Computer Security
[EN] securityvulns.ru
no-pyccku

  


31.05.2007
Detailed
6!Avira Antivir integer overflow
updated since 28.05.2007
document Integer overflow during .LZH archive parsing leads to buffer overflow. Devision by zero on UPX decoding. Infinite loop on TAR parsing.
 Firefox information leak
document It's possible to check file existance with resource:// URL.
  


30.05.2007
Detailed
 Mozilla multiple addons upgrade weakness
document Upgrade mechanism of multiple addons allows upgrade via unsecure HTTP connection without using of SSL/TLS certificates, makeing active man-in-the-middle attacks possible.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.05.2007
Detailed
6!Mac OS X vpnd format string security vulnerability
document Formats string vulnerability on -i command line argument parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


28.05.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 OpenOffice Writer DoS
document Crash on .otp files parocessing.
  


27.05.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.05.2007
Detailed
6!Sun Web Proxy multiple buffer overflows
document Multiple buffer overflows in SOCKS server.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Dart Communications PowerTCP ActiveX buffer overflow
updated since 25.05.2007
document Buffer overflows in QuickZip, Install and Uninstall methods.
 Avast antivirus code execution
updated since 25.05.2007
document Code execution on CAB files parsing. Integer overflow on .SIS parsing.
  


25.05.2007
Detailed
6!Array overflow in Linux kernel
document DecNET dn_fib_props() and TCP/IP fib_props() functions array index overflow.
6!Apple Mac OS X pppd privilege escalation
document It's possible to attach user-supplied module to privileged process with 'plugin' command.
6!Opera BitTorrent buffer overflow
document Buffer overflow on BitTorrent headers parsing.
6!Cisco multiple devices DoS
document Denial of service on ASN.1 parsing due to vulnerability in cryptographics library.
6!Cisco routers SSL DoS
document Multiple vulnerabilities on SSL packets parsing.
 KSign KSignSWAT ActiveX buffer overflow
document Multiple buffer overflows in different methods.
 MySQl database server DoS
document Division by zero and NULL-pointer dereference on malcrafted IF condition.
 MicroWorld eScan multiple content filtering products buffer overflow
document Buffer overflow in TCP/2222 agent management interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.05.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft IIS unauthorized files access
document It's possible to bypass authentication with null.htw template.
 freetype integer overflow
document Integer overflow on TTF fonts parsing leads to heap bufffer overflow.
 Credant Mobile Guardian Shield information leak
document Sensitive information is stored in memory in crear-text form and may be stored in paging file.
  


23.05.2007
Detailed
 NOD32 antivirus buffer overflow
document Buffer overflow on file checking with oversized path.
 Magic ISO buffer overflow
document Buffer overflow on .cue files parsing.
  


22.05.2007
Detailed
6!Microsoft .Net special DOS device access problem
document Request like /AUX/.aspx causes special DOS device access and may lead to DoS conditions with resource exhaustion.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.05.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.05.2007
Detailed
8!realpath() BSD and wu-ftpd / BSD FTP / SSH buffer overflow
updated since 01.08.2003
document off-by-one overflow in fb_realpath() function in oversized path of few FTP commands.
6!PHP SOAP extension buffer overflow
updated since 19.05.2007
document Buffer overflow in make_http_soap_request function.
6!HP Systems Insight Manager for Windows unauthorized access
updated since 18.05.2007
document Invalid session cookie processing allows administrative session hijacknig.
6!Trillian instant messenger multiple security vulnerabilities
updated since 02.05.2007
document Multiple security vulnerabilities on IRC handling lead to information leaks and buffer overflow. Buffer overflows on Rendezvous and XMPP protocols parsing.
 TinyIdentD buffer overflow
document ident (TCP/113) oversized request string buffer overflow.
 Rational Soft Hidden Administrator authentication bypass
   
 ratvox IRC server DoS
document Resource exhaustion by too many open connections.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 VMWare multiple security vulnerabilities
updated since 08.05.2007
document Multiple denial of service conditions against guest and host system.
  


18.05.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.05.2007
Detailed
6!Symantec Norton Personal Firewall / Internet Security ActiveX buffer overflow
document ISAlertDataCOM Set() and Get() methods buffer overflows.
6!libpng library DoS
updated since 17.05.2007
document Crash on invalid grauscale images tRNS chunk checksum.
6!CA BrightStor ARCserve backup system multiple buffer overflows
updated since 25.04.2007
document Multiple buffer overflows in RPC-based Media Server service.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 17.05.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.05.2007
Detailed
7!Samba file server multiple security vulnerabilities
updated since 15.05.2007
document Multiple heap based buffer overflows, invalid SID to uid translation privilege escalation, shell characters problem.
 Multiple personal firewalls uncommon process identifier protection bypass
document Two lower bits of process identifier are not ignored in hooked OpenProcess functions, making it possible to access protected application by using process id no divisible by 4.
 Multiple applications Unicode Full Width / Half Width characters protection bypass
document Client application may support translation of Halfwidth/Fullwidth Unicode characters (unicode FF00 - FFEE), while content filter doesn't.
 Microsoft Windows Vista application spoofing through links
document It's possible to bypass privileged application execution by spoofing start menu shortcuts.
  


15.05.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.05.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mac OS X Safari information leak
updated since 07.05.2007
document Saved password can be accessed from the web page via system components.
 notepad++ buffer overflow
document Buffer overflow on Ruby (.rb) files editing.
  


14.05.2007
Detailed
 Stalker CommuniGate Pro crossite scripting
document Crossite scripting via e-mail within Internet Explorer.
 yEnc32 buffer overflow
document Heap buffer overflow on NTX archive parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Deutsche Telekom Speedport w700v protection bypass
document Bruteforce protection is implemented as client-side script.
  


12.05.2007
Detailed
6!Apple Darwin Streaming Proxy multiple buffer overflows
document Multiple buffer overflows on parsing different commands.
6!Novell NetMail buffer overflow
document Stack based overflow in NMDMC.EXE on SSL access.
6!PHP libxmlrpc buffer overflow
   
6!McAfee multiple antiviral products Security Center ActiveX buffer overflow
document Buffer overflow in IsOldAppInstalled() function.
6!ISC BIND named DoS
document DoS on SOA records processing if recursion is enabled.
6!CA eTrust antivirus multiple security vulnerabilities
updated since 11.05.2007
document Local buffer overflow in task scheduler, remote buffer overflow in antiviral server (TCP/12168).
6!Apple QuickTime / iTunes multiple vulnerabilities
updated since 12.01.2006
document Heap overflow on GIF images parsing, stack overflow on QTIF parsing, heap overflow on video samples parsing.
 TFTPdWin TFTP server directory traversal
   
 Sun Solaris srsexec unauthorized files accesss
document By using combination of -d and -v command line options it's possible to read first line of any file.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.05.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Symantec Norton Internet Security Code Execution
document Invalid processing of exceptional conditions allows to access ActiveX not makrked as safe for scripting.
 vim sandbox protection bypass
document Potentially dangerous functions are allowed in modeline processing.
 Multiple ActiveX security vulnerabilities
document DoS conditions.
  


11.05.2007
Detailed
 Nokia Intellisync Mobile Suite multiple security vulnerabilities
document Outdated vulnerable version of Apache Tomcat embedded software is used, information leak, DoS, crossite scripting.
 Microsoft Windows 2003 Terminal Server TLS downgrade attack
document Connection is established without encryption after unsuccessful authentication even if server setting require one.
 PoPToP pptpd DoS
document Invalid PPTP packet causes connection tear-down.
 NCTsoft multiple applications ActiveX buffer overflow
updated since 24.01.2007
document Buffer overflow in NCTAudioFile2.AudioFile SetFormatLikeSample() method.
  


10.05.2007
Detailed
9!Microsoft Internet Explorer multiple security vulnerabilities
updated since 08.05.2007
document Multiple memory corruption on COM objects and HTML parsing, files rewrite.
8!Microsoft Exchange multiple security vulnerabilities
updated since 08.05.2007
document OWA crossite scripting, IMAP DoS, iCal parsing DoS, Base64 decoding memory corruption, IMAP DoS.
6!Microsoft Word multiple security vulnerabilities
updated since 08.05.2007
document Array overflows, memory corruptions on streams parsing and RTF parsing.
6!Microsoft Excel multiple security vulneraiblities
updated since 08.05.2007
document Multiple memory corruptions on different record types handling.
  


09.05.2007
Detailed
6!Trend Micro ServerProtect multiple security vulnerabilities
document SpntSvc.exe (TCP/5168) buffer overflow. Buffer overflow in EarthAgent.exe (TCP/3628).
 GNU Gnash Flash Player array overflow
document Array overflow on large number of SHOWFRAME elements within DEFINESPRITE.
 Linux netlink DoS
document Invalid processing of NETLINK_FIB_LOOKUP responses.
 AXIS Camera Control ActiveX buffer overflow
document Buffer overflow in SaveBMP() method.
 Asterisk information leak
document Empty IAX2 packet causes memory content leak and potential DoS condition because of missed terminating NULL byte.
 HP Tru64 UNIX dop privilege escalation
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Sun Solaris facl() DoS
document Integer overflow on ACE_SETACL processing.
 HP OpenView Storage Data Protector unauthorized code execution
   
  


08.05.2007
Detailed
8!Microsoft Windows DNS Server 0-day buffer overflow
updated since 13.04.2007
document Buffer overflow in RPC-based interface is used for remote system compromisation.
6!CAPICOM.Certificates ActiveX code execution
   
6!Microsoft Offcie multiple security vulnerabilities
document Memory corruption on drawing objects parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.05.2007
Detailed
 Taltech Tal Bar Code ActiveX memory corruption
document SaveBarCode function memoru corruption.
 Microsoft Sharepoint crossite scripting
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple Zoo archivers DoS
document Endless loop on archive content parsing.
  


04.05.2007
Detailed
6!Cisco PIX / Adaptive Security Appliance firewalls multipls security vulnerabilities
document LDAP authentication bypass. VPN connection and LDAP multiple denial of service.
6!Apple QTJava toQTPointer() code execution
document Unsafe implementation of Java method allows to overwrite memory regions.
 HP ProCurve 9300 switches DoS
   
 xscreensaver console access protection bypass
document Application crashes on network link failure, if remote authentication is used. It makes it possible to access protected X session.
 HP Tru64 ps information leak
   
 LiveData Protocol Server buffer overflow
document Heap buffer overflow on oversized WSDL file HTTP request (TCP/8080).
 Atmoix MP3 buffer overflow
document Buffer overflow on oversized filename.
 Tivoli Provisioning Manager for OS Deployment multiple security vulnerabilities
updated since 03.04.2007
document Multiple vulnerabilities on parsing HTTP POST requests.
 GIMP buffer overflow
document Buffer overflow in SUNRAS plugin on RAS files parsing.
  


03.05.2007
Detailed
 MailCopa buffer overflow
document Buffer overflow on oversized subject in mailto: URL handler.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


02.05.2007
Detailed
6!WinAMP memory corruption
document Buffer overflow on parsing .MP4 file.
6!VMWare host system files access directory traversal
updated since 02.05.2007
document Because of directory traversal in "Shared folders" option, it's possible to access file of host system from guest system.
 Office Viewer OCX multiple security vulnerabilities
document Multiple buffer overflows in different methods.
 Aventail Connect SSL VPN Client Buffer Overflow
document Buffer overflow in gethostbyname() family functions hoocked thorugh LSP on oversized hotname in any application.
 HP Power Manager Remote Agent privilege escalation
   
 Yate VoIP server DoS
document NULL pointer dereference on absent "purpose" parameter of SIP "Call-Info" header.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ZoneAlarm personal firewall multiple security vulnerabilities
updated since 17.04.2007
document Insufficient arguments validation for hooked functions allows privilege escalation.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
kredittkort



Rating@Mail.ru