Computer Security
[EN] securityvulns.ru
no-pyccku




27.04.2011
Detailed
6!Asterisk security vulnerabilities
updated since 26.04.2011
document Privilege escalation DoS via resources exhaustion.
 CA Arcot WebFort Versatile Authentication Server security vulnerabilities
document Crossite scripting, request spoofing.
 HP OpenView Storage Data Protector code execution
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.04.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 rsync memory corruption
updated since 06.04.2011
document Memory corruption on server reply parsing.
  


26.04.2011
Detailed
 Kaspersky administration Kit SMB relaying attack
document Network is automatically scanned and hosts found are automatically connected via SMB with administrative permissions, making it possible SMB relaying attack.
 HP Network Automation information leakage
   
 HP System Management Homepage multiple security vulnerabilities
document Crossite scripting, code execution, DoS.
 HP Proliant Support Pack multiple security vulneraebilities
document Crossite scripting, information leakage.
 HP Insight Control multiple security vulnerabilities
document Privilege escalation, code execution, information leakage, DoS.
 Microsoft fixed SMB NTLM relay attacks
updated since 12.11.2008
document Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness.
 AT-TFTP DoS
document Crash if no acknowledgment is recevied after file is retrieved.
  


21.04.2011
Detailed
7!Apple WebKit / Safari multiple security vulnerabilities
updated since 19.04.2011
document Integer overflow, use-after-free.
6!language-selector privilege escalation
document Privilege escalation via D-Bus messages.
 HP Systems Insight Manager multiple security vulnerabilities
document Crossite scripting, crossite request forgery, DoS.
 HP Performance Insight information leakage
   
 Videcon Viola DVR VIO-4/1000 directory traversal
document Directory traversal in Web interface.
 PolicyKit privilege escalation
document privilege escalation via pkexec
 HP Virtual Server Environment for Windows privilege escalation
   
 HP Insight Control Performance Management security vulnerabilities
document Crossite request forgery, privilege escalation.
 libtiff memory corruption
document Memory corruption on JPEG files parsing.
 CA Output Management Web Viewer ActiveX buffer overflow
document Buffer overflows in UOMWV_HelperActiveX.ocx and PPSView.ocx
 FreeBSD mountd protection bypass
document Network mask in ACLs is computed incorrectly.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.04.2011
Detailed
7!CA TotalDefence multiple security vulnerabilities
document SQL injection, directory traversal, information leakage, unauthorized access.
7!IBM Tivoli Directory Server buffer overflow
document Buffer overflow in LDAP (TCP/389) CRAM-MD5 authentication.
 KDE KGet directory traversal
document Directory traversal via filename.
 KDE KHTML crossite scripting
document Crossite scripting via error pages.
 EMC Networker weak permissions
document Weak permissions for executable file.
 EMC RSA Adaptive Authenticatio crossite scripting
updated since 19.04.2011
document Flash file crossite scripting.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.04.2011
Detailed
9!Microsoft Windows multiple security vulnerabilities
updated since 13.04.2011
document SMB client and server memory corruption, Fax Cover Page Editor memory corruption, MFC library unsafe DLL loading, MHTML library information leak, GDI+ library integer overflow, DNS client memory corruption, memory corruption in .Net Framework, memory corruption in JScript / VBScript engines, stack overflow in OpenType fonts parsing, multiple drivers vulnerabilities.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.04.2011
document Multiple memory corruptions and information leaks.
7!Microsoft Office multiple security vulnerabilities
updated since 13.04.2011
document Multiple memory corruptions in Excel and PowerPoint, unsafe DLL loading, memory corruption in Office Graphic.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.04.2011
Detailed
 VeryPDF PDF Extract TIFF library multiple security vulnerabilities
document Multiple vulnerabilities on PDF parsing.
 TOTVS ERP Microsiga Protheus buffer overflow
document Buffer overflow on network request parsing.
 RealNetworks RealPlayer code execution
document Code execution via .rnx files.
 HP Photosmart printers security vulnerabilities
document Unauthorized access, crossite scripting.
 McAfee Firewall Reporter unauthenticated access
document Bug in application logic allows authentication bypass.
 Linksys WRT54G information leakage
document Access passwords are stored in the files available via anonymous FTP.
 VLC mediaplayer buffer overflow
document Heap oveflow on MP4 parsing.
 HP-UX NFS/ONCplus DoS
   
 MIT Kerberos 5 memory corruption
document Invalid pointer free() during password change request processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Reader integer overflows
document Integer overflows on different formats parsing.
 GIMP multiple security vulnerabilities
document Memory corruption on different data formats parsing.
  


13.04.2011
Detailed
6!Multiple ActiveX components security vulnerabilities
document kill bit update for multiple components of different vendors.
 Multiple systems ICMPv6 flood DoS
document router announcement packets flood resourceds exhaustion
 Apache Tomcat information leakage
document Under some conditions, information may be sent to wrong client.
 Windows help system buffer overflow
document Buffer overflow on CHM files parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.04.2011
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.04.2011
Detailed
6!libmodplug library buffer overflow
document ReadS3M buffer overflow. DoS on ABC files parsing.
 XRDB shell characters vulnerability
document Shell characters vulnerability via host name.
 tmux privilege escalation
document Elevated group privileges are not dropped.
 Debian symbolic links vulnerability
document /etc/cron.d/php5 cron job allows to delete arbitrary files via symlinks.
 KDE KSSL certificate spoofing
document It's possible to spoof certificate issued for IP address.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 O2 DSL Router Classic router crossite scripting
document Crossite scripting in administration interface.
  


06.04.2011
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


05.04.2011
Detailed
6!RealNetworks RealGames ActiveX code execution
document Multiple unsage methods.
6!xmlsec library unauthorized access
document It's possible to access files via ds:Transform.
6!GGmpeg library multiple security vulnerabilities
document Buffer overflow on Vorbis / WebM files decoding, memory corruption on RealMedia and VC1 files.
 Novell File Reporter Agent buffer overflow
document NFRAgent.exe TCP/3037 buffer overflow.
 IBM solidDB authentication bypass
document solid.exe (TCP/1315, TCP/1964, TCP/2315) authentication bypass.
 iSCSI target user-space tools double free
document Double free() in tgt.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 THOMSON TG585 routers crossite scripting
document Crossite scripting in Web interface.
  


04.04.2011
Detailed
8!Multiple BSD systems IPSec IP Compression stack overflow
document kernel stack overflow on packet parsing.
7!RealNetworks Helix DNA Server buffer overflow
document Buffer overflow on RTSP processing.
 HP Operations for UNIX crossite scripting
   
 Hp-UX DoS
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeBSD sendfile() information leak
updated since 07.04.2005
document If file size it changed content of kernel memory can be disclosured.
 Movie Player buffer overflow
document Buffer overflow on AVI parsing.
 Microsoft Windows shmedia.dll DoS
document Division by zero on AVI preview creation.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru