Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.03.2009
Detailed
 unzip / bzip2 DoS
updated since 23.03.2008
   
  


28.03.2009
Detailed
7!Multiple Sun Java (JRE / JWS) security vulnerabilities
document Multiple integer overflows and memory corruptions on different data formats parsing.
6!OpenJDK multiple security vulnerabilities
document Multiple DoS conditions, memory corruptions on different data formats parsing and LDAP requests.
 squid memory exhaustion
document Memory exhaustion on data received with ICAP protocol.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Webglimpse: crossite scripting.
  


26.03.2009
Detailed
6!HP OpenView Network Node Manager unauthorized access
   
 HP UX Veritas File System (VRTSvxfs) privilege escalation
   
 Systemtap race conditions
document Privilege escalation via stap tool for stapusr group users.
  


24.03.2009
Detailed
7!Evolution Data Server multiple security vulnerabilities
document Signature spoofing, DoS, process memory disclosure, integer overflows.
7!FreeBSD / Mac OS X integer overflow
document Integer overflow in kernel space on process timers.
 ZyXel G-570S multiple security vulnerabilities
document Unauthorized configuration access, DoS, information disclosure.
 Rittal CMC-TC Processing Unit II multiple security vulnerabilities
document Crossite scripting, session hijacking.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PostgreSQL DoS
document Stack overflow on error message conversion.
 Linux-PAM signed/unsignedconversion vulnerability
document Problems with non-ASCII symbols in configuration file.
  


21.03.2009
Detailed
6!LittleCMS color management system library multiple security vulnerabilities
document Buffer overflows, integer overflows, memory corruptions.
 BSPlayer buffer overflow
document Buffer overflow on oversized hostname in .bsl playlist.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Invision Power Board: user existance check
  


20.03.2009
Detailed
 Breach Security ModSecurity for Apache DoS
document Module hangs on incomplete HTTP POST multipart/form-data request.
 Hannon Hill Cascade Server privilege escalation
document Privilege escalation with XSLT files.
 Jasper library multiplesecurity vulnerabilities
document Integer overflow on JPEG2000 processing, format string vulnerability, symbolic links problem.
 ghostscript integer overflow
document Integer overflows in ICC library.
  


19.03.2009
Detailed
6!Autonomy KeyView library buffer overflow
document Buffer overflow on Word Perfect (.wpd) files parsing.
 CDex buffer overflow
document Buffer overflow on .ogg format parsing.
 Symantec PcAnywhere format string vulnerability
document Format string vulnerability with .chm filename.
 Weechat IRC client DoS
document Crash on PRIVMSG parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.03.2009
Detailed
6!Rosoft Media Player buffer overflow
updated since 19.12.2007
document Stack buffer overflow on .M3U files parsing.
 yaws Web server DoS
document DoS via HTTP request with oversized header.
 Rosoft Media Player buffer overflow
document Buffer overflow on .rml playlists parsing.
 Avahi multicast DNS server DoS
document Resources exhaustions on mDNS packet parsing.
 HP LaserJet printers crossite request forgery
document Crossite request forgery with form data in conjunctions with insecure default access.
 MySQL dynamic functions loading vulnerability
document It's possible to load dynamic library from any location; functions are still available after library is unloaded.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 GOM Encoder buffer overflow
document Buffer overflow on .srt subtitles processing.
  


15.03.2009
Detailed
7!glib library memory corruption
document Memory corruption on base64 encoding/decoding.
 MLDonkey directory traversal
document It's possible to retrieve any file with HTTP console.
 Apple iTunes DoS
document DoS with DAAP messages.
 SlySoft Multiple DVD applications memory corruptions
document ElbyCDIO.sys driver multiple memory corruptions.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: DoS against user's account and server.
  


12.03.2009
Detailed
6!Cisco CallManager / Unified Communications Manager privilege escalation
document During authentication process for address book synchronization, full access account credentials are leaked to client.
6!HP Systems Insight Manager unauthorized access
document Unaurhorized access via WMI interface (WMI Mapper).
 wesnoth game multiple security vulnerabilities
document DoS, code execution.
 POP Peeper buffer overflow
document Buffer overflow with Date: header.
 dash privilege esclation
document privilege esccalation with .profile
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting. Athree CMS: information leak, SQL injection, DoS.
 IBM Director CIM Server multiple security vulnerabilities
document DoS, privilege escalation.
 Linux kernel multiple security vulnerabilities
document Unauthorized skfp_ioctl statistics reset, getsockopt() information leak.
 Belkin Bulldog UPS management software buffer overflow
document Buffer overflow in built-in web server.
 PCTools iAntivirus multiple security vulnerabilities
document Protection bypass, invalid behaviour in multiuser environment.
 Adonics NAS Adapter DoS
document Multiple DoS conditions on HTTP requests processing after authentication.
  


11.03.2009
Detailed
 Asterisk VoIP server DoS
document NULL pointer dereference on empty SIP INVITE header.
 djbdns records poisoning
document Ivalid processing of compressed response allows to inject additional NS records.
  


10.03.2009
Detailed
10!Microsoft Windows kernel multiple security vulnerabilities
document Multiple security vulnerabilities allow code execution via EMF/WMF files.
 Microsoft Windows DNS and WINS special records spoofing
document It's possible to spoof WPAD and ISATAP records.
  


09.03.2009
Detailed
 libc fts_* functions vulnerabilities
document Invalid exceptional conditions processing on long path.
 SupportSoft DNA Editor ActiveX unauathorized access
document Multiple unsafe methods.
 MPFR library buffer overflow
document mpfr_snprintf() and mpfr_vsnprintf() functions buffer overflow
 Microsoft Internet Explorer DoS
document DoS with ListWidth property of Forms.ListBox / Forms.ComboBox ActiveX.
 FoxIT Reader multiple security vulnerabilities
document Uninitialized pointer dereference on PDF JBIG2 dictionary parsing, code execution, buffer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting.
 Cisco 7600 Series Router Session Border Controller module DoS
document DoS with crafted TCP/2000 data.
 OptiPNG buffer overflow
document Buffer overflow on .GIF files processing.
 Audacity buffer overflow
document buffer overflow on .gro files parsing.
 Apache Tomcat crossite scripting
document Crossite scriptign in example applications.
  


06.03.2009
Detailed
6!libpng uninitialized pointers
document Uninitialized pointer reference on PNG parsing.
 PHP unauthorized access
document mbstring.func_overload setting in .htaccess is applied to all websites.
 Multiple browsers inherited charset crossite scripting
updated since 25.02.2007
document If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP (SHIFT_JIS) charset.
  


04.03.2009
Detailed
 libsndfile / WinAmp integer overflow
document Integer overflow on .CAF format parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 curl protection bypass
document Access restrictons can be bypassed with redirections.
  


02.03.2009
Detailed
 dkim-milter Domain Keys authentication filter DoS
document Crash on invalid DNS kay.
 HTC Touch DoS
document vCard files are accepted and imported without user intervation .
 Hex Workshop buffer overflows
document Buffer overflow on .cmap and .hex files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cetera CMS: crossite scripting
 Wireshark multiple security vulnerabilities
document Vulnerabilities on different capture files format parsing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru