Computer Security
[EN] no-pyccku

7!Llibpng buffer overflow
updated since 19.07.2002
document Buffer overflow during image processing.
6!Linux TCP options signed/unsigned conversions DoS
document TCP option length over 127 bytes can cause infinit loop inside netfilter if options are used in filtering rules.
 rsbac protection bypass
document suid files can be created from jailed processes.
 Pavuk buffer overflow
document Buffer overflow during parsing HTTP/305 redirection.
 Apache integer overfow
updated since 29.06.2004
document MIME header length is unlimited, leading to possible memory exhaustion. On 64bit platforms integer overflow during MIME headers parsing (requires sending of large amount of data).

7!ISC DHCP buffer overflow
updated since 23.06.2004
document Buffer overflow on oversized hostname in DHCP query, if hostname is splitted to few attributes.
6!nCipher netHSM information leak
document Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a directly attached keyboard, are exposed in the netHSM system log
 popclient buffer overflow
document Off-by-one buffer overflow on oversized message line.
 MPlayer buffer overflow
document Buffer overflow on oversized playlist file/URL entry.
 D-LINK 614 DoS
document Multiple DHCP processing bugs.
 SUN virtual java machine DoS
document Invalid fonts handling can crash virtual machine under Windows.

 Lotus Notes URI command line modification
updated since 24.06.2004
document notes: URI allows to execute notes.exe with any arguments, for example to cpecify .ini file location.

6!MacOS X cleartext passwords in memory
document Passwords are stored in swap and memory in cleartext.
6!GNATS format string bugs
document Format string bug in syslog() call.
6!FreeS/WAN, Openswan, strongSwan, Super-FreeS/WAN multiple certificate problmes
document DoS, unauthorized access.
6!Apache mod_proxy buffer overflow
 Multiple drcatd bugs
document Multiple buffer overflows
 CGI bugs
updated since 21.06.2004

 FreeBSD Alpha DoS
document Unaligned execve() argument causes system to crash.
 gzexe symlink problem
document Unsafe temporary files creation.
 gift-fasttrack DoS
 BryanFTPD buffer overflow
document Buffer overflow on oversized FTP command.
 rlpr format string bug
updated since 21.06.2004
document syslog() format string bug.

 Linux Broadcom 5820 Cryptonet driver integer overflow
document ubsec_ioctl() function integer overflow.

 Linux FireWire drivers integer overflow
document Integer overflows in different functions.
 rssh protection bypass
document Access outside jail is possible.
 NetGear FVS318/Microsoft MN-500 Web interface DoS
document Limitation for connection number prior authentication without timeouts.
 DLink 514 DHCP crossite scripting
document Crossite scripting via DHCP request parameters.
 BT Voyager SNMP information leak
updated since 23.06.2004
document Password is accessible for reading via SNMP.
document SNMP packet with invalid oid causes server to crash.

 sup format string bug
document Format string bug on syslog() call.
 ircd-ratbox/ircd-hybrid message flood DoS
document If sender type is unknown message rate limitation causes messages to be accumulated in memory.
 Format string bug in super
updated since 31.07.2002
document Format string bug on syslog call

 ignitionServer password protection bypass
document Zero length password is universal.
 linux kerndel floating point exception DoS
document Problem with floating point exceptions lead to unstable kernel state.
 CGI bugs
updated since 14.06.2004

6!Cisco BGP DoS
document Router reboots on malformed BGP packet.
 IBM eGatherer/IBM acpRunner ActiveX multiple bugs
document Unsafe methods allows disk access and scripting.
 Linux kernel i2c integer overflow DoS
document signed/unsigned conversion problem.
 Symantec Enterprise Firewall DNSD cache poisoning
document During DNS request parsing neither DNS server authority nor relation between request and response is checked.
 Winagent buffer overflow
document Buffer overflow on oversized filename.
 FreeBSD securelevel protection bypass
document It's possible to lower security level by installing new syscall.

6!Irix SGI_IOPROBE privilege escalation
document Unprivileged user can access memory.
 thy DoS
document Incomplete URL causes program to crash.
 Skype buffer overflow
document Buffer overflow on callto: URL.

7!New Internet Explorer crossite scripting problems
updated since 08.06.2004
document Location: URL: HTTP header in conjuection with ms-its: handler allows to save file to known location. Crossite scripting with modal dialogs.
6!Subversion/Chora buffer overflow
updated since 19.05.2004
document Stack overflow on parsing svn*:// IRIs, heap overflow on stack parsing.

7!HP-UX FTP code execution
document It's possiblt to execute application on server by specifing '|' in filename.
6!Multiple RealPlayer buffer overflows
document Buffer overflow during displaying URLs in .ram, buffer overflow during constructing mem: URLs on error page. Buffer overflows during parsing different file formats.
 ksymoops symbolic links
document Symlink problem during temporary files processing.
 Edimax 7205APL privilege escalation
document User can retrieve configuration including cleartext administration password.
 NetBSD swapctl DoS
 Multiple ISA server bugs
document ISA SP2 closes few security holes: buffer overflow during redirect from denied resource, basic credentials may be sent over an External HTTP connection when SSL is required for published server, FTP bounce attack, handles leak in message screener, etc.
 CGI bugs
updated since 08.06.2004

6!Trendmicro Officesscan privilege escalation
document During virus detection help is launched from local system.
 Cisco CatOS incomplete TCP session DoS
document Invalid packet on 3rd TCP handshake stage causes device to fail if telnet, ssh or HTTP are enabled.
 smtp.proxy format string bug
document syslog() sender address format string bug.

7!Multiple CVS bugs
document Buffer overflows, format strings, double free().
6!Crystal Reports directory traversal
document Web service directory traversal.
6!Oracle E-Business Suite SQL injection
updated since 05.06.2004
document Multiple SQL injection conditions.
 US Robotics Broadband Router 8003 unauthorized access
document Password is checked on client side.
 Microsoft DirectPlay DoS
document Invalid network packets parsing.

6!Multiple MacOS X bugs
updated since 08.06.2004
document Problems with launching of download application.
6!PHP for Windows shell characters filtration protection bypass
document escapeshellcmd()/escapeshellarg() do not work under Windows.
6!FreeBSD jailed process routing table protection bypass
document Jailed process can manipulate with routing table.
 Linksys Web Camera directory traversal
 Linksys BEFSR41 information leak
document DHCP reply contains random information from memory.

6!PostgreSQL ODBC buffer overflow
 Trend Micro Internet Security crossite scripting
updated since 04.06.2004
document Web browser component is used for warning message and filename is not filtered.

 CGI bugs
updated since 31.05.2004

 log2mail unfiltered shell characters
 NetGear WG602 backdoor account
document Backdoor account 'super' with password '5777364' allow web interface access.
 Orenosv buffer overflow
updated since 26.05.2004
document Buffer overflow on parsing GET request.

7!Firebird buffer overflow
updated since 10.05.2003
document Buffer overflows in gds_inet_server, gds_drop, and gds_lock_mgr during environment and command line processing, in database name.
6!Apache OpenSSL buffer overflow
document Buffer overflow if SSLOptions +FakeBasicAuth is used.
 TinyWeb Executable code leak
document By using /./ it's possible to access file from /cgi-bin
 Tripwire format string bug
document Format string bug during e-mail report generation.
 Linksys multiple routers buffer overflow
document Buffer overflow during Web interface authentication.
 MIT Kerberos 5 buffer overflow
document Buffer overflow in krb5_aname_to_localname

 LinkSys Wireless-G administrative access
document Web administration interface is available from external network even if turned off administratively.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod