Computer Security
[EN] securityvulns.ru
no-pyccku

  


29.05.2009
Detailed
8!Apple Mac OS X multiple security vulnerabilities
updated since 14.05.2009
document Few dozens of fixes for different system components and Safari.
6!OpenSC crypto vulnerability
document pkcs11-tool invalid keys generation allows message decryption.
6!libsndfile / WinAmp buffer overflow
updated since 21.05.2009
document Heap buffer overflow on .VOC files processing. Buffer overflow on AIFF parsing.
 StoneTrip S3DPlayers code execution
document system.openURL() function allows code execution.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: crossite scripting, SQL injection.
 Novell GroupWise WebAccess crossite scripting
updated since 01.02.2009
document Multiple crossite scripting and request forgery vulnerabilities.
  


27.05.2009
Detailed
 SonicWALL Global Security Client privilege escalation
document SYSTEM privileges are not dorpped on file open dialog.
 SonicWALL Global VPN Client weak file permissions
document Everyone:Full Control permission on application folder.
  


26.05.2009
Detailed
6!Nortel Contact Center Manager Server multiple security vulnerabilities
document Authentication bypass, information leak.
6!ntpd buffer overflow
document Buffer overflow if autokey option is enabled.
6!Pidgin memory corruption
updated since 26.06.2008
document Memory corruption on malcrafted filename in MSN protocol. Buffer overflow on Jabber file transfer. Buffer overflow in QQ protocol.
 ATEN IP KVM Switches multiple cryptographic vulnerabilities
document Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used.
 cscope buffer overflow
document Buffer overflow on oversized included file name.
 COWON America jetCast buffer overflow
document Buffer overflow on MP3 parsing.
  


25.05.2009
Detailed
7!Sun Solaris sadmind multiple security vulnerabilities
document Integer overflow, buffer overflow.
7!Novell GroupWise buffer overflow
document Novell GroupWise Internet Agent SMTP e-mail address buffer overflow.
6!lcms multiple security vulnerabilities
document Multiple buffer overflows and DoS conditions.
 FreeType integer overflows
document Multiple integer overflows.
 ChinaGames ActiveX buffer overflow
document Buffer overflow in CGAgent.dll CreateChinagames() method.
 Serena Dimensions CM cryptographic vulnerability
document Server certificate is not validated by client.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection, crossite scripting. PostNuke: SQL injection.
 Android UID protection bypass
document Improper package UID validation allows application to access another application's data.
  


22.05.2009
Detailed
 HP Remote Graphics Software unauthorized access
updated since 22.05.2009
document Unauthorized access with Easy Login option enabled.
  


21.05.2009
Detailed
6!OpenSSL multiple security vulnerabilities
document Memory corruptions, memory leaks.
6!IBM AIX symbolic links vulnerability
document Symbolic links vulnerability in libc dynamic memory debugging functionality.
 Valve Steam crossite scripting
document Crossite scripting with steam://publisher/ URL.
 NetMechanica NetDecision TFTP Server directory traversal
   
 Cisco Works TFTP server directory traversal
   
 name service daemon buffer overflow
   
 Armorlogic Profense Web Application Firewall multiple security vulnerabilities
document Protection bypass, static default password.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.05.2009
Detailed
6!gnutls multiple security vulnerabilities
document DoS, certificate validation vulnerabilities.
6!ipsec-tools DoS
updated since 14.05.2009
document NULL pointer dereference on fragmented empty packet, multiple memory leaks.
 HP Data Protector Express privilege escalation
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.05.2009
Detailed
8!Oracle multiple security vulnerabilities
updated since 16.04.2009
document Quarterly update fixes nearly 50 different security vulnerabilities
 eggdrop / windrop IRC client DoS
document Crash on empty privmsg message.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Yabook: SQL injection
  


15.05.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.05.2009
Detailed
7!Adobe reader multiple security vulnerabilities
document Vulnerabilities in different jkavascript methods.
  


13.05.2009
Detailed
6!Sun Identity Manager shell characters vulnerability
document Shell characteres vulnerability via password.
 Pinnacle Studio directory traversal
document Directory traversal during .hlz (Hollywood FX Compressed Archive) file extraction.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.05.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.05.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Acer notebooks weak passwords
document Administrator system account has empty password and password is not reset during initial system account setup.
  


07.05.2009
Detailed
6!Pango library integer overflow
document Integer overflow leading to heap buffer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Garmin GPS navigator ActiveX unauthorized access
document GARMINAXCONTROL.GarminAxControl_t.1 ActiveX allows device access without user's confirmation.
 libmodplug library multiple security vulnerabilities
document Buffer overflow on .PAT and .MED files parsing.
 HP OpenView Network Node Manager code execution
updated since 28.04.2009
document ovalarmsrv integer overflow
  


05.05.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 quagga DoS
document Assertion on receiving prefix with large number of 4-byte AS numbers.
  


04.05.2009
Detailed
7!Linux kernel multiple security vulnerabilities
document Multiple DoS conditions, peivilege escalations, information leaks and memory corruptions.
6!IBM Tivoli Storage Manager Remote Agent buffer overflow
document Few different buffer overflows.
6!libwmf use-after-free vulnerability
document Use of freed memory on WMF file proceeing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. OpenX: crossite scripting, information leak.
 Buffer overflow in grabit
document Buffer overflow on .NZB file parsing.
  


03.05.2009
Detailed
7!OpenBSD pf DoS
updated since 13.04.2009
document Null pointer dereferenceon malformed IPv4 packet with ICMPv6 data.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Browsers and search systems URL spoofing
updated since 27.04.2009
document By using %xx in host name it's possible to spoof URL origin.
 Addonics NAS Adapter multiple security vulnerabilities
updated since 21.04.2009
document Buffer overflow with HTTP requests, FTP DoS.
  


01.05.2009
Detailed
6!Symantec Client Security buffer overflow
document Buffer overflow in TCP/38292 Alert Originator service.
6!Symantec WinFax ActiveX buffer overflow
document Buffer overflow in Symantec Fax Viewer Control ActiveX.
6!TIBCO SmartSockets buffer overflow
document Buffer overflow on UDP message parsing.
 Symantec System Center (Symantec Client Security, Symantec Antivirus) code execution
document Intel File Transfer service allows to execute any program with system privilegees without authentication via TCP/12174.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 LevelOne AMG-2000 multiple security vulnerabilities
document Device can be exploited as a proxy to access wired network from wireless. Information leak.
 Memcached / MemcacheDB information leak
document Unauthorized user can obtain information about process memory layout, making code execution protection techniques ineffective.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru