Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.05.2011
Detailed
7!ISC bind named DNS server DoS
document Large RRSIG in negative response leads to assert().
6!Google Chrome multiple security vulnerabilities
document Memory corruptions, privilege escalation race conditions, DoS.
 Unbound DNS server DoS
document DoS against DNSSEC signed zone.
 Linux DBus-GLib / NetworkManager / ModemManager privilege escalation
document Access flags for exported object are not checked.
  


26.05.2011
Detailed
7!Cisco IOS XR multiple security vulnerabilities
document DoS on IP packets parsing (including routed ones), DoS against SSH, DoS against SPA.
7!IBM Lotus Notes multiple security vulnerabilities
document Memory corruptions on BIFF, Applix, Microsoft Office, RTF and LZH files formats parsing.
7!Linux kernel security vulnerabilities
updated since 08.05.2011
document DoS via InfiniBand, DoS via InfinyBand disks, multiple DoS conditions, memory corruptions and information leaks, buffer overflow in IrDA, DoS via VLANs, CIFS authentication bypass, DoS via GRE.
6!Dovecot DoS
document Crash on NUL character in headers.
6!Cisco Content Delivery System DoS
document Internet Streamer URL processing crash.
6!Cisco RVS4000 / Cisco WRVS4400N routers multiple security vulnerabilities
document Code execution, information leakage via Web interface.
6!rdesktop directory traversal
document Directory traversal in disk redirection feature.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Rosewill RXS-3211 IP camera information leakage
document It's possible to retrieve administration password via UDP/13364 request.
 KVM security vulnerabilities
updated since 02.05.2011
document DoS on guest system I/O processing.
  


25.05.2011
Detailed
6!Cisco routers Router Advertisement Guarding protection bypass
document It's possible to bypass protection with fragmented ICMPv6 packet.
6!ruby multiple security vulnerabilities
document Crossite scripting, privilege escalation, Exception#to_s method data modification, VpMemAlloc memory corruption.
6!7T Interactive Graphical SCADA System memory corruption
document Memory corruption on TCP/20222 data parsing.
 python security vulnerabilities
document Source code leakage in CGIHTTPServer, local files acces in urllib.
 Gadu-Gadu crossite scripting
document Crossite scripting via filename.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux kernel EFI/XFS DoS
updated since 14.04.2011
document Buffer overflow on partiotion GUID parsing.
  HP Insight Diagnostics Online Edition crossite scripting
updated since 20.12.2010
   
  


21.05.2011
Detailed
 Cisco Unified Operations Manager multiple security vulnerabilities
document Crossite scripting, SQL injection.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 apr / Apache mod_autoindex DoS
updated since 16.05.2011
document CPU resources exhaustion on request to indexed files with long names.
  


20.05.2011
Detailed
 perl multiple security vulnerabilities
updated since 05.05.2011
document Data injection and protection bypass in lc, lcfirst, uc, ucfirst functions and CGI module.
  


17.05.2011
Detailed
6!EMC NetWorker address spoofing
updated since 28.01.2011
document librpc.dll library accepts RPC commands in UDP packets with spoofed IPs.
 Vmware vSphere Management Assistant privilege escalation
document It's possible to elevate privileges via sudo because of invalid sudoers file.
 Apache Tomcat protection bypass
updated since 15.03.2011
document @ServletSecurity parameters are ignored.
 Ubuntu apturl DoS
document Crash on oversized URL.
  


16.05.2011
Detailed
8!Linux kernel ICMP DoS
document Crash on ICMP handling may be blindly remotely exploited from spoofed addresses.
 Novell eDirectoryr / Netware DoS
document Memory exhaustion on LDAP-SSL processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FastStone multiple security vulnerabilities
document Multiple vulnerabilities on ZIP files processing.
 Adobe Audition buffer overflow
document Buffer overflow on .ses files parsing.
  


13.05.2011
Detailed
 Nagios XI privilege escalation
document reset_config_perms.sh executable via suid root wrapper call external application by relative path.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Palm webOS security vulnerabilities
document Crossite scripting, file system access.
  


12.05.2011
Detailed
 HP Network Node Manager i weak permissions
document Weak permissions for log and data files.
 CA eHealth crossite scripting
document 
  


11.05.2011
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 01.05.2011
document Multiple memory corruptions, uninitialized pointer dereferences, information leakage, code execution.
7!HP Intelligent Management Center multiple security vulnerabilities
document Multiple vulnerabilities in different components lead to remote code execution.
7!Sybase M-Business Anywhere multiple security vulnerabilities
document Buffer overflows during web access authentication (TCP/80, TCP/443), buffer overflow on SOAP request processing (TCP/8093, TCP/8094).
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Opera DoS
document NULL pointer dereference on oversized SIZE parameter in SELECT tag.
  


10.05.2011
Detailed
6!Postfix memory corruption
document Memory corruption if Cyrus SASL library is used for CRAM authentications.
6!Microsoft PowerPoint security vulnerabilities
document Memory corruption, buffer overflow.
  


08.05.2011
Detailed
9!exim format string vulnerability
document Format string vulnerability on DKIM data obtained from DNS.
 VMWare vCenter Server / vSphere Client security vulnerabilities
document Directory traversal, information leakage.
 ISC bind DoS
document Crash on RRSIG request processing if Response Policy Zones are used.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 08.05.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco IOS UDP flood DoS
updated since 04.05.2011
document UDP packets flooding leads to CPU exhaustion.
  


05.05.2011
Detailed
6!ZyXEL ZyWALL USG unauthorized access
document Unauthenticated configuration access is possible, authorization is performed on client side.
 ICONICS WebHMI ActiveX buffer overflow
document Stack buffer overflow in SetActiveXGUID method.
 OpenSSH ssh-keysign information leak
document File descriptor for private keys file is not closed on exeternal application execution.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 SIPDroid information leak
document User information is leaked in reply to INVEITE message.
  


04.05.2011
Detailed
8!Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
updated since 21.04.2011
document 73 vulnerabilities in different applications.
  


03.05.2011
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Vino VNC server DoS
document Crash on client request processing.
 Proofpoint Protection Server crossite scripting
document Crossite scripting in web interface.
  


02.05.2011
Detailed
7!Embarcadero Interbase buffer overflow
document Stack buffer overflow on connect request processing.
 usb-creator privilege escalation
document Some privileged disk operations are possible.
 EMC RSA Data Loss Prevention crossite scripting
document 
 VMware ESXi / ESX DoS
document Sockets exhaustion attack is possible.
 SAP WebAS multiple security vulnerabilities
document Crossite scripting, form redirection.
 Cisco Wireless LAN Controller DoS
document Crash on ICMP processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.05.2011
Detailed
7!PHP multiple security vulnerabilities
document Privilege escalation, memory corruptions, buffer overflows, DoS conditions, integer overflows, format string vulnerabilities, information leaks.
7!HP Data Protector multiple security vulnerabilities
updated since 14.02.2011
document Multiple vulnerabilities are unpatched for > 180 days.
6!Cisco Unified Communications Manager multiple security vulnerabilities
updated since 27.04.2011
document DoS via SIP, directory traversal, SQL injection.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru