Computer Security
[EN] securityvulns.ru
no-pyccku




29.04.2009
Detailed
 HP-UX useradd privilege escalation
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 29.04.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


28.04.2009
Detailed
7!Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 23.04.2009
document Memory corruption, same policy origin violation, crossite scripting.
 Precidia Ether232 multiple security vulnerabilities
document Built-in web server memory corruption andauthentication bypass.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.04.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Webglimpse: information leak, crossite scripting, directory traversal, authentication bypass.
  


27.04.2009
Detailed
7!Aruba Mobility Controller unauthorized access
document Vulnerability in SSH key check allows unauthenticated SSH access to device.
7!Samsung cellular phones unauthorized access
document SMS Provisioning messages are not authenticated, allowing device configuration, including PIN codes change.
 iodinet DoS
document DoS on receiving malformed packet.
 Juniper Netscreen information leak
document /about.html page shows device version information.
  


24.04.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.04.2009
Detailed
9!Sun Java JRE / JDK / Web Start multiple security vulnerabilities
updated since 04.12.2008
document JNLP may overwrite system properties java.home java.ext.dirs user.home Heap overflow and integer overflow on TrueType fonts parsing, memory corruption on GIF parsing, integer overflow on Pack200 decompression. Multiple sendbox protection bypass vulnerabilities.
6!HP StorageWorks Storage Mirroring multiple security vulnerabilities
document Memory corruptions, unauthorized access, DoS.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Storage Essentials unauthorized access
document Secure NaviCLI unauthorized access.
  


22.04.2009
Detailed
 FreeBSD libc db functions information leak
document Uninitialized memory data can be written to database file.
  


21.04.2009
Detailed
 Trend Micro OfficeScan DoS
document Crash during virus scanning on large number of folders with long names.
 SLURM privilege escalation
document Group privileges are not gropped on external program invocation.
 git weak permissions
document On the few platforms template files are owned by non-root user.
 apt multiple security vulnerabilities
document Update problem bacause of unchecked 'date' result. Revoked repository key is incorrectly verified.
  


20.04.2009
Detailed
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.04.2009
document Code exexuction, multiple memory corruptions, NTLM relaying.
 Linksys WRT54GC wireless routers unauthorized password change
document Old password is not required to change password.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.04.2009
Detailed
6!udev multiple security vulnerabilities
updated since 17.04.2009
document Privilege escalation with NETLINK messages, buffer overflow on path encoding.
 JBoss directory traversal
document Directory traversal in echo/Echo
  


18.04.2009
Detailed
6!CUPS multipls security vulnerabilities
document Vulnerabilities on different formats data parsing.
6!Ghsotscript / XPDF / CUPS pdftops buffer overflow
updated since 10.04.2009
document Buffer overflow on JBIG2 decoding.
 Blackberry Enterprise Server XSS
document Blackberries Mobile Data Service Connection Service XSS.
 ejabberd crossite scripting
document Crossite scripting with server log.
 mpg123 signed-unsigned conversion vulnerability
document Integer sign mismatch error on ID3 MP3 tags parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 poppler library multiple security vulnerabilities
document Few vulnerabilities leading to denial of service.
  


17.04.2009
Detailed
6!DivX WebPlayer buffer overflow
document Integer overflow on video stream chunk parsing leads to buffer overflow.
 SAP GUI unauthorized access
document KWEdit ActiveX has unsafe SaveDocumentAs() method.
 Zervit Webserver buffer overflow
document Buffer overflow on oversized resource URI.
 Nortel Application Gateway information leak
document Web page contains login and password for administrative access.
 Danske Bank Danske e-Sec ActiveX buffer overflow
document Buffer overflow in logging function.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM AIX muxatmd buffer overflow
document Buffer overflow with overszied calling program name.
 Apache Geronimo multiple security vulnerabilities
document Crossite scripting, directory traversal.
  


16.04.2009
Detailed
6!MiniWeb Web server multiple security vulnerabilities
document Buffer overflow, directory traversal.
6!Microsoft Excel multiple memory corruptions
updated since 14.04.2009
document Memory corruption on spreadsheet files parsing.
 Apache mod_perl crossite scripting
updated since 13.04.2009
document perl-status crossite scripting.
  


15.04.2009
Detailed
6!Microsoft ISA Server / Forefront Threat Management Gateway DoS
document DoS with TCP connections to reverse HTTP proxy, crossite scripting.
  


14.04.2009
Detailed
7!Microsoft DirectShow memory corruption
document Memory corruption on Motion JPEG files decompression.
6!Microsoft Windows WinHTTP servive multiple security vulnerabilities
document Integer overflow, certificate spoofing, NTLM relaying.
6!Microsoft Windows privilege escalation
document Privilege escalation with MSDTC, WMI, RPCSS, Windows Thread Pool services.
 ntp client buffer overflow
document Buffer overflow on NTP server reply parsing.
 Mongoose web server directory traversal
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.04.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. VBulletin: crossite scripting
  


13.04.2009
Detailed
 PGP Desktop privilege escalation
document Multiple vulnerabilities on IOCTL processing.
  


12.04.2009
Detailed
6!OpenAFS multiple security vulnerabilities
document DoS, buffer overflow.
6!VMWare multiple security vulnerabilities
updated since 08.04.2009
document Multiple DoS conditions, privilege escalations, buffer overflows in VNnc codec.
 PHP DoS
document Crash on malformed string in JSON_parser.
 roundup privilege escalation
   
 Wicd information leak
document User can hijack DBus messages intended for Wicd server process.
 ftpdmin buffer overflow
document RNFR buffer overflow
 Chance-i DiViS DVR System multiple security vulnerabilities
document Web server directory traversal, ActiveX bufer overflow.
 OpenSC protection bypass
document It's possible to obtain access to smart card data without entering PIN.
 PHP safe mode bypass vulneraebility
updated since 24.01.2008
document It's possible to access files behind sandbox directory with cURL module.
 Microsoft Internet Explorer DoS
document Browser hangs while trying to determine charset of the text document with large number of random characters.
 HP Deskjet 6800 crossite scripting
document Crossite scripting in web interface
  


10.04.2009
Detailed
6!Cisco ASA Adaptive Security Appliance / Cisco PIX Security Appliance multiple security vulnerabilities
document VPN authentication bypass, multiple DoS conditions.
6!EMC Replistor buffer overflow
document Integer overflows in system services leads to buffer overflow.
6!Wireshark multiple security vulnerabilities
document PROFINET protocol dissector format string vulnerability, Check Point High-Availability Protocol (CPHAP) dissector DoS, .rf5 file parses DoS.
 tunapie multiple security vulnerabilities
document Unfiltered shell characters vulnerability, symlink vulnerability.
 IBM BladeCenter Advanced Management Module multiple security vulnerabilities
document Crossite scripting, information leak.
 multipath-tools weak permissions
document Weak permissions for control socket.
 HP ProCurve Manager unauthorized access
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Openads: code execution
 Windows ZIP folders buffer overflow
updated since 13.10.2004
document Integer overflow in DynaZip (DUNZIP32.DLL) library on oversized filename in archive.
 GOM Player buffer overflow
document Buffer overflow on .srt files parsing.
  


08.04.2009
Detailed
7!MIT Kerberos 5 multiple security vulnerabilities
document Multiple DoS conditions, free() of uninitialized pointer.
6!xinelib library integer overflow
document Integer overflow on Quicktime XTTS atom parsing.
6!Novell Netware Client code execution
document Invalid pointer dereference on named pipe message parsing.
 Apache mod_jk information leak
document Under specific conditions reply on client's request may be received by different client.
 IrfanView integer overflow
document Integer overflow on XPM image parsing.
 xpdf code execution
document xpdfrc file from current location may be processed.
 Asterisk VoIP server user accounts enumeration
document Different replies for non-exstant SIP account and invalid password.
  


07.04.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: information leakage, protection bypass, unauthorized access.
 blender / gedit / gnumeric / vim / eog python scripts code execution
updated since 17.02.2009
document sys.path variable manipulation is possible to load arbitrary modules.
 Sun Java System Identity Manager / Access Manager accounts enumeration
document Replies for invalid username and invalid password are different.
  


03.04.2009
Detailed
 FortiClient format string vulnerability
document Format string vulnerability in VPN connection name allows kernel memory access.
 Autodesk IDrop ActiveX multiple memory corruptions
document Memory corruptions with different properties.
 IBM DB2 DoS
document Few security vulnerabilities causing server application to crash.
 ContentKeeper unauthorized access
document File upload and code execution with web interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.04.2009
Detailed
7!Cisco IOS multiple security vulnerabilities
updated since 26.03.2009
document Multiple DoS conditions in TCP, cTCP, Mobile IP/Mobile IPv6, WebVPN, SSLVPN implementations, SCP privilege escalation.
7!Mozilla Firefox / Seamonkey / Thunderbird multiple security vulnerabilities
updated since 06.03.2009
document Crossite XML access, multiple memory corruptions.
6!Check Point Firewall-1 PKI Web Service buffer overflow
document Multiple buffer overflows on HTTP headers parsing.
6!PayPal resource exhaustion
document Vulnerability: malicious Web site can cause Denial of Service by forcing user into spending money from his PayPal account to buy different unnecessary things, leading to situation of resource consumption where user can not obtain his daily bread on this day. Workaround: put more money into PayPal account or use cheat codes. Solution: waiting for vendor fix to create official inexhaustible accounts.
 MIT Kerberos 5 DoS
document NULL pointer dereference on malformed packet.
 Openswan / Strongswan DoS
document Crash on R_U_THERE or R_U_THERE_ACK packets replay attack.
 auth2db SQL injection
document SQL injection on multibyte character encodings.
 nss-ldapd Weak file permissions
document /etc/nss-ldapd.conf flie with LDAP password is world readable.
 OpenSSL library BMPString DoS
document Crash on UniversalString and BMPString parsing.
 Trend Micro Internet Security Pro privilege escalation
document tmactmon.sys driver IOCTL processing privilege escalation.
 IBM WebSphere Application Server crossite scripting
document Multiple crossite scripting possibilities.
 SAP SAPDB crossite scripting
document Crossite scripting in Web Database engine on TCP/9999 port.
 PrecisionID ActiveX unsafe methods
document Unsafe SaveBarCode() and SaveEnhWMF() methods allow files overwriting.
 UiltraISO multiple security vulnerabilities
document Format string vulnerability via image filename. Buffer overflows on different disk image formats prasing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RotaBanner: crossite scripting.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru