Computer Security
[EN] securityvulns.ru
no-pyccku




31.05.2008
Detailed
 VMWare buffer overflow
document Host Guest File System (HGFS) shared folders heap overflow.
  


30.05.2008
Detailed
9!Apple Mac OS X multiple security vulnerabilities
document AFP server directory traversal, Apache updates, AppKit memory corruption, Apple Pixlet Video multiple memory corruptions, Apple Type Services PDF printing fonts memory corruption, SSL information leak, multiple vulnerabilities in Graphics and Image engines on different filetypes and multimedia formats, Help Viewer buffer overflow, Unicode content filtering bypass, Image Capture directory traversal, DoS через IPv6, SMTP client buffer overflow, etc.
6!Opera buffer overflow
document Buffer overflow on TLS certificate parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke AutoHTML Module 2.0 - crossite scripting.
  


29.05.2008
Detailed
7!Cisco multiple applications code execution
updated since 29.05.2008
document CiscoWorks Common Services code execution.
6!imlib2 library buffer overflow
updated since 29.05.2008
document Buffer overflow on PNM and XPM files parsing in load() function.
6!Motorola RAZR cell phones buffer overflow
document Buffer overflow on JPEG images processing.
6!EMC AlphaStor multiple security vulnerabilities
document Library Manager (TCP/3500) code execution, Server Agent (TCP/41025) multiple buffer overflows.
6!Samba buffer overflow
document Buffer overflow in receive_smb_raw() SMB client code.
6!OpenSSL multiple security vulnerabilities
document NULL pointer dereference, memory corruption on TLS certificate exchange.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 CA Internet Security Suite ActiveX unauthorized files access
document SaveToFile method allows system files corruption.
 emacs code execution
document LISP macro execution is possible.
 Linux multiple security vulnerabilities
document Memory leak in IPv6 over IPv4 tunnels, mmap DoS on the SPARC architecture, DoS on amd64 architecture, DoS with hrtimer integer overflow on 64bit architectures.
  


27.05.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PHP Sleep() DoS
document Sleep() time is not limited with max_execution_time, making resources exhaustion possible.
  


25.05.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.05.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


24.05.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM Lotus Sametime buffer overflow
document TCP/1533 oversized URL buffer overflow.
 Barracuda Spam Firewall crossite scripting
updated since 24.09.2007
document Crossite scripting with Web Syslog, with web administration login page.
 F5 BIG-IP crossite scripting
updated since 12.02.2008
document Crossite scripting in web admin console.
  


22.05.2008
Detailed
7!Trillian instant messenger multiple security vulnerabilities
document Buffer overflows and memory corruptions in AIM/ICQ, MSN and XML-based protocols parsing.
6!Cisco IOS ssh DoS
document Multiple vulnerabilities leading to device crash.
6!Alcatel OmniPCX cpmmands execution
document /cgi-data/FastJSData.cgi web interface command execution.
6!Borland Interbase integer overflow
document Integer overflow on TCP/3050 traffic parsing leads to stack based buffer overflow.
6!HP-UX useradd privilege escalation
   
6!Peercast buffer overflow
updated since 18.12.2007
document Buffer overflow in HTTP Basic authentication and on SOURCE header parsing.
6!BT Home Hub router multiple security vulnerabilities
updated since 09.10.2007
document Authentication bypass, crossite scripting, privilege escalation.
 snort IDS protection bypass
document Packet's fragments with significant TTL difference are ignored.
 libfishsound library integer overflow
   
 Apple iCAL multiple security vulnerabilities
document Multiple vulnerabilities on .ics files parsing.
 Cisco Voice Portal privilege escalation
document User granted administrator privileges can modify accounts of superusers.
 SAP Web Application Server crossite scripting
document Crossite scripting with /sap/bc/gui/sap/its/webgui/
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.05.2008
Detailed
7!CA BrightStor ARCserve Backup multiple security vulnerabilities
document caloggerd directory traversal. Buffer overflow in multiple xdr functions.
6!GnuTLS library multiple security vulnerabilities
document Frevulnerabilities on TLS traffic parsing lead to DoS conditions and potential buffer overflow.
6!mtr (multiprotocol traceroute) buffer overflow
document Buffer overflow on DNS server response parsing.
6!Symantec Altiris Deployment Solution multiplse security vulnerabilities
updated since 16.05.2008
document SQL injection, information leak.
 Foxit Reader buffer overflow
document util.printf() JavaScript function buffer overflow.
 Microsoft Office code execution
document It's possible to embed javasript code into document.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting. Invision Power Board: XSS
  


17.05.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting.
  


16.05.2008
Detailed
 Aruba Mobility Controller multiple security vulnerabilities
document Unauthorized access with TACACS authentication, crossite scripting.
  


15.05.2008
Detailed
6!Linux distributives OpenSSH / OpenSSL weak random generator
updated since 14.05.2008
document Weak random generation in Debian-based distributives (Debian, Ubuntu).
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco Content Switching Module memory leak
document Memory leak on TCP flags processing causes DoS conditions.
 Cisco Unified Presence Denial of Service
document Presence Engine service DoS, SIP proxy DoS.
  


14.05.2008
Detailed
7!Microsoft Jet engine buffer overflow
document Buffer overflow on MDB files request handling.
7!Microsoft Word multiple security vulnerabilities
document Memory coruption on RTF parsing, memory corruption on CSS parsing.
6!Cisco Unified Communications Manager DoS
document DoS against Certificate Trust List (CTL) Provider (TCP/2444), Certificate Authority Proxy Function (CAPF) (TCP/3804), SIP and SNMP TRAP.
6!Microsoft antiviral applications multiple security vulnerabilities
document Multiple DoS conditions on different file formats parsing.
 libid3tag library endless loop
document Endless loop on MP3 files parsing.
 Adobe Distiller buffer overflow
document Buffer overflow on .joboptions file parsing.
 Cisco Building Broadband Service Manager Captive Portal crossite scripting
document Crossite scripting with http://host/ekgnkm/AccessCodeStart.asp?msg=%3Cscript%3Ealert(%22XSS%22);%3C/script%3E
 Common Data Format library buffer overflow
document Buffer overflow in Read32s_64() function.
 Microsoft Windows I2O driver privilege escalation
document \\.\I2OExc device weak permissions, IOCTL data insufficient validation.
 Microsoft Publisher memory corruption
document .PUB files memory corruption on embedded objects parsing.
  


13.05.2008
Detailed
7!libpng code execution
updated since 01.05.2008
   
 Linux kernel DoS
document fcntl code race conditions.
 HP-UX FTP server DoS
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.05.2008
Detailed
 OllyDBG DoS
document Invalid processing of processor bits leads to traced application crash.
  


11.05.2008
Detailed
6!Oracle Application Server unauthorized access
document It's possible to bypass authentication.
 InspIRCd buffer overflow
updated since 11.05.2008
document namesx and uhnames modules buffer overflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting
  


08.05.2008
Detailed
6!rdesktop multiple security vulnerabilities
document Multiple integer overflows and buffer overflows on RDP server response parsing.
 ZyXel ZyWALL crossite scripting
document Crossite scriptin with Referer: header.
 Adobe Acrobat multiple security vulnerabilities
document Protection bypass, memory corruption.
 Adobe Reader silent printing
document Script can send PDF document to printing without user's permission.x
 Novell Netware Client buffer overflow
document Buffer overflow in password reminder on oversized username.
 Multiple terminal clients X sessions hijack
document Terminal always opens :0 display if DISPLAY is not set.
 emacs symbolic links vulnerability
document vcdiff script insecure tamporary files creation.
 PHP multiple security vulnerabilities
document GENERATE_SEED() weak random generator,
 Wonderware SuiteLink DoS
document Service crash on invalid network packet.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting
  


06.05.2008
Detailed
6!Novell eDirectory multiple security vulnerabilities
document HTTP interface TCP/8028 TCP/8030 DoS, SOAP interface unauthroized access (TCP/8028 TCP/8030).
 CUPS PNG files DoS
document PNG image size is not checked.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 06.05.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 blender 3D modelling application byffer overflow
document Buffer overflow on Radiance High Dynamic Range (HDR) format parsing.
  


04.05.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 04.05.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.05.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Call of Duty game server DoS
updated since 03.05.2008
document stats packet invalid size crash.
  


02.05.2008
Detailed
6!Linux multiple security vulnerabilities
document Multiple DoS conditions and privilege escalation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.05.2008
Detailed
6!SNMPc buffer overflow
document Buffer overflow on oversized SNMP community string.
6!HP-UX WBEM multiple security vulnerabilities
document Code execution, privilege escalation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru