Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.04.2010
Detailed
7!Novell ZENworks directory traversal
updated since 26.04.2010
document UploadServlet directory traversal.
6!VLC media player multiple security vulnerabilities
document Multiple buffer overflows and memory corruptions on different media formats.
 Internet Download Manager buffer overflow
document Buffer overflow on ftp:// URI processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP System Insight Manager multiple security vulnerabilities
document Crossite scripting, crossite request forgery, privilege escalation.
  


29.04.2010
Detailed
7!AgentX++ library / Helix Server multiple security vulnerabilities
updated since 26.04.2010
document Integer overflow, buffer overflow.
 Microsoft SharePoint Server crossite scripting
document Crossite scripting in help.aspx
 PostgreSQL DoS
document Crash on substring() function in SQL.
  


27.04.2010
Detailed
6!Novastor NovaBACKUP Network multiple security vulnerabilities
document Buffer overflow, information leak, DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.04.2010
Detailed
7!Apache mod_auth_shadow authentication bypass
document Race conditions allow to bypass username/password check.
6!HP Virtual Machine Manager unauthorized access
   
 CompleteFTP DoS
document Memory leak during authentication.
 HP-UX DoS
   
 HP Operations Manager code execution
   
 ClamAV memory corruption
document Memory corruption on CAB files parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.04.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 WinMount buffer overflow
document Buffer overflow on oversized file names inside archive.
  


23.04.2010
Detailed
6!imlib2 library buffer overflow
document Heap buffer overflow in IMAGE_DIMENSIONS_OK().
 MIT Kerberos 5 double free()
document KDC double free()
 Cisco RVS/PVC/WVC information leak
document Unprivileged user can view passwords.
 HTC communicators SMS crossite scripting
document Crossite scripting on SMS preview.
 Microsoft Windows DoS
document SfnLOGONNOTIFY and SfnINSTRING functions DoS.
 Apache Tomcat information leak
document Internal computer name and port may be used as a realm name for HTTP basic authentication.
  


22.04.2010
Detailed
6!Adobe Download Manager ActiveX buffer overflow
document Buffer overflow via parameters.
6!OpenSSL DoS confitions
document DoS conditions in ssl3_get_record and kssl_keytab_is_available functions.
6!sudo protection bypass
updated since 01.03.2010
document when a pseudocommand is enabled, it's possible to created an executable file with the same name, it will be executed by relative name with escalated privileges.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.04.2010
Detailed
8!Adobe Acrobat and Reader multiple security vulnerabilities
document Multiple buffer overflows, memory corruptions, code execution, crossite scripting, DoS conditions.
7!Cisco Secure Desktop ActiveX code execution
document Web Install ActiveX allows to download and execute code due to failed signature validation.
7!Apple Mac OS X multiple security vulnerabilities
updated since 07.04.2010
document Code execution on Internet Enabled Disk Image files. Multiple vulnerabilities in ImageIO,
 Visualization Library memory corruption
document Memory corruption on .dat files parsing.
 iomega Home Media Network Hard Drive unauthorized access
document Web interface allows SMB access to device and network it's connected to.
 Micropoint Proactive Denfense privilege escalation
document User-controlled kernel memory access on IOCTL processing.
 ejabberd XMPP/Jabber server DoS
document Array overflows on large number of simulationeus c2s messages.
 KDE kdm race conditions
document race conditions allow to change file permissions.
 irssi multiple security vulnerabilities
document Insufficient SSL certificate and version validation, DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 VMWare applications multiple security vulnerabilities
updated since 12.04.2010
document Code execution, privilege escalation, buffer overflow, format string vulnerabilities, DoS, information leaks.
 Imperva SecureSphere Web Application Firewall protection bypass
   
 IBM BladeCenter Management Module DoS
document DoS on tcp/3900 traffic processing.
  


17.04.2010
Detailed
8!Oracle / Sun applications multiple security ulnerabilities
updated since 16.04.2010
document Oracle quarterly CPU contains fixes for approximately 50 different vulnerabilities.
  


16.04.2010
Detailed
7!Microsoft Windows MP3 codec buffer overflow
document Buffer overflow on AVI files with MP3 audio stream.
6!Microsoft Windows Media Services buffer overflow
document Buffer overflow in nsum.exe on client request processing.
 Microsoft Windows ISATAP IPv6 address spoofing
document Insufficient check for tunneling address.
 Microsoft Windows Media Player ActiveX memory corruption
document Memory corruption on media file parsing.
 Microsoft Office Publisher buffer overflow
document Buffer overflow on files parsing.
  


15.04.2010
Detailed
8!Microsoft Windows file signature spoofing
document Signature spoofing in PE and CAB files.
7!Microsoft SMB client multiple security vulnerabilities
updated since 10.02.2010
document Memory corruptions, race conditions.
6!Microsoft Windows kernel multiple privilege escalations
document Multiple DoS conditions, race conditions, memory corruptions.
 Microsoft VBS code execution
document If F1 is pressed in dialog window, help file controlled by attacker
  


14.04.2010
Detailed
 TANDBERG Video Communication Server multiple security vulnerabilities
document Static ssh key, authentication bypass, files access.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.04.2010
Detailed
8!Oracle Sun Java WebStart code execution
document Characters injection during javaws/javaws.exe launch allows dynamic library execution in specified location.
8!Apple QuickTime/iTunes multiple security vulnerabilities
updated since 05.04.2010
document Multiple vulnerabilities on FLC, PICT and multiple graphics and video formats parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 WinSoftMagic Photo Editor buffer overflow
document Buffer overflow on .PNG files parsing.
  


09.04.2010
Detailed
 TCPDF library code execution
document PHP code execution with <tcpdf> tag.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.04.2010
Detailed
9!Oracle Sun Java multiple security vulnerabilities
updated since 31.03.2010
document Buffer overflows on soundbank parsing, buffer overflow on images and archives parsing. Multiple code executions and privilege escalations.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 MIT Kerberos 5 kadmind DoS
document use-after-free vulnerability on error message generation.
 Miranda IM TLS encryption vulnerability
updated since 18.03.2010
document Under some conditions TLS is not used for Jabber server connection regradless of settings.
  


06.04.2010
Detailed
 xulrunner multiple security vulnerabilities
document Multiple memory corruptions, privilege escalations, code executions.
  


05.04.2010
Detailed
9!Microsoft Internet Explorer multiple security vulnerabilities
updated since 31.03.2010
document Multiple security vulnerability are used in-the-wild for hiddden malware installation.
 BitComet torrent client DoS
document Crash on malformed DHT packet.
 Apache CouchDB timing attack
document Password validation algorythm allows to guess matching part.
 libnss-db unauthorized files access
document It's possible to access local files with elevated privileges.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru