Computer Security
[EN] securityvulns.ru no-pyccku



29.04.2013
Detailed
6!tinc buffer overflow
document Buffer overflow with oversized TCP packet.
 HP ElitePad 900 Protection bypass
document It's possible to bypass secure boot protection.
  


28.04.2013
Detailed
 Borland ActiveX security vulnerabilities
document Buffer overflows, unsafe method.
 HP Data Protector privilege escalation
   
 D-Link DIR-615 / DIR-600 / DIR-300 multiple security vulnerabilities
updated since 11.02.2013
document Code execution, information leakage, XSS, etc.
 D-Link DIR-635 router multiple security vulnerabilities
document XSS, CSRF.
 IBM Lotus Domino information leakage
document Unprivileged user can access system information.
  


22.04.2013
Detailed
9!Oracle Java / OpenJDK multiple security vulnerabilities
document 42 different vulnerabilities.
8!Adobe Shockwave Player Multiple security vulnerabilities
document Buffer overflow, memory corruption, information leakage.
8!Adobe Flash Player multiple security vulnerabilities
document Multiple memory corruptions.
7!Apple Safari / WebKit memory corruption
document Memory corruption via SVG
6!SAP applications multiple security vulnerabilities
document Privilege escalation, code execution.
6!Cisco Network Admission Control Manager SQL injection
   
6!Cisco TelePresence DoS
document DoS via malformed RTP packets
6!Adobe ColdFusion security vulnerabilities
document Information leakage, unauthorized access.
6!IcedTea-Web security vulnerabilities
document Crossdomain access, code execution.
6!Cisco ASA / FWSM multiple security vulnerabilities
updated since 15.04.2013
document Multiple DoS conditions.
 Sitecom routers backdoor account
document 2 undocumented backdoor accounts.
 cURL / libcurl information leak
document Crossdomain cooke access
 Samba limitations bypass
document It's possible o bypass share attributes limitations.
 X.Org X server information leakage
document It's possible to retrieve keystrokes.
 Xen security vulnerabilities
document Few DoS conditions.
  


15.04.2013
Detailed
6!Cisco Prime Network Control Systems default account
document Default database account.
6!Cisco Unified MeetingPlace Application Server security vulnerabilities
document Authentication bypass, unauthorized access.
6!Apache mod_security security vulnerabilities
document Local files access, resources exhausiton.
6!Cisco IOS multiple security vulnerabilities
updated since 01.04.2013
document RSVP DoS, IKE DoS, NAT implementation DoS, Smart Install client DoS, SPT DoS, IP SLA DoS, SIP DoS.
6!libc glob() resources exhaustion
updated since 02.05.2011
document It's possible to build recursive template, leading to memory exhaustion.
 Linux kernel multiple security vulnerabilities
updated since 02.04.2013
document DoS, protection bypass, nVidia drivers buffer overflow, information leakage.
 DartWebserver DoS
document NULL pointer dereference.
 Microsoft Internet Explorer DoS
document Crash on recursive CSS inclusion.
 Firefox for Android weak permissions
document Weak app_tmp permissions allows to overwrite addons.
  


12.04.2013
Detailed
7!Microsoft Windows multiple security vulnerabilities
document Multiple privilege escalations in kernel, CSRSS and drivers.
7!Microsoft Remote Desktop Connection Client ActiveX code execution
document Use-after-free in ActiveX
6!Microsoft multiple applications crossite scripting
document Invalid characters sanitization.
6!Microsoft SharePoint weak permissions
document Weak documents access rights.
 Microsoft Active Directory DoS
document Memory exhaustion.
  


09.04.2013
Detailed
6!HP LoadRunner security vulnerabilities
document Few different buffer overflows.
 Multiple vulnerabilities in D-Link devices
document Code execution, information leakage.
 Subversion multiple security vulnerabilities
document Multiple DoS conditions
 Aastra IP phones backdoor
document Hardcoded telnet account admin/[M]qozn~
 MIT Kerberos 5 DoS
document pkinit_crypto_openssl.c NULL pointer dereference
 libgssapi / libgssglue privilege escalation
document Insecure getenv() usage
  


08.04.2013
Detailed
7!Novell GroupWise code execution
document Untrusted pointer dereference.
6!libav / ffmpeg multiple security vulnerabilities
document Vulnerabilities on multiple media formats parsing.
 Cisco Video Surveillance Operations Manager security vulnerabilities
document Directory traversal, crossite scripting.
 GNOME Online Accounts SSL certificate spoofing
document Insufficient certificate check.
 Netgear WNR1000 authentication bypass
document It's possible to bypass authentication by adding ?.jpg to filenames.
 Sophos Web Protection Appliance multiple security vulnerabilities
document Local files access, commands executions, crossite scripting.
 PostgreSQL multiple security vulnerabilities
document DoS, weak PRNG, privilege escalation.
 GNU bash buffer overflow
document Buffer overflow in buil-in test command.
 libxml2 DoS
updated since 11.03.2013
document CPU exhaustion.
 OpenFabrics ibutils symbolic links vulnerability
document infiniband utility unsafe temporary files creation.
 QlikView integer overflow
document Integer overflow on .qvw files parsing.
 HP ProCurve switches crossite request forgery
   
 Google Active Directory Sync Tool weak encryption
document It's possible to decypher stored credentials.
 Groovy Media Player buffer overflow
document Buffer overflow on .m3u files parsing.
  


03.04.2013
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, privilege escalations, weak permissions, DoS, protection bypass, crossite scripting.
  


02.04.2013
Detailed
6!Virtual Access Monitor SQL injection
document Few different SQL injections
6!poppler library multiple security vulnerabilities
document Multiple vulnerabilities on PDF parsing.
  


01.04.2013
Detailed
7!Asterisk multiple security vulnerabilities
document SIP information disclosure and buffer overflow, HTTP DoS.
 HP XP P9000 information leakage
   
 EMC Smarts security vulnerabilities
document Crossite scripting in different applications, Smarts Network Configuration Manager authentication bypass.
 bind / dhcp DoS
document Resources exhaustion on RDATA regular expression check.
 IBM Lotus Domino crossite scripting
updated since 02.09.2012
document Crossite scripting and response splutting.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod