Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.03.2008
Detailed
6!HP OpenVMS unauthorized SSH access
   
6!CA BrightStor ARCserve Backup ActiveX Buffer overflow
updated since 20.03.2008
document Buffer overflow in ListCtrl.ocx AddColumn().
 policyd-weight symbolic links vulnerabilities
document Symbolic links vulnerability on temporary file creation.
 HP notebooks multiple security vulnerabilities
document BIOS vulnerabilities allows unauthorized access and DoS.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Internet Explorer / mozilla Firefox address spoofing
   
  


28.03.2008
Detailed
8!Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 26.03.2008
document Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication.
8!CISCO routers IOS multiple security vulnerabilities
updated since 26.03.2008
document MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities.
6!Novell eDirectory buffer overflow
updated since 26.03.2008
document Buffer overflow on oversized LDAP delRequest.
  


27.03.2008
Detailed
6!IBM SolidDB database server multiple security vulnerabilities
document Format string vulnerability in logging function, multiple DoS conditions.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.03.2008
Detailed
6!SILC server and client buffer overflow
document Buffer overflow on PKCS #1 certificates parsing.
 AzTech routers command execution
document It's possible to execute routers commands via web interface without authentication.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


25.03.2008
Detailed
6!OpenSSH privilege escalation
document Local user can hijack X-session of different user because of invalid DISPLAY variable initialization.
6!Xine / MPlayer / VLC buffer overflow
updated since 21.01.2008
document Buffer overflows and array overflow on RTSP parsing.
 debian-goodies Scripts shell characters vulnerabilities
document Shell characters problem via process names in checkrestart utility.
 Linksys SPA-2102 wireless IP phones DoS
document Large ICMP packets cause device to crash.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Hamachi VPN Client cleartext password in process memory
document Cleartext username and password can be dumped in cleartext from process memory.
  


24.03.2008
Detailed
6!Sun Solaris rpc.ypupdated code execution
document Insufficient RPC requests filtering.
6!ircu and snircd IRC servers array index overflow
document Array index overflow in /mode command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Claroline: crossite scripting.
 Novell Groupwise unauthorized access
document User who has access to shared folder of different user can gain access to the rest of the folders.
 Adobe Flash CS3 Professional / Macromedia Flash MX code execution
document Multiple code execution vulnerabilities on .FLV files parsing.
 Linksys WRT54g authentication bypass
updated since 04.08.2006
document Configuration changes are applied without authentication through Web interface.
  


23.03.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mitsubishi GB-50A unauthorized access
document Access authentication is not implemented.
 Apple Safari for Windows buffer overflow and content spoofing
updated since 22.03.2008
document Buffer overflow on oversized download filename.
  


22.03.2008
Detailed
8!Microsoft Office / Excel / Outlook / Web Components multiple security vulnerabilities
updated since 12.03.2008
document Microsoft Excel multiple security vulnerabilities, Outlook mailt: URI code execution, multiple Office memory corruptions, Office Web Components multiple security vulnerabilities.
7!ZyXel ZyWall unauthorized access
document It's possible to manipulate with routing via RIP and OSPF with default non-changeble account 'zebra'.
6!Microsoft Internet Explorer 7 request modification
document Headers manipulation and invalid chunked encoding processing allow response splitting.
 Asus Remote Console buffer overflow
document Buffer overflow on TCP/623 request parsing.
 PHP integer overflow
document Integer overflow in printf function.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.03.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS DataLife Engine - path information leakage.
  


21.03.2008
Detailed
8!Asterisk multiple security vulnerabilities
updated since 19.03.2008
document Multiple format string vulnerabilities, buffer overflow on RTP handling, HTTP interface sessions spoofing, unauthorized SIP calls.
6!SurgeMail buffer overflow
document Buffer overflow in LSUB IMAP command.
6!Linux kernel information leak
document Kernel memory access with fault handlers.
6!Multiple xinelib / Xine media player security vulnerabilities
document Multiple buffer overflows on different media formats parsing.
  


20.03.2008
Detailed
6!Gentoo Linux multiple packages incalid SSL certificates generation
document Certificate may be leaked to public file due to invalid ssl-cert eclass implementation.
6!FaceBook / Aurigma Image / PhotoUploader / Piczo ImageUploader / ActiveX buffer overflow
updated since 06.02.2008
document Multiple buffer overflows in different properties.
 CenterIM shell characters vulnerability
document Shell characters vulnerability on URI processing.
 XWine WINE graphical interface multiple security vulnerabilities
document Symbolic links problem on temporary files creation, weak configuration file permissions.
 IBM Rational ClearQuest crossite scripting
document Multiple crossite scripting conditions.
 HP StorageWorks Library and Tape Tools unauthorized access
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.03.2008
Detailed
8!MIT Kerberos multiple security vulnerabilities
document krb5kdc multiple memory corruptions. kadmin RPC library array overflow.
6!Apple Mac OS X wiki server directory traversal
document It's possible to upload file to any server directory.
6!CUPS print system buffer overflow
document Heap buffer overflow on TCP/631 request parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.03.2008
Detailed
7!VMWare applications multiple security vulnerabilities
document Host to guest shared folder (HGFS) directory traversal, named pipes privileg e escalation, Windows 2000 privilege escalation, DHCP service DoS, configuration file privilege escalation, memory corruption.
6!Sun Solaris Cluster service rpc.metad DoS
document Cradsh on malformed RPC request.
6!unzip code execution
document Memory corruption with free() with invalid pointer.
 Microsoft Internet Explorer 7.0 DoS
document Crash on createtextrange method.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Home FTP Server DoS
document Some command sequence causes service to crash.
  


17.03.2008
Detailed
7!MG-Soft Net Inspector multiple security vulnerabilities
document Format string vulnerability, directory traversal, DoS conditions.
6!VideoLAN VLC media player multiple security vulnerabilities
updated since 26.12.2007
document Buffer overflow on subtitles parsing, format string vulnerability in Web interface TCP/8080.
 Bootix BootManage TFTPD buffer overflow
document Buffer overflow on logging.
 RSA WebID crossite scripting
document Multipel crossite scripting possibilities.
 Raidsonic nas-4220 weak cryptography
document Encryption key is stored with data.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Snewscms Rus 2.3: crossite scripting
  


16.03.2008
Detailed
6!XNView buffer overflow
document Buffer overflow on oversized filename.
6!Rosoft media player buffer overflows
document Buffer overflow on RML files parsing.
  


15.03.2008
Detailed
7!Cisco CiscoWorks Internetwork Performance Monitor code execution
document It's possible to execute commands without authentication.
6!IBM Informix Dynamic Server multiple security vulnerabilities
document Buffer overflow during authentication (TCP/1526), buffer overflow on oversized DBPATH.
  


14.03.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 14.03.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.03.2008
Detailed
7!Sun java WebStart multiple security vulnerabilities
document Buffer overflow in useEncodingDecl().
6!McAfee Framework / ePolicy Orchestrator format string vulnerability
document Format string vulnerability in logging functions.
6!Cisco SecureACS buffer overflow
updated since 12.03.2008
document Buffer overflow on UCP (user changeable passwords).
6!Squid Analysis Report Generator buffer overflow
updated since 03.03.2008
document Buffer overflow and crossite scripting on oversized User-Agent in squid log.
 Zabbix DoS
document Invalid data to TCP/10050 приводят к отказу службы.
 Remotely Anywhere DoS
document TCP/2000 HTTP request invalid Accept-Charset header NULL pointer dereference.
 Argon Client Management Services directory traversal
document directory traversal in built-in TFTP server.
 Acronis TrueImage multiple DoS conditions
document unallocated memory access, NULL pointer dereference.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Motorola Timbuktu multiple security vulnerabilities
updated since 12.03.2008
document Directory traversal, DoS and log spoofing.
  


12.03.2008
Detailed
 Adobe LiveCycle Workflow crossite scripting
document Crossite scripting with web management page.
 BEA Weblogic multiple security vulnerabilities
document Session hijacking and HTML injection in web administration console.
  


11.03.2008
Detailed
6!SAP MaxDB database server multiple security vulnerabilities
document vserver remote heap overflow, sdbstarter privilege escalation.
6!ASG-Sentry multiple security vulnerabilities
document Unauthorized files access, buffer overflows, DoS.
6!MPlayer multiple security vulnerabilities
document Buffer overflows on URLs and CDDB entries parsing.
 Acronis PXE Server multiple security vulnerabilities
document TFTP server directory traversal and NULL pointer dereference.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 11.03.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PacketTrap PT360 TFTP directory traversal and DoS
updated since 03.03.2008
document TFTP server directory traversal.
  


10.03.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.03.2008
Detailed
6!Checkpoint VPN-1 Edge crossite scripting
document Crossite scriptign with web authorization page.
 Panda Internet Security / Antivirus memory corruption
document cpoint.sys IOCTL processing memory corruption.
 Neptune Web Server crossite scripting
document Crossite scriptign with error page.
 tomboy code execution
document Invalid dynamic library path.
 lighthttpd information leakage
document It's possible to obtain CGI source code under some conditions.
 MicroWorld eScan Server directory traversal
document Embedded TCP/2021 FTP server directory traversal.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Board: crossite scripting with flash files.
  


06.03.2008
Detailed
 Ruby WEBrick Web server Toolkit directory traversal
document Directory traversal with backslash.
 Vobcopy symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Board: crossite scripting with flash files.
 Perforce Software Configuration Management multiple security vulnerabilities
document Multiple DoS conditions (endless loop, uninitialized memory reference, NULL pointer dereference).
  


05.03.2008
Detailed
6!Evolution format string vulnerability
document Format string vulnerability on encrypted mail parsing.
6!Versant Object Database code execution
document TCP/5019 client-supplied application execution.
6!Opera browser multiple security vulnerabilities
document Information leakage on form file upload, images comments scrip execution , DOM sanitization filters bypass.
 Google Android SDK multiple security vulnerabilities
document Multiple vulnerabilities on graphics formats parsing.
 Dovecot symbolic links vulnerability
document It's possible to access files readable by mail group via symlinks if mail_extra_groups=mail is set.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


04.03.2008
Detailed
6!Multiple BSD systems user-ppp buffer overflow
document Buffer overflow on PPP protocol parsing.
 Eye-Fi multiple security vulnerabilities
document Multiple vulnerabilities in TCP/59278 Web server.
 Paramiko SSH server weak encryption
document Weak PRNG generator is used for encryption.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.03.2008
Detailed
 Borland Starteam Server integer overflows
document Multiple integer overflows.
 Audacity symbolic links vulnerability
document Unsafe temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


02.03.2008
Detailed
 Livebox routers format string vulnerability
document Format string vulnerability in built-in ADI Convergence Galaxy FTP Server.
 Wireshark multiple security vulnerabilities
document Multiple DoS conditions.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
France-ed.com



Rating@Mail.ru