Computer Security
[EN] no-pyccku

9!Apple iOS multiple security vulnerabilities
updated since 13.03.2014
document Symbolic links vulnerability, root certificates problems, protection bypass, DoS, privilege escalation, memory corruption, information leakage, code execution.
9!Linux kernel security vulnerabilities
updated since 08.01.2014
document ptrace information leakage, debug functions privilege escalation, cprng weak PRNG, networking dissector DoS, multiple integer overflows, buffer overlows in WiMax, USB and different devices drivers, UDP fragmentation offload uninitialized memory, privilege escalations. NAT conntrack information leakage.
6!Imagemagic security vulnerabilities
document Memory corruptions on JPEG and PSD parsing.
6!Oracle VirtualBox memory corruptions
document Multiple memory corruptions in 3D acceleration.
6!Symantec LiveUpdate Administrator security vulnerabilities
document Unaurhorized access, SQL injection.
6!Apache Tomcat multiple security vulnerabilities
updated since 28.02.2014
document Information leakage, DoS, session fixation.
6!libYAML buffer overflow
updated since 10.02.2014
document Buffer oveflow on oversized tag.
 EMC Documentum TaskSpace security vulnerabilities
document Privilege escalation, information leakage.
 IcedTea Web information leakage
document Weak permission for temporary files.
 Huawei E5331 Multiple security vulnerabilities
document Unauthorized access, CSRF.
 Android protection bypass
document It's possible to install and run application silently.
 EMC VPLEX multiple security vulnerabilities
document Directory traversal, protection bypass.
 Dell SonicWALL security vulnerabilities
updated since 08.01.2014
document Filtering bypass, XSS.
 PowerArchiver weak encrption
document Native ZIP encryption is used instead of AES.

9!Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities
updated since 24.03.2014
document Buffer overflows, memory corruptions, information leakage, privilege escalation, protection bypass, unauthorized access, interface spoofing.
8!Chromium / Google Chrome multiple security vulnerabilities
updated since 25.03.2014
document Memory corruprions, information leakage, certificate validation issues, protection bypass, crossite scripting, directory traversal.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.02.2014
document Multiple memory corruptions, crossite access, privilege escalation.
7!Cisco IOS multiple security vulnerabilities
document Multiple DoS conditions.
6!HP SiteScope security vulnerabilities
document Code execution, information leakage, DoS on SOAP requests.
 EMC RSA BSAFE Micro Edition DoS
document Server crash on certificate check.
 Synology DiskStation Manager code execution
document Code execution via web interface.
 HP Security Management System code execution
 HP Rapid Deployment Pack / HP Insight Control Server Deployment multiple security vulnerabilities
document Multiple different vulnerabilities.
 HP System Management Homepage security vulnerabilities
document Crossite scripting, information leakage.
 HP Systems Insight Manager multiple security vulnerabilities
document DoS, code execution.
 HP-UX rpc.lockd DoS
 HP Smart Update Manager privilege escalation
 HP Unified Functional Testing code execution
 HP StoreOnce unauthorized access
 HP-UX m4 privilege escalation
 EMC RSA Authentication Manager crossframe scripting
document Self-Service Console cross frame scripting.
 OpenSSH protection bypass
document Invalid wildcard expressions parsing.
 libxalan security vulnerabilities
document Information leak, code execution.

9!Microsoft Office memory corruption
document Microsoft Word RTF parsing 0-day vulnerability is exploited in-the-wild.
 initramfs-tools weak permissions
document /run is mounted withour noexec option

7!lighttpd security vulnerabilities
document SQL injection, directory traversal.
6!Apache security vulnerabilities
document mod_log_config DoS, mod_dav buffer overflow.
document Few DoS conditions.
 EMC Connectrix Manager information leakage
document Files access is possible.
 OpenXchange crossite scripting
updated since 08.01.2014
document Crossite scripting on MS Office and EML documents viewing.

8!Cisco AsyncOS code execution
document Code execution on mail check.
7!Cisco Wireless LAN Controller multiple security vulnerabilities
document Memory corruption, race conditions, DoS.
6!Cisco Intrusion Prevention System multiple security vulnerabilities
document Few different DoS conditions.
6!Cisco UCS Director default credentials
document default root account is accessible via ssh.
6!Cisco Unified SIP Phone 3905 unauthorized access
document Undocumented TCP/7870 service
6!Cisco SMB routers authemtication bypass
document It's possible to bypass authentication for web administration interface.
 Cisco Firewall Services Module DoS
document Race conditions in cut-through proxy function.

8!Microsoft Windows multiple security vulnerabilities
document DirectShow memory corruptions, SilverLight restrictions bypass, SAMR restrictions bypass, kernel mode drivers privilege escalations.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions.
8!Remote Root via HP-UX rlpdaemon
updated since 21.11.2001
document Invalid printing commands parsing allows code executions.
7!PHP multiple security vulnerabilities
updated since 13.03.2014
document DoS, information leakage, code execution
7!GNU libc regcomp buffer overflow / resources exhaustion
updated since 07.01.2011
document Resources exhaustion and buffer overflow on regular expressions like ".*{10,}{10,}{10,}{10,}{10,}"
6!FreeType memory corruption
document Few different memory corruptions.
 Samba restrictions bypass
document Few restriction bypass vulnerabilities.
 oath-toolkit replay attack
document Implementation bug leads to replay attack possibility.
 imapsync information leakage
document Few information leaks.
 x2goserver privilege escalation
document Relative path is used to execute application.
 BlackBerry QNX Neutrino RTOS privilege escalation
document Privilege escalation via ifwatchd and ppoectl
 sudo security vulnerabilities
document Restrictions bypass

8!GnuTLS certificate validation bypass
document Invalid error handling.
7!Apple TV multiple security vulnerabilities
document Symbolic links vulnerability, root certificates problems, protection bypass, DoS, privilege escalation, memory corruption, information leakage, code execution.
6!Asterisk multiple security vulnerabilities
document Buffer overflow, DoS.
6!mutt buffer overflow
document Buffer overflow on headers parsing.
6!cups multiple security vulnerabilities
document Memory corruptions, code execution in urftopdf, pdftoopvp.
6!libssh PRNG attacks
document It may be possible to discover PRNG state.
 Wireshark multiple security vulnerabilities
document DoS in NFS and RLC dissectors, buffer overflow on MPEG parsing.
 udisk buffer overflow
document Buffer overflow on oversized mountpoint filname.

7!Python buffer overflow
document socket.recvfrom_info() buffer overflow
6!libtar directory traversal
document Directory traversal via filename.
6!HP Service Manager multiple security vulnerabilities
document Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues.
 IBM Lotus SameTime information leakage
document Username and password are logged to file.
 McAfee ePolicy Orchestrator information leakage
document Information leakage via XML include.
 HP StoreVirtual code execution
 HP Application Information Optimizer security vulnerabilities
document Code execution, information disclosure.
 HP Operations Orchestration security vulnerabilities
updated since 08.01.2014
document XSS, CSRF, unauthorized access.

 Cisco Prime Infrastructure privilege escalation
document Command execution on URL parsing.
 MICROSENS Profi Line Modular switches authentication bypass
document Authentication results are not checked by server.
 Plex Media Server security vulnerabilities
document Authentication bypass, information leakage.
 Apache Subversion security vulnerabilities
updated since 09.01.2014
document mod_dontdothat protection bypass, DoS.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod