Computer Security
[EN] no-pyccku

8!Apple QuickTime multiple security vulnerabilities
document Memory corruptions on different formats and protocols parsing.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Information leakage, multiple use-after-free vulnerabilities
8!Linux kernel multiple security vulnerabilities
updated since 04.05.2013
document Privilege escalation via suid-process output redirection, unix sockets privilege escalation, UDF and ISO filesystem drivers information leakage, i915 driver memory corruption, multiple KVM vulnerabilities, ext3 driver privilege escalation, netlink information leakages.
7!Apple iTunes multiple security vulnerabilities
document Certificate validation vulnerability, multiple memory corruptions.
7!Microsoft Lync code execution
document Use-after-free vulnerability.
7!Microsoft Windows multiple security vulnerabilities
document http.sys DoS, multiple kernel privilege escalations, .Net signature spoofing and authorization bypass.
6!Microsoft Office multiple security vulnerabilities
document Multiple buffer overflows, integer overflows, memory corruptions, etc.
 HP-UX Directory Server informaton leakage
 Microsoft Windows Essentials information leakage
document Microsoft Writer invalid URL handling.
 Microsoft Visio information leakage
document Information leakage via external XML entities.

7!Cisco Unified Customer Voice Portal multiple security vulnerabilities
document DoS, privilege escalation code execution, files access.
6!Apache Tomcat security vulnerabilities
document DoS, session fixation, information leakage.
6!EMC AlphaStor buffer overflow
document Buffer overflow on commands parsing in AlphaStor Library Control Program.
 EMC RSA Authentication Agent crossite scripting
 EMC Documentum multiple security vulnerabilities
document Session fixation, crossite scripting.
 Fujitsu notebooks privilege escalation
document Untrusted path to executables.
 telepathy-idle insufficient certificate check
document Server certificate is not checked
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

8!GNU glibc security vulnerabilities
document Buffer overflow in regexec, buffer overflow in getaddrinfo.
7!libxml security vulnerabilities
document Multiple use-after-free vulnerabilities.
6!Mesa / WebGL / libgl buffer overflow
document Heap overflow.
6!Cisco Prime Data Center Network Manager code execution
updated since 02.11.2012
document TCP/1099 and TCP/9099 services code execution.
 gpsd memory corruption
document Memory corruption on request processing.

8!Cisco Unified Computing System multiple security vulnerabilities
document Buffer overflow, information leakage, authentication bypass, DoS.
7!Oracle Java / IBM Java protection bypass
document Sandbox protection bypass via Reflaction API.
6!EMC RSA Archer multiple security vulnerabilities
document Code execution, crosite scripting, authorization bypass.
6!OpenText/IXOS ECM for SAP NetWeaver code exeution
document ABAP code injection
6!Microsoft Antimalware privilege escalation
updated since 12.04.2013
document It's possible to execute code with local system rights.
 3CX Phone outdated libraries
document Outdated versions of OpenSSL and FFmpeg/FFdshow are used.
 D-Link DSL-320B unauthorized access
document It's possible to access configuration files without authentication.
 Huawei devices buffer overflow
document Multiple buffer overflows in SNMPv3 daemon.
 Censornet Professional multiple security vulnerabilities
document Crossite scripting, SQL injections.
 libarchive integer overflow
document Integer overflow on zip file creation leads to buffer overflow.
 Cisco Device Manager code execution
document Code execution via JAR applications.
 Unauthorized access to different HP printing devices
document It's possible to access files.
 HP Managed Printing Administration crossite scripting
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Dell EqualLogic directory traversal
document It's possible to access system files.
 OWASP WAF protection bypass
document It's possible to bypass protection by using non-standard URL encodings.

9!nginx integer overflow
updated since 28.04.2013
document Integer overflow leads to code execution.
9!Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities
updated since 22.04.2013
document 128 vulnerabilities in different application.
7!D-Link IP cameras multiple security vulnerabilities
document Code execution, authentication bypass, hardcoded credentials, information leakage.
7!stunnel integer overflow
document Integer overflow leads to buffer overflow.
7!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.04.2013
document Use-after-free vulnerabilities.
6!Wowza Media Server security vulnerabilities
document Directory traversal, authentication bypass.
6!Microchip controllers IPv6 implementation buffer overflow
document Buffer overflow on fragmented packets parsing.
6!EMC Avamar server / client security vulnerabilities
document Unauthorized files access, insufficient certificate validation.
6!ClamAV multiple security vulnerabilities
updated since 24.03.2013
document Buffer overflow on UPX decompression, array overflow on PDF parsing.
 HP Service Manager security vulnerabilities
document XSS, information leakage.
 SRPLab Personal File Share buffer overflow
document Buffer overflow on oversized request in HTTP server.
 FUSE symlink vulnerabilities
document It's possible to umount any partition.
 MIT Kerberos 5 security vulnereabilities
document Few NULL pointer dereferences.
 strongSwan privilege escalation
document Under some condition it's possibloe to authenticate as a different user.
 EMC Networker privilege escalation
document Weak file permissions.
 Cisco Linksys E1200 / N300 XSS
document XSS in Web interface.
 util-linux / mount information leakage
document It's possible to check file existance.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod