Computer Security
[EN] securityvulns.ru
no-pyccku




31.03.2010
Detailed
6!OpenDcHub buffer overflow
document Buffer overflow on MyINFO messages parsing.
6!Apache mod_proxy_ftp multiple security vulnerabilities
updated since 23.09.2009
document Denial of service, restrictions bypass.
 Apple iTunes for Windows privilege escalation
document Application is launched with LocalSystem rights from user-writable folder, allowing DLL spoofing.
 VMWare application WebAccess multiple security vulnerabilities
document Multiple crossite scripting vulnerabilities.
 HP Insight Control for Linux multiple security vulnerabilities
document Code execution, privilege escalation.
 HP SOA Registry Foundation multiple security vulnerabilities
document Crossite scripting, code execution, privilege escalation.
 HP-UX AudFilter DoS
   
 HP-UX with NFS/ONCplus NFS access
   
 aircrack-ng buffer overflow
document Buffer overflow on IEEE 802.11 EAPOL parsing.
 emacs privilege escalation
document It's possible to access different users' files via email helper.
 Varnish privilege escalation
document There is a process executing commands with root privileges.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.03.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.03.2010
Detailed
 HP Project and Portfolio Management Center crossite scripting
   
 Sun Solaris symbolic links vulnerability
document Multiple symbolic links vulnerabilities on updates installation.
  


25.03.2010
Detailed
7!Cisco routers IOS multiple security vulnerabilities
document DoS via TCP connections, multiple vulnerabilities in IPSec, H.323, SIP. SCCP, MPLS protocols.
6!MIT Kerberos DoS
document Crash on SPNEGO negotiation.
 Remote Help HTTP server format string vulnerability
   
 MX Simulator Server buffer overflow
document Buffer overflow on network request handling.
 puppet privilege escalation
document Elevated privileges are not dropped on files access, symbolic links vulnerability.
 Deliver race conditions
document Multiple race conditions lead to symlink attacks and DoS conditions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apple Safari / WebKit protection bypass
document Integer overflow allows to bypass destination port limitations.
 Lexmark laser printers multiple security vulnereabilities
document PJL processing buffer overflow, FTP service DoS.
 Linux GFS / GFS2 file system DoS
document gfs2_lock/gfs_lock doesn't check file permissions.
  


24.03.2010
Detailed
8!Microsoft Internet Explorer memory corruption
document Memory corruption on XML/HTML processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.03.2010
Detailed
 libcurl / cURL DoS
document Resources exhaustion on gzip decompression.
 Pango library array index overflow
document Array index overflow on font file parsing.
 Harris Stratex StarMAX crossite request forgery
document Referer for GET request is not checked.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM Lotus Domino response splitting
updated since 21.03.2010
document Response splitting via POST request to /names.nsf, crossite scripting.
  


21.03.2010
Detailed
6!PHP DoS
document Crash on XML-RPC requests processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.03.2010
Detailed
7!SAP MaxDB code execution
document Buffer overflow on TCP/7210 request parsing.
 httpdx DoS
document Crash on malformed HTTP request.
 QuickZip buffer overflow
document Buffer overflow on .zip files parsing.
 libpng DoS
document Resources exhaustion on data decompression in png_decompress_chunk().
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.03.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Virtual PC protection bypass
document Invalid memory regions protection for memory >2GB allows to bypass Windows memory protection techniques for guest system.
 MediaCoder buffer overflow
document Buffer overflow on .lst files parsing.
 Windisc buffer overflow
document Buffer overflow on Banzhaf (.bnz) files parsing.
  


17.03.2010
Detailed
7!WebKit / Apple Safari / Google Chrome multiple security vulnerabilities
updated since 15.03.2010
document Use-after-free, integer overflow, clickjacking.
 bind DNS server cache poisoning
updated since 01.12.2009
document It's possible to inject cache record during DNSSEC request processing.
  


15.03.2010
Detailed
8!Adobe Acrobat and Reader multiple security vulnerabilities
updated since 17.01.2010
document Code executions, memory corruptions, buffer overflow, integer overflow, DoS on PDF parsing.
7!Skype multiple security vulnerabilities
document Code execution and unauthorized files access on URI processing.
 SUPERAntiSpyware / SuperADBlocker multiple security vulnerabilities
document Multiple DoS conditions, information leaks, privilege escalation, memory corruptions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.03.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.03.2010
Detailed
8!Spamassasin milter plugin shell characters vulnerability
document Shell characters vulnerability via RCPT TO: command.
7!Apache mod_isapi uninitialized pointer function call
document Uunder some conditions function from dynamic library is called by it's address after library is unloaded.
7!Integer overflow in Autonomy KeyView / Symantec antiviral applications
document Buffer overflow on Microsoft Office documents parsing.
6!HP OpenView Performance Insight code execution
document It's possible to upload JSP page to server.
6!Microsoft Excel multiple security vulnerabilities
updated since 10.03.2010
document Multiple buffer overflows, memory corruptions, code execution.
 ncpfs multiple security vulnerabilities
document DoS conditions, information disclosure.
 Juniper Secure Access crossite scripting
document editbk.cgi crossite scripting
 GNU tar / cpio buffer overflow
document Buffer overflow in rmt code implementation
 kvm multiple security vulnerabilities
document DoS, privilege escalation.
 Sun VirtualBox DoS
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Yahoo Player buffer overflow
document Buffer overflow on .m3u files parsing.
 XNView buffer overflow
document Integer overflow on DICOM images parsing leading to buffer overflow.
  


10.03.2010
Detailed
 Microsoft Movie Maker buffer overflow
document Buffer overflow on .MSWMM files parsing.
  


09.03.2010
Detailed
 Apache HTTPD information leak
document Under some conditions it's possible to access memory with data related to prvious requests.
 gnome-screensaver protection bypass
updated since 16.02.2010
document Screensaver crash on monitor hotplugging.
  


04.03.2010
Detailed
6!librpc.dll library multiple security vulnerabilities
document Multiple buffer overflows and integer overflows.
6!Cisco Digital Media Manager multiple security vulnerabilities
document default credentials, privilege escalation, information leak.
6!Cisco Digital Media Players unauthorized access
document It's possible to inject video/audio data into remote display.
6!cups lppasswd format string vulnerability
document Format string vulnerability via LOCALEDIR environment variable.
6!Apple Airport unauthorized network access
document FTP proxy functionality doesn't check PORT command arguments allowing to map external port to any internal port of any internal address.
 IBM Lotus Domino ActiveX buffer overflow
document Buffer overflow in Domino Web Access ActiveX.
 Novell eDirectory DoS
document Crash on SOAP novell.embox.connmgr.serverinfo action request processing.
 McAfee LinuxShield privilege escalation
document nailsd (TCP/65443) service allows authenticated user to manipulate files with nailsd permissions.
 Apache mod_proxy_ajp DoS
document Resources are not freed if client closes connection before request body is sent.
 Cisco Unified Communications Manager DoS
document DoS on SIP and SCCP (Skinny) protocols, on CTI Manager (TCP/2748) request parsing.
 Authentium Command on demand online scanner ActiveX buffer overflow
document Buffer overflow in InstallProduct methods.
 fcron fcrontab symbolic links vulnerabilities
document Few race conditions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 04.03.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Luxology Modo 401 integer overflow
document Integer overflow on .LXO files parsing.
  


02.03.2010
Detailed
 DATEV eG ActiveX code execution
document ExecuteExe unsafe method allows code execution.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.03.2010
Detailed
6!getPlus ActiveX code execution
updated since 25.02.2010
document Insufficient validation of domain name.
 Apache mod_security multiple security vulnerabilities
document DoS, protection bypass.
 Asterisk invalid ACL processing
document /0 CIDR in ACL is processed in unpredictable way.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru