Computer Security
[EN] securityvulns.ru no-pyccku



23.03.2015
Detailed
 Google Android sandbox bypass
document Google App Engine Java sandbox escape.
 redcloth crossite scripting
document Crossite scripting in conversion to HTML.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


22.03.2015
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 07.03.2015
document Restrictions bypass, information spoofing, information leakage, buffer overflows, memory corruptions, DoS, code execution.
 Dropbox SDK for Android account spoofing
document It's possible to spoof account via OAuth.
  


21.03.2015
Detailed
7!OpenSSL multiple security vulnerabilities
updated since 20.03.2015
document NULL pointer dereferences, reahable assert()s, memory corruptions.
6!SAP Business Objects multiple security vulnerabilities
document Unauthorized access to multiple components.
6!Jetty information leakage
document Memory buffers content leakage.
6!Citrix Nitro security vulnerabilities
document Crossite scripting, commands injection.
6!PHP multiple security vulnerabilities
updated since 18.03.2015
document Resources exhaustion, memory corruptions.
6!Apple Mac OS X multiple security vulnerabilities
updated since 16.03.2015
document Buffer overflows, DoS, memory corruption, restrictions bypass, weak cryptography.
 SAP HANA XSS
document Crossite scripting in Web-based Development Workbench.
 D-Link and TRENDnet routers vulnerabilities
document CSRF, authentication bypass.
 DSS TFTP directory traversal
document Directory traversal on file transmission.
 Websense Triton multiple security vulnerabilities
document Crossite scripting, authentication bypass, commands injection.
 Citrix Command Center authentication bypass
document Advent JMX is accessible.
 Citrix NetScaler VPX crossite scripting
document Crossite scripting in help pages.
 Apache Xerces-C DoS
document Memory corruption on XML parsing.
 EMC M&R multiple security vulnerabilities
updated since 25.01.2015
document Crossite scripting, insecure data storage, directory traversal, unrestricted files upload.
 Viber code execution
document Unsafe Javascript interface in combination with unencrypted data transmission.
  


18.03.2015
Detailed
7!Apple Safari / Webkit multiple security vulnerabilities
document Multiple memory corruptions, spoofing.
6!GnuTLS security vulnerabilities
document Protocol downgrade attacks.
6!libav / ffmpeg multiple security vulnerabilities
document Multiple memory corruptions on different media formats parsing.
6!libXfont multiple security vulnerabilities
document Memory corruptions on bdf parsing.
 python requests library session fixation
document Invalid cookies processing in redirects.
 checkpw DoS
document Infinite loop on account names with two dashes.
 Fortinet Single Sign buffer overflow
document Buffer overflow on network messages parsing.
 libmagic / file / fileinfo / PHP security vulnerabilities
updated since 10.12.2014
document Vulnerabilities in ELF parsing.
 putty information leakage
document Sensitive memory regions are not wiped.
  


16.03.2015
Detailed
6!Apple iOS multiple security vulnerabilities
document Buffer overflows, DoS, memory corruption, restrictions bypass, weak cryptography.
6!Cisco Telepresence / Cisco Expressway security vulnerabilities
document DoS, authentication bypass.
 HP Point of Sale multiple security vulnerabilities
document Multiple vulnereabilities in drivers.
 MongoDB DoS
document Crash on BSON parsing.
 Apple TV multiple security vulnerabilities
document Weak cryptography, memory corruption, restrictions bypass.
 tcpdump multiple security vulnerabilities
document Multiple vulnerabilities in protocols dissectors.
 EMC RSA Certificate Manager / Registration Manager multiple security vulnerabilities
document DoS, crossite scripting.
 iPass privilege escalation
document Code execution with local system rights is possible.
 Cisco Intrusion Prevention System DoS
document Кратковременные условия при разборе SSL.
  


15.03.2015
Detailed
7!Linux kernel multiple security vulnerabilities
updated since 07.03.2015
document DoS, information disclosure, privilege escalation.
6!Xen multiple security vulnerabilities
document Information leakage, DoS, privilege escalation.
 libssh2 DoS
document Uninitialized memory access in SSH client code.
 HP ArcSight Enterprise Security Manager and Logger security vulnerabilities
document 
 eCryptfs crypto vulnerabilities
document Passphrase hash is stored without salt.
  


08.03.2015
Detailed
7!Apache taglibs security vulnerabilities
document Code executions, XXE.
7!Freetype multiple security vulnerabilities
document Multiple memory corruptions on fonts parsing.
7!xdg-open code execution
updated since 19.01.2015
document Code execution because of insufficient shell characters filtering in protocol handlers.
6!Cisco IOS XR DoS
document DoS on IPv6 packets processing.
 HP XP P9000 crossite scripting
document 
 sudo privilege escalation
document Elevated file access is possible.
 libext2fs / e2fsprogs buffer overflow
updated since 16.02.2015
document Buffer overflow on block group descriptor information.
 unace buffer overflow
document Buffer overflow on archives extraction.
 Asus RT-G32 security vulnerabilities
document XSS, CSRF.
  


07.03.2015
Detailed
7!GNU glibc multiple security vulnerabilities
document Restrictions bypass, code execution, use-after-free, DoS.
6!libicu multiple security vulnerabilities
document Multiple memory corruptions.
 CUPS integer overflow
document Integer overflow on compressed raster files parsing.
  


05.03.2015
Detailed
8!FreeBSD DoS
document Integer overflow on igmp packet parsing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod