Computer Security
[EN] securityvulns.ru
no-pyccku

  


29.04.2008
Detailed
6!KDE start_kdeinit privilege escalation
document It's possible to execute code with root privileges or send signals to privileged processes.
 Multiple antivirus and firewall memory corruption
document Memory corruptions on SSDR hooked functions argument processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


28.04.2008
Detailed
6!ldm / ltsp X session hijack
document It's possible to connect to X server of any LTSP client.
6!Novell Groupwise buffer overflow
document Buffer overflow on mailto: URI parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


27.04.2008
Detailed
6!HP eSupportDiagnostics ActiveX unauthorized access
updated since 20.12.2007
document Unsafe ReadTextFile() / ReadValue() methods allow file system / registry access.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 27.04.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Comix multiple security vulnerabilities
document Shell characters vulnerability, symbolic links problem.
 Lotus Expeditor code execution
document cai: URI handler allows code exectuion from any SMB share.
  


25.04.2008
Detailed
7!Sun Java JRE / JDK multiple security vulnerabilities
updated since 07.03.2008
document Vulnerabilities on image parsing.
6!perl buffer overflow
document Heap memory overflow on regular expression handling.
6!Trillian buffer overflow
document Buffer overflow on oversized MSN messenger nickname.
6!BadBlue Web server multiple security vulnerabilities
updated since 13.12.2007
document Buffer overflow, directory traversal, information leak, DoS.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Coppermine: SQL injection.
  


24.04.2008
Detailed
7!Xinelib buffer overflow
document Buffer overflow on oversized MP3 Copyright tag.
6!Microsoft Windows Realtek HD Audio privilege escalation
document Multiple security vulnerabilities on IOCTL processing.
6!Asterisk IAX2 calls spoofing
document Insuficient check of server ACK and weak call number generation allows blind spoofing.
 Zune software ActiveX unauthorized access
document It's possible to save files to any location.
 OpenFire jabber server DoS
document Memory exhaustion if client fails to receive messages.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Wordpress: different message for wrong username and pasword, weak inicial password generation.
 Safari multiple security vulnerabilities
document DoS conditions, link target spoofing.
 RSA Authentication Agent crossite scripting
document Crossite scriptign via authorization page.
  


23.04.2008
Detailed
6!QiP memory corruption
document Memory corruption on large number of smiles in message.
  


22.04.2008
Detailed
6!Adobe Photoshop / Adobe After Effects buffer overflow
document Buffer overflow on BMP files parsing.
 DBMail unauthorized access
document It's possible to access any account without password if authldap is used.
 Motorolla Surfboard cable modem multiple security vulnerabilities
document DoS conditions, crossite request forgery.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.04.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.04.2008
Detailed
6!Aztech ADSL routers backdoor
document It's possible to obtain administrative access with undocumented account isp/isp.
6!MPlayer array index overflow
document Array index overflow on SDP session data parsing.
6!Multiple torrent client commands injection
document It's possible to inject web interface command by using CSRF injection technique.
6!OpenOffice multiple security vulnerabilities
document multiple buffer overflows and integer overflows on QPRO (Quattro Pro), EMF and Microsoft Office files parsing.
6!IBM DB2 database server multiple security vulnerabilities
updated since 16.04.2008
document Privilege escalation with administration utility, db2dasStartStopFMDaemon buffer overflow. JAR files DoS. Code execution with ADMIN_SP_C/ADMIN_SP_C2. Arbitrary files overwrite with SYSPROC.NNSTAT.
 Microsoft Windows privilege escalation
document By using RPCSS service it's possible to elevate privileges from NetworkService to SYSTEM.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. mnoGoSearch: crossite scripting in search.php3 via q parameter.
  


18.04.2008
Detailed
6!Mozilla Firefox memory corruption
document Memory corruption in Javascript garbage collection.
  


17.04.2008
Detailed
7!XPDF / Poppler uninitialized pointer dereference
document User-controlled pointer dereference.
7!Speex / VLC / gstreamer-plugins-good / sweep / SDL_sound / vorbis-tools / Xine buffer overflow
document Buffer overflow in speex_packet_to_header().
7!CA multiple applications ActiveX code execution
document Code execution with gui_cm_ctrls control.
7!PCRE library buffer overflow
updated since 20.02.2008
document Buffer overflows on regular expressins with codepoints greatr than 255.
6!PolicyKit format string security vulnerability
document Format string vulnerability via password.
6!Cisco Network Admission Control weak encryption
document Shared secret is transmitted cleartext over the networkig during logging.
 BigAnt Server buffer overflow
document Buffer overflow on oversized TCP/6080 HTTP request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FoxIt Reader multiple security vulnerabilities
document Memory corruptions on PDF parsing.
  


16.04.2008
Detailed
7!ICQ buffer overflow
document Buffer overflow on status message parsing.
7!ClamAV antivirus multiple security vulnerabilities
updated since 15.04.2008
document Endless loop on ARJ files handling. Heap buffer overflow on WWPack'ed and PeSpin'ed PE files.
6!DivX Player buffer overflow
document Buffer overflow on .SRT subtitile files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Trashbin plugin for Wordpress: crossite scripting.
  


15.04.2008
Detailed
7!IBM Lotus Notes / Autonomy Keyview multiple security vulnerabilities
document Multiple buffer overflows.
7!ActivePDF / Lotus Notes / Symantec Mail Security / Autonomy Keyview multiple security vulnerabilities
updated since 14.04.2008
document Multiple buffer overflows on Folio Flat File / Applix graphics format parsing.
6!Opera browser multiple security vulnerabilities
document Multiple memory corruptions, keyboard passwords handling weakness.
6!IBM Websphere MQ unauthorized access
document Authentication bypass, security restrictions bypass.
6!Xitami web server format string vulnerability
document Format string vulnerability on SSI files handling.
6!Microsoft Internet Explorer memory corruption
updated since 08.04.2008
document Memory corruption on datasream processing.
 OpenOffice array index overflow
document Array index overflow on large number of document styles.
 Unixware utilities buffer overflow
document Buffer overflows in suid utilities /usr/lib/merge/mcd /usr/opt/reliant/bin/hvdisp /usr/opt/reliant/bin/rcvm
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 squid proxy server DoS
document assert() on invalid cache update reply.
 HP OpenView Network Node Manager multiple CGI buffer overflow
updated since 07.12.2007
document Buffer overflows in ovlogin.exe, OpenView5.exe, snmpviewer.exe, webappmon.exe. OpenView5.exe directory traversal.
 Watchguard Firebox user enumeration
document Error code is different for invalid username and password for PPTP MS-CHAPv2 authentication.
  


14.04.2008
Detailed
8!Adobe Flash Player multiple security vulnerabilities
updated since 10.04.2008
document Code execution, crossite scripting, request spoofing.
6!Trillian buffer overflow
document Buffer overflow on .dtd files parsing.
6!Borland Interbase database server buffer overflow
document Buffer overflow on TCP/3050 data parsing.
6!EMC DiskXtender multiple security vulnerabilities
document Authentication bypass, buffer overflow, format string vulnerability.
6!rsync integer overflow
document Integer overflow on ACL handling.
 libpng uninitialized memory reference
document Uninitilized memory reference on zero-sized chunk with external chunk handlers.
 gnome-screensaver privilege escalation
document getpwuid() exceptional conditions are not handled.
 Python buffer overflow
document Integer overflow leading to buffer overflow in PyString_FromStringAndSize().
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 am-utils symbolic links security vulnerability
document expn utility unsafe temporary files creation.
  


10.04.2008
Detailed
6!Audit buffer overflow
document Buffer overflow on logging.
6!licq fd_set bitmap index overflow
document FD_SETSIZE is not checked on incoming connection accept().
 Python zlib module buffer overflow
document Integer overflow in flush leads to buffer overflow.
 AlsaPlayer buffer overflow
document Buffer overflow on oversized .ogg comment.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Wayport Public Access PC protection bypass
document It's possible to disable protection by disabling Internet Explorer plugin.
 HP Integrity server iLO-2 DoS
   
  


09.04.2008
Detailed
9!Microsoft Windows GDI multiple security vulnerabilities
updated since 08.04.2008
document Multiple buffer overflows on EMF and WMF files parsing.
8!Microsoft Windows multiple ActiveX elements security update
updated since 08.04.2008
document Code execution in hxvz.dll.
  


08.04.2008
Detailed
9!Microsoft Windows VBScript / JScript buffer overflow
document Buffer overflow on scripts parsing.
7!XFree86 / X.Org / NX multiple security vulnerabilities
updated since 20.01.2008
document XInput and TOG-CUP extensions memory corruption, EVI and MIT-SHM extensions integer overflows, multiple extensions array index overflows. libxfont PCF fonts parsing buffer overflow.
6!Microsoft Windows privilege escalation
document Code execution in kernel context.
6!Microsoft Visio multiple security vulnerabilities
document Memory corruption and code execution on files parsing.
6!HP OpenView Network Node Manager multiple security vulnerabilities
updated since 08.04.2008
document Buffer overflows, format string vulnerabilities, DoS conditions on TCP/2953, TCP/2954 traffic parsing.
6!Tumbleweed SecureTransport FileTransfer ActiveX buffer overflow
document Buffer overflow in TransferFile method.
 Microsoft project memroy corruption
document Memory corruption on file parsing.
 CDNetworks Nefficient Download ActiveX unauthorized access
document It's possible to download file to any location.
 openMosix API library buffer overflow
document Buffer overflow in msx_readnode().
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


05.04.2008
Detailed
7!Symantec Internet Security activeX code execution
document It's possible to execute code by using crossite scripting in symantec.com domain. Buffer overflow.
7!Apple QuickTime multiple security vulnerabilities
document Buffer overflows and memory corruptions aon multiple file and stream formats.
6!SCO Unixware pkgadd directory traversal
document It's possible to access any system files.
6!OrbitDownloader buffer overflow
document Buffer overflow on Unicode URL parsing.
6!CA ARCserve Backup and CA Desktop Management multiple seucirty vulnerabilities
document Durectory traversal and buffer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. MODx CMS: index.php crossite scripting through email parameter.
 Cisco Unified Communications Disaster Recovery Framework code execution
document Command execution thorugh backup management service.
 F5 BIG-IP privilege escalation
document Resource Manager group member can execute shell commands thorugh perl injection vulnerability.
  


03.04.2008
Detailed
7!CUPS code execution with GIF files
document Buffer overflow on GIF files parsing.
6!Webwasher content fitler DoS
document Proxy hangs on URL parsing.
 Seattlelab SLMail Pro multiple security vulnerabilities
document Memory corruption and DoS conditions.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 LANDesk Management Suite directory traversal
document Directory traversal in TFTP server.
 HP Select Identity unauthorized access
   
  


02.04.2008
Detailed
6!Apache-SSL multiple security vulnerabilities
document Multiple vulnerabilities on environment variable initialization from client certificates data.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.04.2008
Detailed
6!Macrovision InstallShield InstallScript One-Click Install ActiveX code exectuion
document Control allows to download and execute dynamic library from remote site.
 PowerDNS DNS cache poisoning attack
document Weak PRNG generator allows cache poisoning attack.
 Avast! antivirus memory corruption
document Kernel memory corruption in aavmker4.sys on IOCTL processing.
 2X ThinClientServer TFTP server directory traversal
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 01.04.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 lighthttpd SSL DoS
document Termination of one SSL connection may cause another concurrent SSL connection to terminate.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
espnfarm24.com



Rating@Mail.ru