Computer Security
[EN] no-pyccku

 lam-runtime unauthorized access
document Account without password is created during installation process.
 ProZilla download manager buffer overflows
updated since 24.11.2004
document Multiple buffer overflows and format string bugs.

 Multiple firewalls directory traversal protection bypass
 IBM WebSphere Application Server crossite scripting
document Crossite scripting with error pages.
 KMiNT21 Software Golden FTP Server buffer overflow
document Buffer overflow on oversized username.
 BulletProof FTP Server privilege escalation
document Privilege escalation with help subsystem.
 Bakbone Netvault privilege escalation
document Hidden windows of local system process handles user's messages.
 Rootkit Hunter symbolic links problem
document Insecure temporary files handling.
 VooDoo cIRCle BOTNET buffer overflow
document Buffer overflow in botnet center while processing data from bot.
 BEA application server Admin console crossite scripting
document Crossite scripting with http://server:8001/console/actions/jndi/JndiFramesetAction/
 Altris deployment solution AClient privilege escalation
updated since 30.11.2004
document It's possible to launch executable with LocalSystem privileges.
 netterm netftpd multiple bugs
updated since 21.07.2003
document Buffer overflows, DoS.

 Citrix Program Neighborhood Agent multiple vulnerabilities
document Buffer overflow, code execution with startup folders.
 Multiple MySQL MaxDB database server WebTools problems
updated since 08.12.2004
document Buffer overflows, NULL pointer dereference, DoS.

 ImageMagic PNM buffer overflow
document Heap overflow in ReadPNMImage().
 snmppd SNMP proxy daemon format string bug
document Format string bug on syslog().
 nProtect:Netizen virus / phishing protection ActiveX unauthorized access
document It's possible to upload file to any location.

 Adobe Acrobat Reader ActiveX information leak
document It's possible to check file existance with LoadFile method.
 Novell secure logging and auditing product DoS

6!KDE desktop environment PCX graphics format buffer overflow
updated since 12.04.2005
document Multiple kimgio image reading vulnerabilities.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 19.04.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

6!Xine media library multiple buffer overflows
document Multiple buffer overflows on MMS and RTSP streaming data processing.
 KDE Kommander code execution
 APG classmaster weak permissions
document Access to subfolders is not limited.

6!telnet client multiple buffer overflows
updated since 31.03.2005
document env_opt_add(), slc_add_reply() buffer overflows.
 Yawcam webcam software directory traversal
 PostgreSQL weak cryptography
document Username is used as a salt for MD5-hashed passwords. In addition, during authentication hash may be used directly without knowledge of cleartext password.
 Desktop Rover remote desktop application DoS
document DoS on parsing TCP/61427 data.

9!Microsoft Exchange Server SMTP protocol buffer overflow
updated since 13.04.2005
document Heap overflow on extended SMTP commands.
6!RealPlayer media player buffer overflow
document Buffer overflow on RAM (real media audio) files parsing.
 Sun Java System Web Proxy Server buffer overflow
 f2c fortran to c translator symbolic links problems
document Symbolic links problem on temporary files creation.
 Microsoft Windows Explorer code execution
document It's possible to execute script automatically on file selection.

6!PostgreSQL database array overflow
document Array overflow on large number of variables in plpgsql.
 McAfee Internet Security personal firewall / antivirus software weak permissions
document Weak permissions for installation folder.
 PMSoftware Simple Web Server buffer overflow
document Buffer overflow on oversized GET request.
 WheresJames Webcam Publisher buffer overflow
document Buffer overflow on oversize GET request.
 Webcam XP web camera software crossite scripting
updated since 22.01.2004

8!Multiple Netscape / Mozilla / Firefox vulnerabilities
document Search content hijacking with search plugins, crossite scripting with link tag.
7!CVS (Concurrent Versions System) buffer overflow
 GNU oSIP SIP voice protocol library buffer overflow
document Heap overflow on URL parsing.

6!Solaris GSS API privilege escalation
document Ralative part is used to load library.
6!Sun ONE Directory Server buffer overflow
document Buffer overflow on parsing LDAP request.
6!MacOS multiple browsers unauthorized local files access
document By using AppleWebKit XMLHttpRequest it's possible to mount disk image with HTML documents to known location.
6!gld / postgrey antispam greylisting daemon for Postfix multiple vulnerabilities
updated since 13.04.2005
document Multiple buffer overflows, format string bugs.
 libsafe stack protection library protection bypass
document In multithread application there are race doncition before protection becomes active.
 monkeyd web server format string vulnerability
 Multiple Musicmatch Jukebox bugs
document Unauthorized files access, information leak.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 11.04.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
 Dameware NT Utilities / Mini Remote Control privilege escalation
updated since 07.04.2005

7!Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflows
updated since 12.04.2005
document Buffer overflows in different internal protocol commands (TCP/6050, UDP/6050).
 FreeBSD ifconf() information leak
document Buffer may contain a part of kernel memory.

6!Squid proxy cache double memory free vulnerability
document Double memory free on aborted PUT or POST request.
6!IBM WebSphere application server information leak
document It's possible to obtain JSP page source code by requesting non-existing virtual host.
6!Multiple Microsoft Internet Explorer memory corruptions
updated since 13.04.2005
document Memory corruptions of different types, including buffer overflows.
 LG mobile phones DoS
document Phone crashes on corrupted MIDI file.
 JunkBuster filtering proxy multiple vulnerabilities
document Heap corruption, content spoofing.
 PHP multiple vulnerabilities
updated since 13.04.2005
document Integer overflows on EXIF tags parsing.
 WinHex editor buffer overflow
document Buffer overflow on oversized file name.

9!Microsoft Windows TCP/IP stack multiple vulnerabilities
document Memory corruption on IP packets handling, TCP connection reset with spoofed TCP and ICMP packets, a varinat of LAND attack.
7!Windows 2000/XP/2003 kernel multiple vulnerabilities
document Buffer overflow during font files parsing, buffer overflow in CSRSS (Win32 execution subsystem), privilege escalation.
6!Microsoft Windows MSHTA code execution
document Content type of the file is determined based on CLSID in file content, not by it's extention.
 Oracle Forms SQL injection
document Form request data is not validated.
 Axel download accelerator buffer overflow
document Buffer overflow on HTTP redirection handling.
 Veritas i3 multiple vulnerabilities
 Oracle multiple vulnerabilities
 JavaMail directory traversal
document Content-Disposition header filename is not checked.
 MSN Messenger GIF file buffer overflow
document Buffer overflow on GIF files parsing.
 Microsoft Word integer overflow
updated since 07.10.2004
document Integer overflow in signed/unsigned conversion during .doc file parsing.

6!Multiple Mozilla / Firefox / Thunderbird browsers bugs
updated since 02.03.2005
document Symbolic links problem, crossite XML data access, form autocomplete feature information leak, buffer overflows, data spoofing, invalid certificates handlings.
 portupgrade symbolic links problem
document Insecure temporary files creation.
 Pine symbolic links problem
document Symbolic links problem in rpdump utility.
 Smart Cache proxy DoS
 DeluxeFTP FTP client weak permissions
document FTP sites accounts are stored in world readable file.
 OpenText FirstClass client code execution
document Internet Bokkmark can point to UNC resource.
 GNU core utilities symbolic links race conditions
document If -m option is used in mkdir, mknod, mkfifo it's possible to change permissions for any file.

7!Novell Netware TCP/IP null pointer DoS
6!Lotus Notes, Lotus Domino multiple vulnerabilities
document Buffer overflows, format string bugs, crossite scripting.
 DC++ direct connect file sharing agent unauthorized files access
 Multiple AN HTTPD Web Server vulnerabilities
document Buffer overflows, crossite scripting.
 OpenOffice buffer overflow
document Buffer overflow on Microsoft Word files parsing.
 HP OpenView Network Node Manager DoS
 KMail mail agent signed content spoofing
document Invalid HTML part handling allows to spoof signed text.
 Linux kernel multiple vulnerabilities
document sysfs_write_file() integer overflow, futex functions DoS, ext3 and jfs race conditions.
 rsnapshot file system backup utility symbolic links problem
document During symbolic links resotration file permissions are applied to file instead of link.

6!Microsoft Outlook digitally signed e-mail and name spoofing
updated since 26.03.2005
document E-mail and name of digital certificate is not checked against message's From: address.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 04.04.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

6!Maxthon browser multiple bugs
document Directory traversal, local files access, etc.
 grip, GnomeVFS, libcdaudio CDDB client buffer overflow
updated since 10.03.2005
document Buffer overflow on CDDB server response parsing.

 Messenger Plus! instant messanger password protection bypass
document It's possible to change password without entering old one.
 SCO OpenServer Unix multiple shells buffer overflow
document termsh, atcronsh, auditsh buffer overflow during environment variables parsing.
 Macromedia Coldfusion MX application server information leak
document Compilde JAVA pages are stored in the Web accessible directory.
 Irix gr_osview privilege escalation
document Irix gr_osview privilege escalation.
 SurgeFTP FTP server DoS
document Developers left debugging LEAK command, that opens large number of file descriptors.

6!FreeBSD amd64 platform privilege escalation
document Userland process can access phisical hardware.
6!Computer Associates eTrust Intrusion Detection IDS DoS
document Buffer overflow on Microsoft Crypto API CPImportKey() call.
6!Sybase ASE database multiple vulnerabilities
updated since 23.12.2004
document Multiple buffer overflows and DoS conditions.
 Cisco Linksys WET11 wireless ethernet bridge unauthorized access
document It's possible to reset device password with web interface.
 Miranda instant messanger PopUp Plus plugin buffer overflow
document Buffer overflow on oversized message.
 Lotus Domino Web server DoS
document Large number of unicode 430 characters in URL causes stack overrun.
 Cisco routers IOS ssh DoS
document Bugs in ssh in conbination with TACACS+ causes router to hang or reload.
 Cisco routers IOS IKE XAuth authentication bypass
document It's possible to bypass authentication process.
 vixie-cron symbolic links information leak
document During editing synbolic links are not checked, allowing to read tasf files of different users.

6!Mozilla / Firefox / Netscape javascript information leak
document It's possible to access random heap content with string replacement functions.
 Windows 2003 Server DoS vulnerabilities
document DoS on network operation during high CPU load, on printing in terminal sessions.
 Adobe Acrobat Reader file information leak
document It's possible to enumerate files.
 Linux kernel AIO DoS
document Call to io_queue_release() without call to io_queue_release() causes system crash on 64bit platforms (PPC64 and IA64).
 CommuniGate Pro mail server DoS
document Bug in LIST module multipart messages handling.
 SonicWALL SOHO/10 firewall crossite scripting

 Multiple remstats remote statistics system vulnerabilities
document Unfiltered shell characters, symbolic links problem.

6!Linux ext2 filesystem information leak
document During directory creating random data from kernel memory are written to disk.
 Multiple gaim instant messanger DoS vulnerabilities
document Multiple bugs in different messages formats and protocols.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 28.03.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

 Rumba network management system buffer overflow
document Buffer overflow on profile file parsing.

10!Windows multiple bugs
updated since 14.04.2004
document LSASSS buffer overflow, LDAP DoS, PCT buffer overflow, WinLogon buffer overflow, WMF/EMF parsing buffer overflow, HCP:// code execution, Utility Manager privilege escalation, WMI privilege escalation, LDT privilege escalation, H.323 buffer overflow, NTVDM privilege escalation, ASM.1 double free memory coruuption.
7!Multiple Linux Kernel vulnerabilities
document Privilege escalation with ATI Radeon drivers, remote denial of service with Netfilter.
 PHP getimagesize DoS
document Infinite loops with 100% CPU utilization.
 Microsoft Windows msjet database multipl vulnerabilities
document Microsoft Windows msjet databases multiple vulnerabilities.
 Bay Technical Associates RPC-3 authentication bypass
document It's possible to bypass authentication process with ESC.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod