Computer Security
[EN] securityvulns.ru
no-pyccku




31.03.2011
Detailed
7!EMC Replication Manager code execution
updated since 14.02.2011
document Command execution via TCP/6542 service.
 Cisco Secure Access Control System privilege escalation
document It's possible to reset any user's password.
 Cisco Network Access Control Guest Server System Software Authentication Bypass
document Unauthenticated access to protected network is possible.
 OpenLDAP vulnerabilities
document Authentication bypass, DoS.
 VMware privilege escalation
document It's possible to elevate privileges via shared library spoofing.
 BSD systems / Solaris port hijacking
document User can open port with specified interface address if it's already open by another application without interface address.
 GNOME Desktop Manager privilege escalation
document root privileges are not dropped on files access.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.03.2011
Detailed
7!Comodo issued fraudlent certificates
updated since 23.03.2011
document login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org "Global Trustee" certificates were issued to untrusted third party.
6!Zend Server code execution
document It's possible to execute user-supplied code via Java Bridge (TCP/10001) service.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 29.03.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Diagnostics crossite scripting
   
  


25.03.2011
Detailed
7!SCADA service multiple security vulnerabilities
document Large number of different vulnerabilities in factory sofware.
6!HP Data Protector integer overflow
document Data Protector Media Operations DBServer.exe (TCP/19813)integer overflow is unpatched for over 180 days.
 HP Virtual SAN Appliance buffer overflow
document Buffer overflow in hydra.exe (TCP/13838) authentication is unpatched for 180 days.
 VLC media player security vulnerabilities
document Buffer overflow on .AMV and .NSV parsing.
 Apache mpm_itk module privilege escalation
document Under some conditions, request is processed with root privileged.
 EMC Data Protection Advisor Collector weak security permissions
document Weak permissions for executable files.
 Cisco VPN privileges escalation
document Privilege escalation via Dial-Up Networking interface.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.03.2011
Detailed
8!Apple Mac OS X multiple security vulnerabilities
document Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation.
7!RealPlayer buffer overflow
document Buffer overflow on IVR files parsing.
7!IBM Lotus Domino Server Controller unauthorized access
document User-supplied network file is used for stored user's credentials during TCP/2050 service authentication.
6!libcgroup security vulnerabilities
document Buffer overflow, privilege escalation.
6!libtiff buffer overflow
document Buffer overflow in ThunderCode codec, stack overflow.
6!Advantech BroadWin WebAccess multiple security vulnerabilities
document Code execution, information leak from TCP/4592 RPC-based service.
6!Novell Netware FTP server buffer overflow
updated since 31.03.2010
document rmdir/mkdir/dele commands buffer overflow.
 IGSS ODBC Server uninitialized pointer free()
document Multiple uninitialized pointer dereference conditions.
 Progea Movicon TCPUploadServer unauthorized access
document It's possible to upload and execute file to arbitrary location.
 Asterisk DoS
document Connection flood leads to resources exhaustion.
 libvirt protection bypass
   
 Linux kernel multiple security vulnerabilities
document Privilege escalation, multiple information leaks.
 Symantec LiveUpdate Administrator crossite request forgery
document Crossite request forgery in administration web interface.
 HP Discovery & Dependency Mapping Inventory information leak
document public community has SNMP read access by default.
 TeX (tex-common) shell characters vulnerability
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Client Automation code execution
updated since 15.03.2011
document Code execution with radexecd.exe (TCP/3465).
 Immunity Debugger buffer overflow
document Buffer overflow during software update process.
 Cisco IPSec information leak
document It's possible to check groupname existance.
  


21.03.2011
Detailed
6!libzip library / PHP DoS
document NULL pointer dereference in _zip_name_locate.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.03.2011
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 SAP Crystal Reports Server crossite scripting
document Multiple crossite scripting vulnerabilities.
 RSA Access Manager Server unauthorized access
   
 EMC Avamar secrurity vulnerabilities
document Information leakage, privilege escalation.
 SAP GUI DLL hijacking
document DLL hijacking by placing .sap files in network floder.
  


16.03.2011
Detailed
9!Apple WebKit / Safari / iTunes / libtiff / Google Chrome multiple security vulnerabilities
updated since 03.03.2011
document Multiple vulnerabilities on PNG, TIFF, JPEG, XML parsing, multipe WebKit memory corruptions.
 nostromo nhttpd directory traversal
document Directory traversal (including code execution via CGI) with escaped URI.
 MIT Kerberos 5 double free
updated since 16.03.2011
document Double free vulnerability on PKINIT.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.03.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.03.2011
Detailed
 QNX Neutrino RTOS privilege escalation
document It's possible to overwrite files via LD_DEBUG_OUTPUT for suid applications.
 Checkpoint VPN privilege escalation
document It's possible to obtain Local System privileges.
  


11.03.2011
Detailed
 HP MFP Digital Sending Software configured devices unauthenticated access
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 10.03.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 TP-LINK TL-WR740N wireless router vulnerabilities
document Crossite scripting, DoS.
  


10.03.2011
Detailed
6!Wireshark multiple security vulnerabilities
document Memory corruptions and DoS conditions on different capture files formats and different network protocols parsing.
6!Majordomo2 directory traversal
updated since 03.02.2011
document Directory traversal on help command processing via e-mail or Web.
 ISC DHCP server DoS
document Crash on IPv6 address.
 Weborf Web server DoS
document Crash on invalid HTTP request.
 Hiawatha Web-server integer overflow
document Integer overflow via Content-Length.
 OpenSLP / VMWare ESX/ESXi SLPD DoS
document CPU exhaustion vulnerability.
 ProFTPD integer overflow
document Integer overflow in SFTP module.
 nbd Network Block Device server buffer overflow
updated since 21.12.2005
   
 Apple iPhone information leakage
document Information about Wi-Fi keys for Personal Hotspot feature is logged to debugging console.
  


09.03.2011
Detailed
6!Microsoft Windows multiple security vulnerabilities
document Unsafe library loading, code execution with .dvr-ms files.
 Subversion DoS
document Crash on lock request processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.03.2011
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, buffer overflows, user-after-free, crossite scripting, crossite request forgery, etc.
7!Postgres Plus SQL authentication bypass
document Unauthorized access to DBA Management Server (TCP/9000, TCP/9363)
 HP StorageWorks File Migration Agent unauthenticated access
document Access authentication is not implemented.
 logwatch shell characters vulnerability
document Shell characters vulnerability on filenames.
 vsftpd DoS
document Resources exhaustion via path globbing.
 Pango library NULL pointer dereference
document Memory allocations are not controlled.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 weechat certificate spoofing
document Server certificate is not validated.
  


01.03.2011
Detailed
6!Samba fd_set array overflow
document Memory corruption by setting large number of connections.
 FUSE symbolic links vulnerability
document It's possible to unmount arbitrary directories.
 ClamAV antivirus double free vulnerability
document Double free() vuonerability on microsoft office documents VBA code parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeBSD / MacOS X crontab information leakage
document User can retrieve some information about files and directories he has no access to.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru