Computer Security
[EN] no-pyccku

7!PostgreSQL multiple security vulnerabilities
document DoS, information disclosure.
6!Apple Watch multiple security vulnerabilities
document Information interception, memory corruptions, code execution, information disclosure, DoS, privilege escalation.
6!Google Chrome / Chromium multiple security vulnerabilities
updated since 05.05.2015
 fuse NTFS-3G privilege escalation
document Insufficient filtering of environment variables.

 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 17.05.2015
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

6!SAP applications buffer overflow
document Buffer overflow in LZC/LZH implementation.
6!Cisco Telepresence security vulnerabilities
document Code execution, authentication bypass, DoS.
6!libvirt / qemu security vulnerabilities
updated since 05.05.2015
document Crash on PCI registers, IDE controller and Physical Region Descriptor Table decoder. Code execution.
 Websense Content Gateway certificates check vulnereability
document Compromised certificates are incorrectly checked.
 Pure Faction game server buffer overflow
document Buffer overflow via game chat.
 Apache Tomcat security vulnerabilities
updated since 11.05.2015
document Resources exhaustion, restrictions bypass.

9!Microsoft Windows multiple security vulnerabilities
document Buffer overflow, memory corruption, code execution, privilege escalation, restrictions bupass, DoS, information disclosure.
9!Adobe Flash Player multiple security vulnerabilities
document Buffer overflows, memory corruptions, integer overflows, race conditions, restriction bypass.
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple buffer overflows, memory corruptions, information disclosures, restriction bypass.
8!Adobe Reader / Acrobat multiple security vulnerabilities
document Memory corruptions, buffer overlfows, restrictions bypass, DoS.
7!Microsoft SharePoint Server code execution
document Code execution via document content.
7!Microsoft Office memory corruptions
document Memory corruptions on documents parsing.

6!quassel SQL injection
document SQL injection via messages.
6!mercurial code execution
document Code injection via clone command.
6!Novell ZenWorks Configuration Management code execution
document Code execution via web interface.
6!GoAhead Web Server security vulnerabilities
document Directory traversal, buffer overflow.
 Palo Alto Traps Server XSS
document Stored XSS in logs.
 Appweb web server DoS
document NULL poiinter dereference on Range: header parsing.
 EMC Isilon OneFS privilege escalation
document Local files access.
 EMC Documentum xCelerated Management System information disclosure
document Service password is stored in .bat file.
 Battle of Wesnoth directory traversal
document Directory traversal on maps loading.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Open-Xchange crossite scripting
document Crossite scripting via attachment.
 NetworkManager directory traversal
document File access on modem device handling.
 Fortinet FortiAnalyzer and FortiManager crossite scripting
document Crossite scripting in web interface.
 perl-Module-Signature content spoofing
updated since 05.05.2015
document Unsigned content can be interpreted as a signed.

8!libicu security vulnerabilities
document Buffer overflow, integer overflow.
6!mono security vulnerabilities
document Multiple TLS related vulnerabilities.
6!dcraw / libraw integer overflow
document Integer overflow in ljpeg_start().
6!HP Integrated Lights-Out multiple security vulnereabilities
document Code execution, privilege escalation, DoS, restrictions bypass.
6!HP TippingPoint Security Management System / TippingPoint Virtual Security Management System code execution
document Code execution via web interface.
6!BullGuard antiviral applications authentication bypass
updated since 10.05.2015
document Access limitation are checked in client application.
 Apache libbatik XXE
document XXE on SVG parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Network Virtualization for HP LoadRunner and Performance Center information disclosure
 suricata DoS
document Crash on SSL certificate parsing.
 HP SDN VAN Controller DoS
 zeromq3 / libzmq downgrade attack
document Protocol version downgrade attack is possible.
 HP Operations Orchestration authentication bypass
 HP Data Protector multiple security vulnerabilities
document DoS, code execution, privilege escalation.
 SonicWall SonicOS crossite scripting
 Filezilla FTP server bounce attack
document DATA connection IP address is not restricted.
 Cisco UCS Central code execution
document Code execution via web interface.
 F5 BIG-IQ information disclosure
document User accounts information disclosure.
 InFocus projectors authentication bypass
document Few authentication bypass possibilities.
 HP Capture and Route information disclosure
 EMC RSA Identity Management and Governance password reset
document Weak password reset procedure.
 squid insufficient certificate validation
document Insufficient check for server certificate.

9!Apple Safari / Webkit multiple security vulnerabilities
document Multiple memory corruptions, files access, interface spoofing.
8!libtasn1 buffer overflow
document Heap buffer overflow on DER decoding.
6!Linux kernel multiple security vulnerabilities
updated since 05.05.2015
document DoS, privilege escalation, protection bypass.

9!GNU glibc security vulnerabilities
document Ğ¿gethostbyname_r() buffer overflow, getaddrinfo() race conditions.
7!qt multiple security vulnerabilities
document Memory corruptions on different graphics formats parsing.
6!Elasticsearch directory traversal
document Directory traversal via requests to /_plugin
6!libphp-snoopy code execution
6!SQLite multiple security vulnerabilities
updated since 16.04.2015
document Over 20 errors, including uninitialized memory access.
 ProFTPD unauthorized files access
document Unauthorized files copy via mod_copy.
 OpenFire certificate validation vulnerability
 usb-creator privilege escalation
 PHP security vulnerabilities
document apache2handler code execution, memory corruption on archives parsing.
 LibreOffice memory corruption
document Memory corruption on HWP documents parsing.
 icecast DoS
document NULL pointer dereference on authentication by URL.
 owncloud multiple security vulnerabilities
document CSRF, XSS, limitations bypass.
 HUAWEI MobiConnect weak permissions
document Weak permissions for executable files.
 dnsmasq uninitialized memory dereference
updated since 04.05.2015
document Uninitilized memory dereference on DNS request parsing.
 librsync weak permission
document Weak hash function is used.
 automount privilege escalation
document Insufficient local variables filtering.
 glusterfs DoS
document Infinite loop.

7!EMC Autostart data injection
document Commands injection is possible.
7!ClamAV multiple security vulnerabilities
document DoS conditions, buffer overflow, memory corruption.
6!Cherokee authentication bypass
document LDAP authentication allows to authenticate with empty password.
 EMC SourceOne DoS
document Management account lockout is possible.
 DirectFB security vulnerabilities
document Signess errors, buffer overflow, memory corruption.
 Ruby SSL checks bypass
document Invalid hostname matching limplementation.
 XML::LibXML information leakage
document Information disclosure on expand_entities.
 FastCGI buffer overflow
document Buffer overflow on fd_set structure handling.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod