Computer Security
[EN] no-pyccku

9!Microsoft .Net multiple security vulnerabilities
updated since 02.01.2012
document DoS, multiple vulnerabilities in forms authentication.
7!GnuTLS / libtasn1 security vulnerabilities
document Vulnerabilities on TLS and ASN.1 records parsing.
 gnash multiple security vulnerabilities
document Ingerer overflow on SWF parsing, unsafe cookie handling, symbolic links vulnerability.
 CA ARCserve Backup DoS
document Crash on network request parsing.
 Cisco PlayerPT ActiveX buffer overflow
document Buffer overflow in SetSource() method.
 Apache Traffic Server DoS
document Server crash on oversized Host: header.

6!EMC RSA enVision multiple security vulnerabilities
document Crossite scripting, SQL injection, directory traversal, hardcoded accounts, restrictions bypass.
6!VMWare applications multiple security vulnerabilities
document Privilege escalation, cross application scripting, information leakage, crossite scripting.
6!Aruba Remote Access Point secuirty vulnerabilities
document Commands injection, authentication bypass
 Dell Webcam ActiveX buffer overflow
document Multiple buffer overflows in crazytalk4 ActiveX
 at32 reverse proxy buffer overflow
document Buffer overflow on headers parsing.
 ManageEngine DeviceExpert directory traversal
document ScheduleResultViewer servlet directory traversal.
 Tor Browser Bundle information leakage
document Debugging logging is always on.
 EMC Documentum eRoom security vulnerabilities
updated since 18.03.2012
document replay attacks and crossite scripting.
 Apache FCGID module resources exhaustion
document FcgidMaxProcessesPerClass limit is no actually working..

6!ABB WebWare code execution
document TCP/5512 port service code execution.
6!Cisco SRP 500 multiple security vulnerabilities
document Commands injection, directory traversal, unauthorized configuration uplooad.
6!Dropbear SSH server use-after-free
6!YAML::LibYAML format string vulnerability
document Few format string vulnerabilities.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 notmuch special characters vulnerabilities
document MML tags are not escaped.
 FlashFXP FTP client buffer overflow
document Buffer overflow on server response parsing.
 Endian UTM Firewall security vulnerabilities
document XSS, CSRF.
 Polycom teleconferencing devices security vulnereabilities
document Directory traversal, code injection.
 VMware vCenter Chargeback Manager security vulnerabilities
document Information leakage, DoS.
 DBD::Pg format string vulnerability
document Format string vulnerability on server response parsing.
 pidgin / libpurple security vulnerabilities
updated since 17.03.2012
document DoS via XMPP and MSN messages, local information leakage.
 Barracuda CudaTel crossite scripting
document Stored XSS in different configuration parameters.
 Enterasys SecureStack Switch crossite scripting
document Stored XSS in different configuration parameters.
 CheckPoint Firewall / VPN-1 information leakage
document It's possible to obtain host names.

6!Cisco ASA / Cisco FSM multiple security vulnerabilities
document Multiple DoS conditions, ActiveX code execution.
6!Asterisk security vulnerabilities
document Milliwatt Application buffer overflow, HTTP manager buffer overflow
 Oracle Exadata Infiniband Switch security vulnerabilities
document Default accounts, /conf/shadow file weak permissions.
 VMWare View multiple security vulnerabilities
document Multiple XSS vulnerabilities.
 Linux systemd race conditions
document Race conditions on symbolic links removal.
 Yealink VOIP Phone crossite sceripting
document Crossite scripting in address book

8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, privilege escalation, crossite access.
6!nginx information leakage
document Invalid server response can lead to server memory content disclosure.

8!Microsoft Windows multiple security vulnerabilities
document Kernel drivers privileges escalation, DirectWrite API DoS, RDP memory corruption and DoS.
6!Microsoft WIndows DNS Server DoS
document Crash on request processing.
 Microsoft Visual Studio code execution
document Unsafe add-in loading
 Microsoft Expression Design unsafe DLL loading
document Unsafe DLL loading on .xpr and .design files processing.

9!Microsoft Windows multiple security vulnerabilities
updated since 15.02.2012
document GDI code execution, drivers privilege escalation, unsafe DLL loading, C Runtime code execution, .Net framework and Silverlight vulnerabilities.
9!Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
updated since 30.01.2012
document Quarterly CPU fixes nearly 80 different vulnerabilities
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.02.2012
document Code execution, information leakage.
6!python-pam memory corruption
document Memory corruption on the passwords with NULL byte.
6!glibc multiple security vulnerabilities
document memcpy() integer overflow, RPC DoS, vfprintf() integer overflow.
 python-httplib information leakage
document SSL certificates are not checked.
 Light Display Manager / gdm / LTSP Display Manager file descriptor leakage
document File descriptor is no closed before child proess is spawned.
 Linux kernel multiple security vulnerabilities
document LDM and NFSv4 file systems DoS, futexes privilege escalation.

7!Apple iPhone multiple security vulnerabilities
document Information leakage, protection bypass, sandbox limitation bypass.
6!Apple TV integer overflow
document libresolve integer overflow
6!Cisco Unified Communications Manager SQL injection
document SQL injection and DoS on SCCP request processing.
6!Cisco Wireless LAN Controller Multiple security vulnerabilities
document Multiple DoS conditions, unauthorized access.
6!Cisco Unity Connection security vulnerabilities
document Privilege escalation, crafted TCP packets DoS.
6!imagemagic security vulnerabilities
document Memory corruption and DoS conditions on EXIF data parsing.
6!FreeType multiple security vulnerabilitiles
document Multiple vulnerabilities on font files parsing .
 Puppet security vulnerabilities
document Privilege escalation conditions.
 libvpx security vulnerabilities
document Few DoS conditions.
 Samba DoS
document Infinite recursion on Batched request processing.
 PostgreSQL vulnerabilities
document Triggers privilege escalation, pg_dump reloading SQL injection.
 Cisco Cius DoS
document DoS on network traffic processing.
 Cisco TelePresence Video Communication Server DoS
document Crash on SIP request processing.
 libxslt out-of-bounds read
 XML::Atom Perl module limitations bypass
document It's possible to obtain read access to limited resources.
 plib / TORCS buffer overflow
document Buffer overflow on error messages processing.
 RSA SecurID Software Token Converter buffer overflow
 Holdem Manager security vulnerabilities
document Multiple memory corruptions.
 libVTE (gnome-terminal, xfce4-terminal, terminator, etc) information leakage
document scrollback buffer data is saved to temporary file.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod