Computer Security
[EN] no-pyccku

 Nortel VPN routers DoS
updated since 30.05.2005
document IKE packets with malformed ISAKMP header lead to crash or reboot.

 Fast n Furious DtDNS Updater information leak
document Command line arguments are visible in process list.
 Stronghold 2 game DoS
document Allocated memory size is controlled by client.

 Compuware SoftIce debugger debug message driver DoS
document BSOD on invalid debug message pointer.

6!ClamAV antivirus MacOS X shell characters problem
document Shell characters are not filtered in filename than external 'ditto' command in executed with system().
 Bea Weblogic application server Server Console crossite scripting
updated since 25.05.2005
document Crossite scripting; no session cookie timeout is implemented.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 23.05.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

6!Unauthorized HP-UX remshd access
 Terminator 3: War of the Machines game multiple vulnerabilities
document Buffer overflow, DoS.
 Linux Kernel Cryptoloop encrypted filesystem weak encryption
document Weak IV (Initial Vector) generation algorithm allows data watermarking, making it possible to detect data in filesystem.
 C'Nedra virtual reality framework buffer overflow
document READ_TCP_STRING buffer overflow.
 Alwil Software Avast Antivirus device driver privilege escalation
document No bounds checking on signal arguments processing in device driver allows to overwrite any kernel memory area.

6!L-Soft LISTSERV mailing lists server multiple vulnerabilities
document Remote code execution, denial of service.
 davfs2 DAV filesystem unauthorized access
document After filesystem is mounted any local user ha unrestricted access.
 SCO OpenServer Unix utilities format string bugs
updated since 05.04.2005
document Format string vulnerabilities in different utilities including sgid lp /usr/lib/nucrt/bin/nwprint.

6!Multiple IPSwitch IMail vulnerabilitiles
document Multiple buffer overflows, directory traversals, DoS.
 Cisco equipment DNS DoS
document Failure in compressed DNS packets parsing.
 ibsh Iron Bars SHell Format String Vulnerability format string bug
document Format string bug allows restricted shell escaping.
 Unauthorized JavaMail mail server API mailbox access
updated since 20.05.2005
document It's possible to access different mailbox by mail number.

 ZyXel Prestige routers fragmented packets DoS
document Malformed fragmented TCP packet causes router to temporary hang.
 Sambar proxy server / web server multiple vulnerabilities
document Crossite scripting in multiple Web template files.
 Multiple Qualcomm qpopper POP3 server vulnerabilities
document Elevated privileges are not dropped during file access, directory traversal.
 Warrior Kings game multiple vulnerabilities
document Format string bug, NULL pointer dereference.
 Meteor FTP Server buffer overflow
updated since 10.08.2003
document Buffer overflow on oversized FTP command.

6!Computer Associates antivirus library buffer overflow
document Heap overflow on OLE streams VBA projects analysis (Microsoft Office documents).
 gxine audio video player format string bug
document Format string bug in hostname.

 gedit text editor format string vulnerability
document Format string bug in filename.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 16.05.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

 Multiple gdb GNU debugger vulnerabilities
document Multiple vulnerabilities, including integer overflows.
 IBM AIX Bellmail mail agent race conditions
document Race conditions during temporary file creations.
 Microsoft Word buffer overflow
document Buffer overflow on .mcw (Word for Macintosh) files parsing.

6!libtiff TIFF graphics library buffer overflow
document Buffer overflow on invalid bits per sample value.
6!Multiple Novell ZENworks remote management application vulnerabilities
document Multiple heap based, stack and integer overflows.
 ExtremeWare network switches privilege escalation

 F5 iControl Service Manager system management solution multiple vulnerabilities
document Privilege escalation, DoS.
 ignitionServer IRCX (Extended Internet Relay Chat) server multiple vulnerabilities
document It's possible to delete access control entries. Operator can not access channel locked by user.

8!Multiple Apple MacOS X vulnerabilities
updated since 04.05.2005
document NeST buffer overflow. Выполнение javascript in local context with Help Viewer, insufficient input balidation in URL Protocol Messaging, insufficient input validation in x-man-path:, insufficient input validation in terminal emulators. Multiple bluetooth vulnerabilities. vpnd buffer overflow.
6!Linux kernel pktcdvd privilege escalation
document Rawdevice ioctl handler parameters are not checked.
6!FreeRADIUS RADIUS server multiple vulnerabilities
document Buffer overflow, SQL injection if SQL is used for authentication or accounting.
 Fastream NETFile Web / FTP server ftp bounce attack
document It's possible to use FTP to bounce data to third party.
 War Times game DoS
 MySQL symbolic links problem
updated since 19.08.2004
document mysqlhotcopy, mysqlaccess unsafe temporary files creation.

 Avaya CMS (Call Management System) / IR (Interactive Response) multiple vulnerabilities

6!gaim intant messenger buffer overflow
document Buffer oveflow during e-mail address displaying.
 cdrdao privilege escalation
document root privileges are not dropped before writing configuration file.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 10.05.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

 Sun Solaris automountd DoS
document It's possible to stop automountd by accessing /xfn/_x500.
 Acrowave AAP-3100AR wireless router unauthorized access
document It's possible to acces device without password.
 Apple Quartz Composer / QuickTime 7 information leak
document It's possible to determine system facilities.
 Bugzilla bug tracking system information leak
document It's possible to determine if closed product exist, password can be leaked as a part of URL.
 Kerio MailServer DoS
updated since 18.04.2005
document WebMail vulnerability leads to 100% CPU exhaustion. Crash on multiple attached .eml files, DoS with IMAP and Outlook Connectors.
 Multiple BakBone NetVault backup solution vulnerabilities
updated since 02.04.2005
document Multiple buffer overflows.
 OllyDbg debugger format string bug
updated since 19.07.2004
document Format string bug on application debugging.

6!Linux kernel coredump pribilege escalation
document Bug in ELF format parsing leads to code execition.
 Cisco Firewall Services Module filtering protection bypass
document It's possible to bypass ACL.
 Neteyes Nexusway Multiservice Border Gateway multiple vulnerabilities
document Shell characters filtering problem.
 HT Editor hex editor multiple vulnerabilities
document Integer overflow, buffer overflow.

 Multiple online games vulnerabilities
updated since 25.02.2004

8!Multiple Mozilla / Firefox / Netscape vulnerabilities
document Few combined vulnerabilities allow to download and execute file on client machine.
6!IPSec information leak
document If ESP is used without integrity control it's possible to obtain plaintext data in ICMP error meesage by modifying source packet.
 Digital Video Surveillance System weak authentication
document Authentication mechanism is vulnerable to man-in-the-midle attack (replay attack and cleartext recovery).
 Zoidcom network library DoS
document Insufficient check of the network data.

6!4d WebSTAR Web Server buffer overflow
document Buffer overflow in Web Server Tomcat plugin.
 LibTomCrypt cryptography weakness
updated since 04.05.2005
document ECC (Elliptic Curve Cryptography) signature scheme weakness.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 03.05.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

6!Qmail mail server 64-bit platforms integer overflow
6!Oops! proxy format string vulnerability
document Format string bug during database logging.
6!Multiple Merak Mail Server vulnerabilities
document Unauthorized access, crossite scripting, etc.
6!Adobe SVG Viewer multiple bugs
updated since 07.10.2003
document ActiveX control contains few metods used to access local and remote files, scripting in local zone, crossite scripting.
 ufdbGuard URL filter buffer overflow
document Buffer overflow on URL longer than 512 bytes.
 Multiple FreeBSD vulnerabilities
document /dev/iir weak permissions, kernel memory disclosure.
 SimpleCam webcam server directory traversal
 GoldenFTP FTP Server directory traversal

 MaraDNS DNS poisoning records spoofing
document Weak PRNG generation algorithm allows to spoof server's reply.
 NetWin DMail mail server multiple vulnerabilities
document Unauthenticated maling lists access, SMTP format string vulnerability.
 PostgreSQL database multiple vulnerabilities
document DoS, buffer overflow in charset conversion functions.

 GnuTLS TLS cryptography library DoS
document TLS packet parsing vulnerability.
 Linux kernel it87 and via686a drivers DoS
document Insecure permissions lead to ability of resource exhaustion.
 602LAN SUITE mail server webmail directory traversal.
document Directory traversal in webmail interface.
 HP OpenView Event Correlation Services DoS
 Multiple ESRI ArcGIS GIS software vulnerabilities
document Buffer overflows in different suid utilities.
 ASP.NET __VIEWSTATE function replay attack
document Data is stored signed on client side, but host name and timestamp are not part of signed data.
 MacOS X terminals information leak
document Unprivileged user is unable to obtain exclusive tty access.
 Mtp-target online game format string bug
document Format string bug suring message displying.
 Video Cam Server multiple vulnerabilities
document Directory traversal, information disclosure, DoS.
 Multiple ceterm terminal emulator multiple vulnerabilities
document Elevated privileges are not correctly dropped.
 RaidenHTTPD Web Server directory traversal
updated since 08.02.2005
document Invalid request URI allow to retrieve any file from system partition.

 BIG-IP 3-DNS Controller protection bypass
 GOCR optical character recognitin program integer overflow
document Integer overflow on PGM format parsing.
 Mac OS X Cocktail information leak
document Password is used on command line.
 Multiple Kerio WinRoute Firewall, Kerio Personal Firewall and Kerio MailServer administration protocol vulnerabilities
updated since 30.04.2005
document Password bruteforcing, DoS.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 25.04.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod