Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.04.2006
Detailed
 resmgr resource manager unauthorized USB resources access
document User granted acces to 1 USB device can access any USB device.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.04.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


28.04.2006
Detailed
8!Microsoft Internet Explorer memory corruption
updated since 23.04.2006
document Uninitialized pointer dereference on OBJECT tag processing. Can be used for hidden malware installation.
 WinAgents FTFP Server directory traversal
document Directory traversal on GET command processing.
 SWS web server format string security vulnerability
document Few different format string bugs.
 Océ 3121 printer DoS
   
 BL4 SMTP server buffer overflow
document Buffer overflow on oversized command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


27.04.2006
Detailed
7!Microsoft Internet Explorer crossite access
document Script from one site can access content of the page from different site with mhtml: URI handler.
6!Juniper SSL-VPN JuniperSetup client component buffer overflow
document Buffer overflow in JuniperSetup.ocx ActiveX element.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Internet Explorer modial dialogs spoofing
document It's possible to spoof modal dialog content. This problem is only significant for Windows proir to Windows XP SP2 / Windows 2003 SP1.
 SpeedProject multiple archiver buffer overflow
updated since 26.11.2005
document Buffer overflows on ZIP, ACE and UUEncode formats parsing.
  


26.04.2006
Detailed
8!Mozilla browsers and mail agents memory corruption
document Memory corruption on displaying corrupted HTML tables. Can be used for silent malware installation.
6!Microsoft Outlook information leak
document mailto: command processor allow outlook.exe command line modification to include any system file.
6!Multiple DNS servers different security vulnerabilities
document Multiple vulnerabilities were discovered with automated testing tool.
6!Cisco VPN 3000 VPN Concentrator Denial of Service
updated since 26.01.2006
document HTTP traffic parsing DoS.
 3COM 2848-SFP switch DoS
document Device crash on long DHCP packet.
 Sun Solaris libpkcs11 library privilege escalation
document Privilege escalation with getpwnam() functions family.
 beagle file indexing tool code execution
   
 Multiple IP3 Networks NetAccess security vulnerabilities
document SQL injections, unfiltered shell characters, etc.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 abc2ps / abcmidi abc music files to postscript converter buffer overflow
updated since 25.04.2006
document Buffer overflow on abc format parsing.
  


25.04.2006
Detailed
 Nessus buffer overflow
document Buffer overflow on parsing NASL (Nessus Attack Scripting Language) scripts.
 dnsmasq DNS forwarder / DHCP server DoS
document Crash on parsing malformed DHCP client request.
 Multiple Ethereal security vulnerabilities
document ~30 errors on parsing different protocols.
 Winny P2Pclient buffer overflow
   
 Quick 'n Easy FTP Server buffer overflow
document Buffer overflow on oversized command during logging.
 Safari MacOS X DoS
document Large rowspan number leads to CPU and memory consumption.
 iOpus Secure Email protection bypass
document Any part of password can be used for decryption.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


24.04.2006
Detailed
6!Gnome gdm race conditions
document Race conditions on handling .ICEauthority file.
 OpenTTD, Transport Tycoon Deluxe game clone denial of service
document Program abort on getting some error codes from client.
 Fenice OMS Open Media Streaming Server multiple security vulnerabilities
document Buffer overflow on URI parsing, integer overflow on Content-Length.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Privilege escalation in IBM AIX rm_mlcache_file with file overwrite
updated since 18.04.2006
document Race conditions on temporary file creation.
 csDoom / Vavoom / Zdaemon / Doomsday / Skulltag Doom clone game engines multiple vulnerabilities
updated since 27.03.2006
document Buffer overflows, format string vulnerabilities, DoS confitions.
 AIX mklvcopy vulnerability
updated since 16.03.2006
document Insecure external application execution by relative path.
  


23.04.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


22.04.2006
Detailed
6!Multiple Symantec Scan Engine network content filtering server security vulnerabilities
document Administrative interface passwords are checked on client side, fixed encryption key is used, critical information leak.
 SolarWinds free Windows TFTP server directory traversal
document Directory traversal with requests like get NUL/....//....//WINNT/win.ini
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.04.2006
Detailed
 Multiple MacOS X security vulnerabilities
document Buffer overflow in BOMArchiveHelper on ZIP archive extraction, multiple security bugs in Safari on HTML and different image formats parsing.
 Linux kernel perfmon DoS
document Race conditions on mm_struct structure access.
 Allied Telesyn AT-9724TS switch DoS
document UDP packets flood causes device to fail.
 HP StorageWorks Secure Path DoS
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.04.2006
Detailed
 Linksys RT31P2 SIP DoS
document IP telephony hangs on invalid SIP message.
 Multiple CiscoWorks Wireless LAN LAN Solution Engine / Cisco User Registration Tool / Cisco Hosting Solution Engine security vulnerabilities
updated since 19.04.2006
document Crossite scripting, command line escape.
  


19.04.2006
Detailed
6!Multiple Linux kernel vulnerabilities
document Floating-point unit registers information leak, shared memory section elevated access. ip_route_input() multiplcast DoS.
 Multiple Cisco IOS XR MPLS pacjets handling security vulnerabilities
document Multiple crashes on MPLS traffic processing.
 FreeBSD floating-point unit information leak
document Internal registers state is not completely saved/restored during context switching.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Symantec Live Update for Macintosh privilege escalation
updated since 18.04.2006
document suid applications executes external application by relative path.
  


18.04.2006
Detailed
8!Multiple Firefox / Netscape / SeaMonkey vulnerabilities
updated since 14.04.2006
document Crossite scripting, memory corruptions, buffer overflows, array overflows, integer overflows. Can be exploited to silently install malware code.
 Neon Responder LANsurveyor add-on DoS
document Service crash on malformed TCP/4347 packet.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.04.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.04.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.04.2006
Detailed
 Sun Java Studio Enterprise weak file permissions
document Some files are installed world-writable.
 fcheck symbolic links
document Insecure temporary file creation.
 Avast! antivirus Linux edition symbolic links problem
document Insecure temporary file creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.04.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 14.04.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.04.2006
Detailed
7!Novell GroupWise Messenger buffer overflow
document TC{/8300 HTTP request oversized Accept-Language header buffer overflow.
6!Multiple NetBSD security vulnerabilities
document RNG generator non-random strem generation, DoS conditions.
6!Opera browser integer overflow
document Integer overflow on long stylsheet sttribute. Can potentially be used for hidden malware installation.
 Amaya HTML editor buffer overflow
document Few different stack-based buffer overflows on HTML parsing.
 Sybase EAServer information leak
document Security credentials are stored insecurely in connection cache.
 Adobe LiveCycle security restrictiions bypass
document User marked as OBSOLETE can access server.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple Adobe Document Server for Reader Extensions security vulnerabilities
document Protection bypass, crossite scripting, session hijacking.
 Microsoft Frontpage crossite scripting
updated since 11.04.2006
   
  


12.04.2006
Detailed
8!Microsoft Windows shell code execution
updated since 11.04.2006
document COM object can execute code. Can be used for hidden malware installation with Internet Explorer.
8!Microsoft Windows MDAC code execution
updated since 11.04.2006
document RDS.Dataspace ActiveX object is marked as safe. Can be used for hidden malware installation with Internet Explorer.
6!Microsoft Outlook Express buffer overflow
updated since 11.04.2006
document Buffer overflow on parsing WAB address book.
6!HP System Management Homepage unauthorized access
updated since 01.03.2006
   
 Linux kernel keyring DoS
document System crash on invalid __keyring_search_one() argument.
 Sun Solaris LDAP client information leak
document Command parameters, including password are available from tasks list.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.04.2006
Detailed
8!Microsoft Windows system services privilege escalation
updated since 01.02.2006
document There are several local services SSDP Discovery service, Universal Plug and Play Host service) allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System. Also vulnerable: HP Software: "Pml Driver HPZ12" (HP Printer Laserjet 4200L PCL 6) Audodesk: "Autodesk Licensing Service" Dell Power Managment Software for network cards: "NICCONFIGSVC" Macromedia: "Macromedia Licensing Service" Zonelabs.com TrueVector Device Driver: "vsdatant" C-Dilla Software: "C-DillaCdaC11BA" Macrovision SECURITY Driver (Security Windows NT): "CdaC15BA" Macrovision SECURITY Driver (Security Windows NT): "SecDrv"
6!RealPlayer buffer overflow
updated since 23.03.2006
document Buffer overflow on SWF files parsing, Web pages parsing, MBC files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


10.04.2006
Detailed
7!Cyrus SASL library DoS
document DoS on DIGEST-MD5 authentication.
7!Multiple ClamAV Clam Antivirus security vulnerabilities
updated since 06.04.2006
document Integer overflow on PE files parsing, format string vulnerabilitry, unallocated memory access.
 fbida symbolic links problem
document fbgs script insecure temporary files creation.
 xzgv buffer overflow
document Heap buffer overflow during JPEG parsing.
 Linux kernel sys_timer_create() DoS
document Creation of large number of timers causes memory exhaustion and system crash.
 Cherokee web server crossite scripting
document Crossite scripting on error message.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.04.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.04.2006
Detailed
 HP-UX su vulnerability
document Security vulnerability presents if LDAP netgroups are used.
 Mailman mailing lists manager crossite scripting
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.04.2006
Detailed
 OpenVPN VPN client code execution
document Server can transmit environment variables to the clients, including e.g. LD_PRELOAD.
 GlobalScape Secure FTP Server buffer overflow
updated since 03.05.2005
document Buffer overflow on oversized FTP command.
  


05.04.2006
Detailed
6!Cisco Optical Networking System 15000 series / Cisco Transport Controller / Cisco 11500 Content Services Switch multiple security vulnerabilities
document Multiple DoS conditions.
6!Xine / libxine buffer overflow
document Buffer overflow on MPEG stream parsing.
6!NOD32 antivirus privilege escalation
document Quarantined file can be restored to any location with SYSTEM privileges.
6!HP Color LaserJet 2500 / HP Color LaserJet 4600 drivers information leak
document Directory traversal in integrated HTTP server (TCP/5225).
6!Ultr@VNC remote administration client / server buffer overflow
document Buffer overflow during logging.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 SMART Technologies SynchronEyes Student and Teacher classroom software DoS
document UDP/5496 large packet DoS.
 Vypres Chat DoS
document It's possible to ban any IP address by malformed mesage.
 Kaffeine buffer overflow
updated since 26.10.2004
document Buffer overflow on Content-Type: parsing.
  


04.04.2006
Detailed
7!Barracuda Spam Firewall multiple buffer overflows
document Buffer overflows on LHA and ZOO archive parsing.
7!McAfee WebShield antivirus format string vulnerability
document Format string vulnerability on SMTP address.
 Multiple Apache Struts application server security vulnerabilities
document Protection bypass, crossite scripting, DoS.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


02.04.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru