Computer Security
[EN] securityvulns.ru
no-pyccku




30.05.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


28.05.2010
Detailed
7!FreeBSD OPIE library off-by-one overflow
document Off-by-one overflow during authentication.
7!ClamAV antivirus multiple security vulnerabilities
document Memory corruptions on PDF and PE files parsing.
6!FreeBSD jail escape
document It's possible to access current working directory.
6!FreeBSD NFS client privilege escalation
document Buffer overflow and memory corruption on volume mounting.
 3Com Intelligent Management Center multiple security vulnerabilities
document Directory traversal, crossite scripting.
 Microsoft Internet Explorer information leak
document It's possible to access external UNC location via ICMFilter option, leaking authentication information.
 HP TestDirector for Quality Center unauthorized access
   
 Mozilla Firefox information leakage
document It's possible to retrieve information about visited URLs from the site.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 eLiteCore Cyberoam SSL VPN Client cleartext passwords
document SSL VPN client Username and password are stored in cleartext in the registry.
  


27.05.2010
Detailed
7!Sun Solaris multiple security vulnerabilities
document Crossite scripting in ftpd, DoS against file utilities, buffer overflow in LIBC functions.
6!MySQL multiple security vulnerabilities
document Buffer overflow and privilege escalation via COM_FIELD_LIST, DoS because of endless loop on network packet reading.
6!Cisco Network Building Mediator multiple security vulnerabilities
document Default accounts, privilege escalation, unauthorized access.
6!GNU glibc library security vulnerabilities
document Invalid mntent functions string processing, ELF format parsing memory corruption.
 Kingsoft WebShield privilege escalation
document Kernel memory overwrite on IOCTL processing.
 Webby Web server buffer overflow
document Buffer overflow on GET request parsing.
 ghostscript code execution
document Application is executed by relative path upon .ps file parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.05.2010
Detailed
7!HP-UX, IBM AIX, SGI IRIX rpc.pcnfsd format string vulnerability
document Format string vulnerability on syslog() call.
6!Linux kernel multiple security vulnerabilities
document Information leaks, privilege escalations, DoS.
6!Ziproxy integer overflow
document Integer overflows on JPEG and PNG images processing.
 Scientific Atlanta DPC2100 cable modems security vulnerabilities
document Crossite request forgery. Authentication bypass.
 CompleteFTP FTP Server buffer overflow
document Buffer overflow on PORT command processing.
 barnowl buffer overflow
document Buffer overflow on CC: handling.
 Apache Axis2 crossite scripting
document Crossite scripting via administration interface.
 PostgreSQL code execution
document It's possible to execute PL/perl or PL/Tcl code via stored procedure.
  


25.05.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.05.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.05.2010
Detailed
9!Adobe Shockwave multiple security vulnerabilities
updated since 12.05.2010
document Multiple buffer overflows, integer overflows, memory corruptions, code executions.
 Wireshark memory corruption
document Memory corruption on DOCSIS protocol parsing.
 X.Org X11R7 memory corruption
document Memory corruption on client application request processing.
 HP-UX NFS/ONCplus DoS
   
 Orbit Downloader directory traversal
document metalink files directory traversal.
 Linux Mint 9 symbolic links vulnerability
document mintUpdate utility symbolic links vulnerability.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 MIT Kerberos 5 GSS-API library DoS
document NULL pointer dereference in server side code.
 USR5463 wireless router crossite scripting
document Crossite scripting via configuration page.
  


20.05.2010
Detailed
 HP Performance Manager multiple security vulnerabilities
document Unauthorized access, crossite scripting, DoS.
 libpurple / Pidgin DoS
document Crash on MSN emoticon messages parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP System Management Homepage multiple security vulnerabilities
updated since 26.04.2010
document Crossite scripting, DoS, unauthorized access, code execution.
 MySQL table drop
document Under some conditions, files related to different table may be removed on dropping MyISAM table.
  


18.05.2010
Detailed
6!Ghostscript buffer overflow
updated since 12.05.2010
document Few buffer overflows.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 SpringSource tc Server authentication bypass
document Access with empty password is possible if encrypted passwords are used for JMX interface.
  


17.05.2010
Detailed
 aria2 directory traversal
document Directory traversal via metalink files.
 HP MFP Digital Sending Software unauthorized access
updated since 17.05.2010
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 libXext race conditions
document Race conditions on shared memory access.
  


14.05.2010
Detailed
6!Free Download Manager multiple security vulnerabilities
document Buffer overflows, directory traversals.
 KDE KGet files overwrite
document It's possible to overwrite files via metalink file.
  


13.05.2010
Detailed
 HP Systems Insight Manager crossite scripting
   
  HP Insight Control Server Migration crossite scripting
   
 VMware View crossite scripting
   
 BaoFeng Storm media player buffer overflow
document Buffer overflow on .m3u playlists parsing.
 Linux iSCSI DoS
document ietd daemon DoS via iSNS request.
 Cisco PGW Softswitch multiple security vulnerabilities
document Multiple DoS conditions.
 IrfanView buffer overflow
document Buffer overflow and integer overflow on PSD parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Performance Center Agent / HP Load Runner Agent code execution
document Code execution via TCP/54345 service.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 11.05.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.05.2010
Detailed
6!New local NT attack - TOCTOU (Time-Of-Check-to-Time-Of-Use race conditions)
updated since 03.01.2004
document If service hooks are used for argument filtering, race conditions are possible between argument check and actual sytem call.
 HP OpenView Network Node Manage multiple security vulnerabilities
document Vulnerabilities in multiple CGI applications.
  


11.05.2010
Detailed
8!Microsoft VBA buffer overflow
document Buffer overflow on ActiveX elements search on Microsoft Office files parsing.
7!PHP multiple security vulnerabilities
document Multiple information lekages, uninitialized memory access, double free(), integer overflows.
6!PCRE library buffer overflow
document Buffer overflow on regular expresssion compilation.
 MPlayer integer overflow
document Integer overflow on RDT streams playing.
 Microsoft Windows Mail / Outlook Express integer overflow
document Integer overflow on POP3 or IMAP server reply parsing.
 Linux kernel DoS
document DoS conditions in nfs_wait_on_request, and sg_build_indirect functions.
 fetchmail resources exhaustion
document Memory exhaustion on debugging information printing.
 dvipng / TeX Live memory corruption
document Memory corruption on DVI files processing.
 MySQL DoS
document Local user can execute UNINSTALL PLUGIN funtion
  


07.05.2010
Detailed
6!ESET Smart Security / Nod32 memory corruption
document Memory corruption on LZH archives scanning.
  


05.05.2010
Detailed
6!Alien Technology ALR-9900 RFID-reader backdoor
document There are undocumented remote access methods with undocumented default accounts.
6!Microsoft Wndows / Microsoft Exchange SMTP Service DoS
updated since 16.04.2010
document Crash on DNS server response parsing, information leak.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


04.05.2010
Detailed
6!GnuTLS library buffer overflow
document Buffer overflow in gnutls_x509_crt_get_serial() function on big-endian platforms.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 MDaemon directory traversal
document Directory traversal on mailing list configuration files allows to access files with LocalSystem privileges.
 Microsoft Internet Explorer, Google Chrome, Opera and Mozilla Firefox DoS
document Large buffer within <marquee> tag causes browser to crash.
 Kaspersky Antivirus privilege escalation
document Antivirus windows is vulnerable to shatter attack.
 Microsoft Visio multiple security vulnerabilities
updated since 16.04.2010
document Multiple memory corruptions.
  


03.05.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru