Computer Security
[EN] securityvulns.ru no-pyccku



24.03.2013
Detailed
7!Apple Mac OS X multiple security vulnerabilities
document Crossite scripting, authentication bypass, buffer overflows and memory corruptions in graphics libraries, information leakage, protection bypass, PDF parsing memory corruptions, different packages security vulnerabilities.
7!Safari / WebKit multiple security vulnerabilities
document Crossite scripting.
7!Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.03.2013
document Multiple use-after-free vulnerabilities.
6!LibreOffice update spoofing
document Updates are checked via insecure connection, digital signature is not validated.
6!Apple TV multiple security vulnerabilities
document Protection bypass, information leakage.
6!Apple iOS multiple security vulnerabilities
document Protection bypass, privilege escalation, code execution.
 CA SiteMinder privilege escalation
document Invalid SAML signature verification.
 Puppet multiple security vulnerabilities
document Code execution, privilege escalation, protection bypass, information spoofing.
 OpenSSH security vulnerabilities
document DoS, information leakage.
 Mozilla NSS library TLS timing attacks
document "Lucky Thirteen" attacks are possible
 Mozilla Firefox / Thunderbird / Seamonkey use-after-free vulnerability
updated since 10.03.2013
document HTML editor use-after-free
 Photodex ProShow Producer multiple security vulnerabilities
updated since 18.02.2013
document Buffer overflow on .pxs / .pxt files parsing. Privilege escalations via weak executable permissions and incorrect DLL paths.
 OpenStack security vulnerabilities
updated since 04.02.2013
document Nova and Glances information leakages, Keystone resources exhaustion.
 EverFocus EPARA264-16X1 directory traversal
document Directory traversal in embedded http server.
 sort, uniq, join utilities resources exhaustion
document Resources exhaustion on oversized string.
 apt protection bypass
updated since 10.03.2012
document Man-in-the middle attack is possible against repository if InRelease files are used.
  


19.03.2013
Detailed
8!Oracle Java multiple security vulnerabilities
updated since 11.02.2013
document ~50 of different vulnerabilities are fixed with CPU.
6!Skype privilege escalation
document Skype Click to Call Update Service weak executable files permission.
6!Firebird security vulnerabilities
document Buffer overflow, DoS.
6!Polycom HDX multiple security vulnerabilities
document Format string vulnerability, SQL injection, code execution, privilege escalation.
6!Linux kernel multiple security vulnerabilities
updated since 11.03.2013
document DoS, privilege escalation, information leakage.
 lighthttpd symbolic links vulnerabilities
document Unix socket with fixed name is created in world-writable directory.
 libvirt weak permissions
document libvirtd sets weak permissions for devices.
 pam-xdg-support privilege escalation
document Invalid PATH processing.
 Cisco IOS cryptography vulnerability
document Invalid hash algorithm implementation for type 4 passwords.
 Microsoft Windows USB devices privilege escalation
updated since 13.03.2013
document Few different vulnerabilities on USB device plugging with ability of code execution.
  


13.03.2013
Detailed
8!Microsoft Sharepoint multiple security vulnerabilities
document Buffer oveflows, directory traversal, crossite scripting, code execution.
6!Microsoft Silverlight code execution
document Memory corruption.
6!Privoxy information leakage
document Proxy-Authenticate and Proxy-Authorization headers are not filtered, making it possible to hijack authentication information.
 Microsoft OneNote information leakage
document Information leakage on OneNote files parsing.
 Microsoft Visio Viewer memory corruption
document Memory corruption on Visio files prasing.
 Microsoft Outlook for Mac information leakage
document External content is requested during message parsing.
  


11.03.2013
Detailed
6!OpenAFS buffer overflow
document Few different buffer overflows.
6!HP Intelligent Management Center multiple security vulnerabilities
document Crossite scripting, code execution, information disclosure.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 rpi-update symlink vulnerability
document Unsafe temp file creation.
 xen multiple security vulnerabilities
document Different DoS conditions.
 Kaspersky Internet Security DoS
document Different DoS conditions on IPv6 processing.
 Apache mod_dav_svn DoS
document NULL pointer dereference on MKACTIVITY and PROPDINF requests processing.
 libosip2 / SIP Witch DoS
document NULL pointer dereference
 Varnish multiple security vulnerabilities
document Different DoS conditions on HTTP headers parsing.
 Verax NMS multiple security vulnerabilities
document Authentication bypass, replay attacks, hardcoded private key, information leakage.
 HP LaserJet Pro printers unauthorized access
   
 HP ServiceCenter DoS
   
 Samsung TV buffer overflow
document Buffer overflow on TCP/7676 SOAPACTION request processing.
  


10.03.2013
Detailed
6!Squid security vulnerabilities
document CPU exhaustion DoS, memory corruption.
6!Perl memory leakage
document Memory leakage on hash tables.
6!Wireshark multiple security vulnerabilities
updated since 24.02.2013
document Multiple vulnerabilities on CLNP, DTLS, DCP-ETSI, NTLMSSP and another protocols parsing.
 Corel WordPerfect uninitialized pointer dereference
document User-controlled pointer dereferences on WPD parsing.
 sudo protection bypass
updated since 02.03.2013
document It's possible to bypass password request by manipulating timestamps. Session id hijacking is possible under some conditions.
 Corel Quattro Pro DoS
document NULL pointer dereferences on QPW parsing.
  


03.03.2013
Detailed
8!Adobe Reader / Acrobat security vulnerabilities
document Buffer oveflows are exploited in-the-wild.
8!Adobe Flash Player multiple security vulnerabilities
updated since 14.02.2013
document Multiple code execution vulnerabilities are exploited in-the-wild.
7!SAP applications multiple security vulnerabilities
document Code executions, filesystem access, information leakage, DoS.
6!Cisco Prime Central / Cisco Unified Communications Manager / Cisco Unified Presence Server DoS
document Different DoS conditions on traffic processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Airvana HubBub routers crossite scripting
document Web interface crossite scripting.
  


02.03.2013
Detailed
8!Microsoft Windows multiple security vulnerabilities
updated since 14.02.2013
document Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS.
6!Apache security vulnerabilities
document mod_info, mod_status, mod_imagemap, mod_ldap, mod_proxy_ftp, mod_proxy_balancer crossite scripting
6!cfingerd buffer overflow
document Buffer overflow on request parsing.
6!OpenSSL / PolarSSL / GnuTLS security vulnerabilities
updated since 14.02.2013
document Timing attacks, DoS.
6!openjpeg library security vulnerabilities
updated since 16.07.2012
document Vulnerabilities on JPEG encoding and decoding.
 War FTP Daemon memory corruption
document Memory corruption on logging.
 Transmission memory corruption
document micro transport packets parsing memory corruption
 dbus-glib privilege escalation
document NameOwnerChanged signale processing privilege escalation
 PHP securiy vulnerabilities
document safe_dir protection bypass and code execution on SOAP handling.
 Linux kernel security vulnerabilities
updated since 14.02.2013
document Privilege escalation, information leak.
 RSA Authentication Agent protection bypass
document In some cases only PIN is requested insted of full authentication sequence.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod