Computer Security
[EN] securityvulns.ru
no-pyccku




31.05.2006
Detailed
6!Multiple eserv IMAP mail server and web server vulnerabilities
document IMAP server directory traversal, HTTP scripts source code disclosure.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 31.05.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ktools library buffer overflow
updated since 28.11.2005
document VGETSTRING macro buffer overflow.
  


30.05.2006
Detailed
6!PHP cURL safe mode protection bypass
document Multiple possibilities to execute code with no restrictiions with curl* functions.
 aMule P2P client directory traversal
document aMuleWeb directory traversal.
 D-Link DSA-3100 wireless access point crossite scripting
document Crossite scriptign with username on authentication page.
 Open Exchange default account
document mailadmin/secret LDAP account is created during installation with /bin/bash login shell.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 TZipBuilder / Abakt / CAM UnZip / ZipCentral buffer overflow
updated since 09.05.2006
document Buffer overflow on ZIP archives parsing.
 MDaemon buffer overflow
document Buffer overflow on oversized quoted string in IMAP commands. Vulnerability exploitation is probably impossible.
  


27.05.2006
Detailed
9!Multiple Microsoft Internet Explorer security vulnerabilities
updated since 22.03.2006
document Jump to ininitialized function pointer by referencing unspupported object's method (createTextRange() for checkbox). Potentially can be used for code execution and hidden malware installation. Memory corruption on uninitialized event handlers. HTA code execution. HTML parsing memory corrution. COM objects memory corruption. Crossite scripting.
 GNU binutils libbfd buffer overflow
document Buffer overflow on TekHex (Tektronix Hex Format) parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.05.2006
Detailed
6!Microsoft Internet Explorer memory corruption
document resizeBy() method negative values memory corruption.
6!libtiff buffer overflow
document Stack-based buffer overflow in tiffsplit.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.04.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


25.05.2006
Detailed
6!Multiple tor distributed anonymizing service security vulnerabilities
document Log entries spoofing, integer overflows, DoS.
6!Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing
document It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object.
6!HP-UX Software Distributor unauthorized access
updated since 20.12.2005
   
6!HP OpenView Network Node Manager unauthorized access
updated since 05.10.2005
   
 Apple Xcode unauthorized access
document Access restrictions do not work.
 HP OpenView Storage Data Protector unauthorized access
   
 HP-UX xterm unauthorized access
   
 kphone SIP VoIP software solution weak permissions
document .qt/kphonerc file is world-readable and contains sensitive information, including SIP accounts.
 PunkBuster game servers anti-cheat system buffer overflow
document Buffer overflow in built-in web server on oversized webkey parameter.
 netPanzer game server DoS
document Assert termination on malformed packet.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 NetPanzer game DoS
updated since 14.07.2005
document Server enters to endless loop on the packet with zero data.
 Kaspersky Antivirus content filtering protection bypass
document Small reassembly timeout during stateful filtering allows filtering bypass by breaking stream with pauses.
  


23.05.2006
Detailed
7!EMC Retrospect backup client buffer overflow
document Buffer overflow on parsing TCP/497 packet.
7!Novell eDirectory Novell Directory Service buffer overflow
document iMonitor NDS Server buffer overflow (HTTP TCP/8028, HTTPS TCP/8038) on oversized URI in NDS path.
 HP-UX DoS
   
 Java applets stack overflow
document Recursive array definition leads to stack overflow.
 Novell client unauthorized clipboard access
document Copy/Paste cliboard operations are available from console unlock screen.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mozilla / Firefox / Netscape exceptions information leak
document On exception raise message contains path to application installation and sometimes user's profile path.
  


22.05.2006
Detailed
7!Skype information leak
updated since 19.05.2006
document It's possible to construct URL in the file file will be transferred from Skype user's computer to another skype user without any confirmation.
6!Cyrus IMAPD POP3 server buffer overflow
document Buffer overflow on oversized username if popsubfolders options is enabled in imapd.conf.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 fbi image viewer symbolic links problem
document Symbolic links problem on directory creation.
  


20.05.2006
Detailed
 Windows limited service account privilege escalation
document By using security tokens located in process memory it's possible to escalate privileges from limited service account, such as Network Service or Microsoft SQL Service account.
 Sun ONE Web server crossite scripting
document Crossite scripting on URL with quote sign.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.05.2006
Detailed
6!Solaris FTP server directory traversal
   
 Sun N1 System Manager information leak
document Password disclosure.
 Sybase EAServer information leak
document It's possible to retrieve GUI cleartext password entered by user with javax.swing.JPasswordField of javax.swing.JPasswordField UI component.
 FreeType integer overflow
document read_lwfn() integer overflow on LWFN files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.05.2006
Detailed
6!libextractor buffer overflow
document Heap memory overflow on ASF streams and QuickTime parsing.
 Mobotix network cameras crossite scripting
document Multiple crossite scriptign possibilities.
 SAP sapdba for Informix database administration utility privilege escalation
document Improper environment cariables validation allows to run any command with informix rights.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.05.2006
Detailed
6!IPSwitch What's Up administration authentication bypass
document It's possible to bypass authentication by adding User-Application: NmConsole header.
6!Caucho Resin application server directory traversal
document There are few way to access content behind web root directory.
 Unauthorized Sun Directory Server console acces
   
 LiveData ICCP server DoS
document Buffer overflow on parsing ISO Transport Service packet.
 SAP Web Application Server crossite scripting
document Crossite scripting with error messages.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeSSHd / FreeFTPd / wodSSHServer / FortressSSH SSH servers buffer overflow
updated since 14.05.2006
document Buffer overflow on cryptographic keys exchange.
  


16.05.2006
Detailed
 Multiple SAP Business Coneector security vulnerability
document File access, frame spoofing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.05.2006
Detailed
6!JDK java applet disk space DoS
document It's possible to consume all available disk space with temporary file.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Novell client fro Windows buffer overflow
updated since 10.05.2006
document Buffer overflow in DPRPC library on XDR stream decoding.
  


14.05.2006
Detailed
7!Multiple Apple MacOS X security vulnerabilities
updated since 12.05.2006
document Security update for May fixes 25 different vulnerabilities.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.05.2006
Detailed
7!Apple QuickTime multiple security vulnerabilities
updated since 12.05.2006
document Buffer overflow on MOV files udta atom parsing. Buffer overflow on FPX files parsing. H.264 protocol parsing heap overflow.
 GNUNet secure networking library DoS
document Endless loop on zero sized UDP packet.
 Multiple outgun game security vulnerabilities
document Buffer overflows, DoS conditions.
 Empire game DoS
document Uninitialized memory access.
 Multiple Genecys game security vulnerabilities
document Buffer overflow, DoS conoditions.
 Multiple Raydium game engine security vulnerabilities
document Buffer overflows, format string vulnerabilities, DoS conditions in both server and client parts.
 Dovecot IMAP server directory traversal
document Directory traversal in LIST command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.05.2006
Detailed
7!Apple Quick Time Streaming Server buffer overflow
document Buffer overflow on RTSP protocol headers parsing.
 Ipswitch WhatsUp network monitoring tool multiple security vulnerabilities
document Information disclosure, crossite scripting.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Macromedia ColdFusion MX application server crossite scripting
updated since 28.04.2005
document Crossite scripting with error pages.
 Symantec Firewall information leak
document With request like "get/XX HTTP/1.0" it's possible to obtain IP address of internal Web server.
  


11.05.2006
Detailed
6!Verisign I-Nav Internationalized Domain Names (IDN) code execution
document VUpdater.Install allows to install software without integrity check.
6!Medal of Honor game buffer overflow
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco Application Velocity System TCP port relaying
document Default configuration allows any TCP port to be accessed with transparent HTTP proxy request.
 Zango Adware code execution
document The integrity of downloaded components is not checked.
 Microsoft Distributed Transaction Coordinator DoS
updated since 09.05.2006
document Two different buffer overflows causing service to crash.
  


10.05.2006
Detailed
10!Microsoft Exchange Calendar code execution
updated since 09.05.2006
document Server doesn't properly handles iCal and vCal properties of MIME message.
6!Adobe Macromedia Dreamweaver Server SQL injection
document Multiple vulnerabilities in generated code.
 3COM TippingPoint SMS Server weak permissions
document It's possible to access directories where sensitive information can be potentially stored through web interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.05.2006
Detailed
8!Multiple Adobe Macromedia Flash products vulnerabilities
updated since 17.03.2006
document Multiple vulnerabilities, including standard browser's plugins. Can be used for silent malware installation.
6!Sophos Anti-Virus memory corruption
document Heap memory corruption on CAB archives parsing.
6!Quake 3 engine buffer overflow
updated since 06.05.2006
document Buffer overflow on remapShader command processing.
6!Different FTP servers multiple security vulnerabilities
updated since 02.05.2006
document Multiple vulnerabilities were uncovered with FTP Fuzzer stress test suite. - ArgoSoft FTP Server (RNTO Unicode overflow) - Golden FTP Server (NLST overflow) - FileZilla FTP Server (MLSD) - FileZilla remote server interface (homemade protocol) - WarFTPD (various exceptions and WDM.exe overflow)
 SunSolaris libike IKE library DoS
   
 Avahi multiple security vulnerabilities
document Buffer overflow, DoS.
 Linux kernel SCTP DoS
document Few vulnerabilities on SCTP chunks parsing.
 Cisco Secure ACS for Windows information leak
document Administration password and encryption key are insecurely stored in HKEY_LOCAL_MACHINE registry key.
 Cisco PIX / FWSM WebSense content filtering bypass
document Filter doesn't catch signature in segmented packet.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ICQ client cross application scripting
document It's possible to inject script code into banner window to execute code in My Computer security zone.
  


07.05.2006
Detailed
6!D-Link DSL and wireless routers administration backdoor access
updated since 19.05.2005
document Backdoor feature in web interface allows unauthenticated administrative access.
 Intel wireless service s24evmon.exe information leak
document S24EventManagerSharedMemory shared memory sections is used to store critical information, such as WEP keys and passwords without access control.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.05.2006
Detailed
6!Kerio Winroute Firewall DoS
document Crash on scanning POP3 / SMTP messages.
 FileCopa FTP Server buffer overflow
document Buffer overflow on oversized USER command.
 acFtpd buffer overflow
document Buffer overflow on oversized USER command.
 Linux VServer privilege escalation
document Some crytical capabilities are not limited for guest account.
 Hostaupd IEEE 802.11 authentication daemon DoS
document DoS on invalid EAPoL frame.
 Cryptomathic TDC Digital signature ActiveX buffer overflow
document Buffer overflow in ActiveX element of Danish OCES certificate policy.
 rsync integer overflow
document receive_xattr() integer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 RaidenHTTPD Web server / Quick 'n Easy Web Server / Baby ASP / Blazix Web Server / AN HTTPD / Xeneo scripts source code disclosure
updated since 03.03.2006
document It's possible to retrieve script source code by adding " ./" to request.
  


05.05.2006
Detailed
7!Multiple libtiff security vulnerabilities
document Denial of service via a TIFF image that triggers errors in the TIFFFetchAnyArray function in tif_dirread.c; certain "codec cleanup methods" in tif_lzw.c, tif_pixarlog.c, and tif_zip.c; and improper restoration of setfield and getfield methods in cleanup functions within tif_jpeg.c, tif_pixarlog.c, tif_fax3.c, and tif_zip.c, TIFFToRGB out-of-memory reference, tif_jpeg.c double free(), TIFFFetchData integer overflow.
6!Ultr@VNC weak encryption
document Weak ecnryption algorithm (XOR) while transmitting on wire.
 CA Common Services CAIRIM on z/OS LMP SVC privilege escalation
   
 XM Easy Personal FTP Server buffer overflow
document Buffer overflow on oversized username.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.05.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Sami FTP Server buffer overflow
updated since 25.01.2006
document Buffer overflow on oversized FTP USER command.
  


04.05.2006
Detailed
6!Multiple Linux kernel security vulnerabilities
document sys_mbind() buffer overflow, SELinux module DoS, /sys filesystem DoS, amd64 debugging race conditions DoS, getsockopt() kernel memory content leak, ip_route_input() DoS.
 zawhttpd Web server DoS
document DoS on GET request with large number of slashes.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.05.2006
Detailed
7!X.Org X Server bufer overflow
document Buffer overflow in XRender extension.
7!Multiple MySQL security vulnerabilities
document Memory content leak during authentication, memory content leak and code execution with COM_TABLE_DUMP packets.
 BankTown Client Control buffer overflow
document Buffer overflow in ActiveX control.
 Quagga ripd multiple vulnerabilities
document RIPv1 downgrade attack is possible even if RIPv2 is only configured protocol. RIPv1 protocol is insecure by design.
 ejabberd installation script symbolic links problem
document Insecure /tmp files creations.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


02.05.2006
Detailed
6!Xine media player format string vulnerability
updated since 18.04.2006
document Format string bug on diagnostic message printing, including playlist files parsing.
 Kerio Mailserver attachments filtering bypass
   
 Unauthorized Cisco Unity Express access
document It's possible to change password without entering old one if account is expired.
 MacOS X memory corruption
document Memory corruption on EXR files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.05.2006
Detailed
 ClamAV Clam Anti Virus freshclam buffer overflow
document Buffer overflow on oversized HTTP header.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru