP/2000, TCP/2443), ICMP echo requiests flood, IPSec (UDP/8500) parsing.
6!Lotus Domino multiple security vulnerabilities
document LDAP Server heap overflow, Web access crossite scripting. Buffer overflow in IMAP CRAM-MD5 authentication.
6!HP JetDirect and HP printers buffer overflow
updated since 19.12.2006
document Buffer overflow in LIST, NLIST and RETR command of built-in FTP server.
 HP OpvenView Network Node Manager uauthroized access
   
 hpaftpd multiple buffer overflows
document Buffer overflows in multiple FTP commands.
 Truecrypt privilege escalation
document In suid mode it's possible for user to mount crypted filesystem to any directory.
 Corel WordPerfect buffer overflow
document Buffer overflow on .PRS file processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Opera / Firefox anti-phishing protection bypass
document Phishing sites embedded into IFRAME are not detected.
 Yahoo Messenger information leak
document Web mail authentication response reply with session identifier is saved in browser cache.
  


27.03.2007
Detailed
6!Linux kernel DCCP information leak
document Integer overflow in getsockopt for SOL_DCCP gives ability to read content of kernel memory.
 SingKorea ActiveX buffer overflow
document Buffer overflow in DownloadCertificateExt() method.
 Sony Playstation 3 flood DoS
document UDP datagrams flood DoS with enabled remote play feature.
 PHP PECL functions buffer overflows
document Buffer overflow in confirm_phpdoc_compiled() function.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.03.2007
Detailed
7!Microsoft Data Access Components code execution
updated since 13.02.2007
document ADODB.Connection NextRecordset() / Execute() double free() vulnerability. Can be used for hidden malware installation.
  


25.03.2007
Detailed
6!PHP variables unset use after free vulnerability
document There is no access counters for _SESSION and HTTP_SESSION_VARS variables, making it possible to trigger use-after-free conditions by unsetting these variables. In addition, it's possible to deserealize these variables.
6!X.Org libx11 library buffer overflow
document Integer overflow during images parsing leads to buffer overflow.
6!Real Networks Helix RTSP Server buffer overflow
document Heap buffer overflow on parsing RTSP REPLY request.
 PHP unserialize() function information leak
document Uninitiailized memory fragment is returned on "S:" string.
 pcapsipdump SIP packets DoS
   
 GlowWorm FW DoS
document Infinite recursion on DNS reply packets parsing.
 NetSievben SSH library SFTP DoS
document SFTP file descriptors leak.
 TinyMUX DoS
   
 Mozilla Fizzle addon crossite access
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 WarFTPd buffer overflow (outdated version)
document Buffer overflow in USER command.
  


24.03.2007
Detailed
6!Sun directory server memory corruption
document free() function is called for non-innitialized pointer.
6!squid cache proxy DoS
document DoS on processing TRACE method.
6!Multiple OPC Servers multiple security vulnerabilities
document Multiple memory corruptions.
 IDA Pro debugger unauthorized access
document Remote debugging request is executed regrdless of authentication state.
 file utilities integer overflow
   
 PHP FTP commans injection
document Unchecked CRLF in filename allows to inject FTP commands.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.03.2007
Detailed
 Microsoft Windows Vista Internet Explorer applications execution
document By clicking the link to the local file with the same name as local folder, file is executed.
  


22.03.2007
Detailed
6!PHP hash_update_file() function use after free() vulnerability
document Race conditions allows to free resource processed by function.
6!PHP ext/gd use after free() vulnerability
document During exceptional conditions handling, some resourceses aree free()ed and later accessed.
6!Atrium Mercur Mailserver IMAPD buffer overflow
document Multiple buffer overflows in IMAP NTLM authentication implementation. Buffer overflow in SUBSCRIBE command.
6!Gnome Evolution calendar format string vulnerability
document Format string vulnerability on shared memo parsing.
6!Linksys wireless routers information leak
document Configuration information, including whole set of password is returned by request to UDP/916 port.
6!Asterisk PBX SIP DoS
updated since 04.03.2007
document Application crash on malcrafted SIP packet.
 0IRC client DoS
document NULL pointer dereference on oversized server message.
 mb_parse_str() exceptional conditions protection bypass
document Exceptional conditions during function invocation may lead to enabling register_globals.
 PHP header() function memory corruption
document Heap memory page coruption allows code execution on big endian systems.
 Grandstream Budge Tone VOIP phones DoS
document Crash on SIP protocol INVITE message parsing.
 InterActual Player / CinePlayer ActiveX buffer overflow
document Buffer overflow in IASystemInfo.dll ActiveX element.
 XMMS multimedia player multiple integer overflows
document Multiple integer overflows on different multimedia file formats parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Oracle Dynamic Monitoring Services crossite scripting
document Crossite scripting with /servlet/Spy.
 Microsoft Internet Explorer DoS
document Memory exhaustion with appendChild method.
 Network Audio System DoS
   
  


21.03.2007
Detailed
 Cisco 7940 IP Phone denial of service
updated since 20.03.2007
document Crash on malformed INVITE SIP packet.
  


20.03.2007
Detailed
 OpenAFS filesystem privilege esccalation
document Attacke can make fake suid binary on network disk by using protocol weakness.
 ZyXel wireless routers DoS
   
  


19.03.2007
Detailed
 Microsoft Windows NDISTAPI DoS
document During exceptions handling on \Device\NdisTapi device request handling URQL is not returned from DISPATCH level on switching to user mode, leading to crash (BSOD) with IRQL_LESS_THAN_NOT_EQUAL on accessing paged memory.
 F-Secure anti-virus format string vulnerability
document Format string vulnerability in management server name allows local privilege escalation.
 Linux Security Auditing Tool symbolic links problem
document Symbolic links problem on temporary file creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.03.2007
Detailed
6!Sun Java Web Server unauthorized access
   
6!Linux netfilter multiple security vulnerabilities
document Protection bypass with fragmented IPv6 packets, denial of service.
 Adobe JRun / ColdFusion DoS
document Denial of service under IIS Server on file request to JRun root folder.
 netperf netserver symbolic links vulnerability
document Symbolic links vulnerability on /tmp/netperf.debug file creation.
 D-Link TFTP server memory corruption
document Memory corruption on oversized GET/PUT commands.
 PennMUSH mud environment DoS
document Multiple DoS conditions on different commands processing.
 Lookup electronic dictionaries interface symbolic links problem
document Symbolic links problem on temporary files creation.
 Rhapsody IRC client multiplesecurity vulnerabilities
document Multiple buffer overflows and formatstring vulnerabilities.
 Apple MacOS X multiple security vulnerabilities
document Mac OS X security update closes a number of vulnerabilities.
  


17.03.2007
Detailed
6!libwpd /OpenOffice / AbiWord multiple security vulnerabilities
document Multiple buffer overflows on Word Perfect documents parsing.
 PHP array_user_key_compare() function memory corruption
document Reference are left to freed buffer. It may lead to de-allocated memory space usage.
 PHP invalid session id and session_regenerate_id() function double free() vulnerability
document Race conditions on session identifier freeing can lead to double free() operation.
 PHP compress.bzip2:// URL safe mode protection bypass
document Safe mode and open_basedir limitations are not checked.
 FrontBase Database server buffer overflow
document Buffer overflow in 'CREATE PROCEDURE' SQL command.
 Multiple libft p / GFTP security vulnerabilities
document Multiple buffer overflows of different types.
 PHP ibase_connect function buffer overflow
document Buffer overflow on oversized function argument.
 IBM Rational ClearQuest Web crossite scripting
document Crossite scripting on text attachments.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.03.2007
Detailed
7!Microsoft MFC memory corruption
updated since 13.02.2007
document Memory corruption on RTF files parsing. Can be used for hidden malware installation.
 Cisco multiple products help system crossite scripting
document Crossite scripting on HTML help pages.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.03.2007
Detailed
 Microsoft Windows mmioRead () multimedia function integer overflow
document Integer overflow on negative parameter values.
 Microsoft Internet Explorer page content spoofing
document Crossite scripting in res://ieframe.dll/navcancl.htm#http://www.site.com page allows to inject HTML code into page.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Symantec Norton Personal Firewall / Norton Internet Security buffer overflow
updated since 18.09.2006
document \Device\SymEvent driver interface buffer overflow.
  


14.03.2007
Detailed
8!OpenBSD ICMPv6 buffer overflow
updated since 12.03.2007
document Buffer oveflow on fragmented IPv6 packet.
6!Apache Tomcat directory traversal
document It's possible to traverse directories with /\../.
6!Microsoft Windows ChangeServiceConfig2A memory corruption
document Memory corruption on ChangeServiceConfig2A() call.
 TrendMicro antivirus DoS
document Division by zero on UPX packed file parsing.
 minigzip utility buffer overflow
document Buffer overflow on oversized filename.
 McAfee ePolicy Orchestrator ActiveX multiple buffer overflows
document Buffer overflows in SiteManager.Dll ExportSiteList() and VerifyPackageCatalog() functions.
 unrarlib library buffer overflow
document Buffer overflow in urarlib_get() function on oversized filename.
 Unfiltered shell characters in Amarok media player
document Unfiltered shell characters on executing o external unzip command.
 Macromedia ShockWave ActiveX multiple security vulnerabilities
document SwDir.dll multiple methods buffer overflows.
 Java Dynamic Management Kit privilege escalation
document Invalid appliance of restriction policies allows to access Inter-ORB applications data.
 AstroCam DoS
   
 PHP filtering extension multiple security vulnerabilities
document Buffer underflow, filtering protection bypass.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.03.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.03.2007
Detailed
6!Ktorrent multiple security vulnerabilities
document Directory traversal with torrent files and DoS conditions.
 FiSH IRC clients encryption plugin multiple security vulnerabilities
document Multiple buffer overflows on different IRC messages.
 Plash sandbox protection bypass
document It's possible to execute any command via /dev/tty device.
 Trac content displaying vulnerability
document Content-Disposition MIME header is not defined. Crossite scripting.
 RIM BlackBerry 8100 Wireless DoS
document Resources exhaustion on activating long web link.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux setsockopt / getsockopt IPv6 DoS
document IPV6_RTHDR option with invalid value causes system crash.
 NetBSD ktruser integer overflow
   
  


11.03.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


10.03.2007
Detailed
6!snort packets reassembly DoS
document Invalid packets reassembly on connection tracking causes application to crash.
6!Oracle for Windows privilege escalation
document Weak permissions for memories sections and named pipes inside oracle process allow code execution with local system account.
6!Microsoft Windows files and folders management problems
updated since 07.03.2007
document During file operations conditions exist for attacker to gain access to content of protected or locked files. It's also possible to create unmanageble file.
 SnapGear packets flood DoS
   
 Apple Airport IPv6 weak default configuration
document IPv6 tunneling support is enabled by default and no filtering rules are applied to tunelled traffic.
 Sun SunFire ipmitool privilege escalation
   
 Avaya Communications Manager crossite scripting
   
 PHP COM extension safe_mode protection bypass
document WScript.Shell COM object allows execution of any commands.
 PHP CDFP extension cpdf_open information leak
document Fragment of source code is printed in diagnostics message.
 PHP SNMP extension snmpget() buffer overflow
document Buffer overflow on oversized ID.
 PHP zip:// URL buffer overflow
document Stack buffer overflow (stack overrun) on oversized URL.
 PHP substr_compare information leak
document Integer overflow allows memory reading behind variable boundaries.
 PHP shmop information leak
document By using shared memory via shmop() function, script can obtain content of parent application's memory.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mozilla Firefox integer overflow
document Integer overflow on large GIF image size values.
 Microsoft Windows OLE files DoS
document Crash on OLE file (.DOC) preview.
 Acrobat Reader plugin DoS
document Request to PDF file with large number of %n causes CPU and memory exhaustion.
 PHP FDF POST request filtering protection bypass
document FDF extension doesn't support filtering.
  


09.03.2007
Detailed
6!Apple QuickTime multiple security vulnerabilities
updated since 06.03.2007
document Integer overflows, buffer overflows and memory corruptions on different data formats parsing.
 MySQL subselect DoS
document NULL pointer dereference if string function is applied to select with "order by" result.
 Novell NetMail WebAdmin buffer overflow
document TCP/89 HTTP Basic authentication buffer overflow.
 CA eTrust privilege escalation
document GINA password reset interface privilege escalation.
 PHP crack_opendict() extension buffer overflow
document Buffer overflow on oversized function argument.
 IPSwitch IMail ActiveX multiple buffer overflows
   
 Omnikey CardMan 4040 linux driver buffer overflow
document Buffer overflow on cmx device request handling.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PHP import_request_variables internal variables overwrite
document $_GET $_POST $_COOKIE $_FILES $_SERVER $_SESSION and another internal variables may be overwritten during import.
 Conquest game buffer overflow
document Buffer overflow on parsing metaserver reply.
  


07.03.2007
Detailed
7!Multiple gzip security vulnerabilities
updated since 19.09.2006
document Buffer overflow, NULL pointer dereference, inifnite loop.
 silce-server router DoS
document Invalid authentication hash algorithm with empty cipher causes NULL pointer crash.
 Apache mod_python information leak
document If used in output filter mode, large output can lead to content of freed memory is leaked.
  


06.03.2007
Detailed
7!Multiple Mozilla Firefox / Thunderbird / Seamonkey vulnerabilities
updated since 27.02.2007
document HTML filtering bypass, crossite scripting, weak hashing function, memory corruption, buffer overflow, etc.
6!PHP mssql_connect() / mssql_pconnect() functions buffer overflow
document Buffer overflow leads to code execution, resulting in sandbox protection bypass.
6!Mercury/32 IMAP server buffer overflow
document Buffer overflow in LOGIN command.
6!Unsigned content spoofing in multiple application launching GnuPG
document Signed text boundaries are incorrectly shown or not shown, making it's possible to insert unsigned packets.
 PHP php_binary / WDDX information leak
document Fragment of heap memory may be red because of missed variable length checking.
 mod_security protection bypass
updated since 06.03.2007
document Invalid handling of NULL byte in POST form data opens possibility to traverse checks.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PHP Ovrimos extension safe mode protection bypass
document There are numerous code exectuion possibilities.
  


05.03.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.03.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


04.03.2007
Detailed
6!Symantec MailSecurity DoS
document Crash on malcrafted mail headers parsing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod