Computer Security
[EN] no-pyccku

 jftpgw format string buffer overflow
document syslog() format string bug.
 gatos privilege escalation
document Under certain conditions xatitv runs configuration script with root privileges.

 Multiple bugs in Sun-One on Windows
updated since 28.05.2003
document JSP source code disclosure, crossite scripting, weak encryption.

 Mollensoft Lightweight FTP Server buffer overflow
updated since 24.05.2004
document CWD command buffer overflow.
 CGI bugs
updated since 24.05.2004

6!HP OpenView Select Access protection bypass
document Invalid URL esc-symbols decoding allows user to access protected directory.
 Web Driver buffer overflow
document Buffer overflows in WebDriver and WTHoster.
 MiniShare DoS
document Incomplete HTTP request causs service to crash.
 cpr privilege escalation
document It's possible to load user library.
 3COM OfficeConnect Remote 812 buffer overflow
document Buffer overflow on oversized telnet esc-sequence.

 FreeBSD msync problems
document User with file read permission can prevent file from beeing updated.
 Isoqlog buffer overflow (fake)
document Local buffer overflow during configuration parsing in non-suid application. Not exploitable.

7!MacOS X browsers files overwriting and scripts execution (multiple bugs)
updated since 17.05.2004
document By using vulnerability in telnet: protocol handling it's possible to add -f option to telnet command line. help: protocol handler allows scripts execution via help: command.

6!Linux kernel multiple bugs
document cpufreq privilege escalation, multiple SCSI drivers weak permissions.
 NetGear protection bypass
document By using oversized URL it's possible to vypass content filtering.

 BNBT memory corruption
document Memory corruption on incomplete base64 string.
 Multiple MetaMail bugs
document Multiple format string bugs and buffer overflow.
 Multiple SquirrelMail bugs
updated since 22.05.2004
document Scrossite scripting, SQL injection.
 CGI bugs
updated since 17.05.2004

7!TCP RST packets spoofing
updated since 21.04.2004
document By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is not checked at all, it makes it possible to terminate session with single packet.
 OpenBSD kernel information leak
document It's possible to read chunks from kernel memory via procfs.

 Linksys information leak
document Replies to BOOTP packets contain data from kernel space.

7!CVS heap overflow
document Heap overflow during modification flag analisys.
6!OmniHTTPd integer overflow
document Integer overflow in Range: header
6!Outlook Express HTML file writing
updated since 11.05.2004
document During reply to a message with HTML file attached this file is saved to known location.
 ZoneMinder buffer overflow
 Multiple libuser bugs
document Multiple bugs causing linked application to crash.
 neon format string bugs and heap overflow
updated since 14.04.2004
document Format string bugs in few functions.
 Irix rpc.mount multiple bugs
updated since 22.11.2003
document Iinformation leak, DoS, access from unprivileged client port.

 NetChat buffer overflow
document Buffer overflow on oversized GET request to embedded HTTP server.
 KDE URI handling problem
document During external URI handler invocation ability to insert handler arguments via '-' is not checked.

 lha multiple bugs
updated since 30.04.2004
document Directory traversal, buffer overflows.
 Sun Management Console information leak
document Because of directory traversal bug it's possible to check any system file existance.

8!Symantec firewalls multiple problems
updated since 13.05.2004
document Heap and stack overflows on NetBIOS name service packets parsing, endless loop on DNS packets parsing, stack overflow on oversized canonical DNS name.
7!dtlogin buffer overflow
updated since 24.03.2004
document Buffer overflow during XDMCP parsing.
 HP-UX GTK+ weak permissions
document World-writable directory.
 Bea weblogic shwutdown limitations bypass
document User with admin or operator pribvileges can shutdown server even if this operation is restricted.

7!NetBSD systrace privilege escalation
updated since 11.05.2004
document By using invalid handling of error condition it's possible to obtain superuser privileges.
 Sweex/Unex routers unauthorized access
document Router configuration, including cleratext password, can be accesses via TFTP.
 IEEE 802.11 collision avoidance procedure weakness
document By using Clear Channel Assessment procedure weakness attacker equipped with standard client card can prevent data transmission over network.
 Outpost e-mail DoS
document High level of MIME recursion causes system to crash.

6!Windows Help Center Dvdupgrade code execution
document It's possible to execute any code via local zone scripting.
 Outpost memory leak
document Small packet floods causes memory leak.
 MDaemon buffer overflow
document Authenticated IMAP user can overflow buffer with STATUS command.
 Linux sctp_setsockopt() integer overflow
document Integer overflow causes zero memory allocation.
 DoS против MDaemon (imap buffer overflow)
updated since 26.03.2001

7!McAfee ePolicy Orchestrator unauthorized access
document Invalid HTTP POST request allows to upload files on server.
6!SMC routers unauthorized access
document Administration web interface TCP/1900 is available from WAN without authentication.
6!IceCast buffer overflow
document Authorization: HTTP header buffer overflow.
 MailEnable Buffer overflow
document Heap overflow in MEHTTPS on oversized GET reqauest and in SMTP component.
 Pound format string bug
document Format string bug during request processing.
 MyWeb buffer overflow
document Buffer overflow on oversized GET request.
 eMule DoS
document Combination of different HTTP requests causes application to crash.
 CGI bugs

6!Trend Micro Office Scan weak permissions
document Full access is given to Everyone group for installation directory and registry key.
6!Linux kernel in/out ports access
document Mask for input/output permissions is not cleared for child process. It may lead to unauthorized access to i/o ports.

7!Exim buffer overflows
document 2 buffer overflows if sender_verify is on or verify = header_syntax.
6!Delegate buffer overflow
document Stack overflow on SSL session negotiation.
 Eudora buffer overflow
document Buffer overflow on clicking oversized URL.
 SuSE Live CD unauthorized access
document Unauthorized root access via SSH is possible.

7!Heimdal Kerberos buffer overflow
document k5admind Kerberos v4 code heap overflow
 FreeBSD vm_map DoS
document A user can cause the kernel to allocate an unbounded amount of wired memory/
 CGI bugs
updated since 03.05.2004

 kolab cleartext password
document OpenLDAP passwowrd is stored in world-readable file as cleratext.
 Ultraseek special DOS device access
document Document path can contain special device name.

6!Apple File Sharing bugger overflow
document Preauthentication buffer overflow.
 Network Administrator protection bypass
document It's possible to access protected directory by using environment variables.
 Aldos Webserver multiple bugs
document Information disclosure, directory traversal.
 Titan FTP Server DoS
document User disconnection before LIST command completition causes server to crash.

 Multiple Crystal Reports bugs
document Multiple bugs in Web interface.

6!Apple QuickTime buffer overflow
document Buffer overflow on parsing QuickTime format.
 MPlayer/xine buffer overflow
document Buffer overflow on parsing RTSP protocol.
 Dameware weak encryotion
document Session key is generated from static set.
 linux PAX DoS
document Bug during memory allocation handling.
 Citrix Metaframe client disk access
document Server administrator can access client drives.
 flim symlink problem
updated since 02.05.2004
document Unsafe temporary files creation.
 CGI bugs
updated since 27.04.2004

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod