Computer Security
[EN] no-pyccku

7!Multiple Veritas Backup Exec backup solutions vulnerabilities
updated since 24.06.2005
document Multiple vulnerabilities, including remote buffer overflows and DoS.
7!Microsoft Message Queuing buffer overflow
updated since 13.04.2005
document Buffer overflow in RPC-based protocol.
6!Multiple ClamAV antivirus DoS vulnerabilities
document Descriptors leak on MS-Expand and CAB files.
 Soldier of Fortune II array index overflow
document /ignore command array index overflow.
 Nortel Communication Server FTP DoS
 Adobe Reader for Linux symbolic links problem
document Symbolic links problem on temporary files creation.
 Cisco RADIUS authentication bypass
document It's possible to bypass RADIUS authorisation is NONE is set at fallback authentication method.
 FreeBSD ipfw packet filter race conditions
document Because of insuddicient locking it's possible to corrupt cached lookup table on machines with threading PREEMPTIVE multitasking.

 DSX Raritan Console Servers weak permissions
document Executable files are writable by unprivileged users.

7!RealPlayer multiple vulnerabilities
updated since 24.06.2005
document Heap overflow on RealText format parsing. Heap overflow on AVI files parsing. Possibility to overwrite local files, ActiveX execution from MP3 file.
 Infradig Systems Inframail Advantage Server mail and FTP server buffer overflow
document Buffer overflow in SMTP MAIL FROM: and FTP NLST commands.
 Dell computer Windows XP administrators weak password
document During system installation Administrator account is created with empty password.
 Nokia / Symbian mobile phones bluetooth DoS
document 0x09 0x0A characters in nickname causes bluetooth device to crasg on searching.
 Adobe Acrobat Reader local files access
updated since 17.06.2005
document By using XML External Entity document script can access local files and have them sent to remote site.

6!PHP calendar functions buffer overflow
document Buffer overflow in calendar functions, e.g. JDToGregorian() on large integer.
 IA eMailServer IMAP format string vulnerability
document IMAP mail server LIST command format strinb vulnerability.
 TCP-IP Datalook socket sniffer buffer overflow
document Buffer overflow on malformed request.

6!ClamAV antivirus Qantum compression DoS
document Compression with small windows size causes anti virus to crash.
 IBM DB2 universal database protection bypass
document User with only SELECT permissions can can insert, update or delete records.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 20.06.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

7!Linux kernel msync race conditions
document Race conditions allow inject dynamic library into process space.
6!Sendmail clamav-milter antivirus DoS
document By keeping client connection for a long time during database reloads it's possible to prevent server from accepting new connections.
 HP VCRM (Version Control Repository Manager) information leak
document A part of the password may be shown if one contains '@' sign.
 SGI Irix arrayd authentication spoofing
 Multiple Sun Solaris perl modules problems
document protection bypass, crossite scripting.
 Multiple Linux kernel vulnerabilities
document DoS with signal handler, another one ptrace privilege escalation vulnerability.

 IpSwitch WhatsUp network management solution SQL injection
document SQL injection during Web interface authentication process.
 Lotus Domino multiple vulnerabilities
updated since 13.04.2005

 Asterisk VOIP PBX software buffer overflow
document Stack overflow on CLi commands processing.
 Ruby object-oriented language protection bypass
updated since 22.06.2005
document Error in XMLRPC module.
 tor anonymizing communication service information leak
document Client can view arbitrary memory content.
 PicoWebServer Web Server buffer overflow
updated since 30.05.2005
document Stack overflow on HTTP GET request parsing.

6!PeerCast p2p multimedia broadcasting format string vulnerability
updated since 30.05.2005
document Format string bug on HTTP request parsing.
6!Multiple tcpdump / ethereal sniffers vulnerabilities
updated since 28.04.2005
document Endless loops during handling RSVP, ISIS, BGP, LDP protocols, buffer overflows in ANSI A, GSM MAP, AIM, DISTCC, FCELS, SIP, KINK, LMP, Telnet, TZSP, WSP, BER, SMB, H.245, Bittorrent, Fibre Channel and many others.
 Lyris List Manager multiple vulnerabilities
 Enterasys Vertical Horizon switches backdoor accounts
document There is undocumented backdoor account tiger/tiger123, in addition some privileged control character combination are available to unprivileged user from console or telnet session.
 Novell Netmail weak permissons
document uid/gid 500/500 is incorrectly set as file owner.
 Multiple browsers dialog content spoofing
document It's possible to spoof dialog window origin.
 Novell Groupwise Client memory cleartext password
document Cleartext password is stored in memory.

6!Sudo symbolic links race condition
document If sudoers file contains specific records, race conditions exist to spoof command with symlink.
6!Sun Java / BlackDown Java sandbox protection bypass
document Applet can bypass sandbox limitation to exefute privileged functions.
 Cisco VPN 3000 groupname enumeration
document Different bahaviour for valid and invalid groupname in IKE aggressive mode.
 OpenBSD ip_ctloutput() DoS
document Error in the "ip_ctloutput()" function can be exploited by using the "getsockopt()" to retrieve IPsec credentials for a socket.
 Deep Freeze protection bypass
updated since 17.06.2005
document With debugging application it's possible to bypass system state protection.
 RealVNC / WinVNC terminalservice information leak
document Before authentication client receives information about operation system and platform.

 JBoss application server information leak
document Insuficcient request validation allows to obtain server installation, configuration and version information.
 fig2vect drawing format convertor buffer overflow
document Buffer overflow in pdf_encode_str() while converting text to PDF format.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 14.06.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

 Gentoo Linux webapp-config symbolic links problem
document Symbolic links problem on temporary files creation.
 Razor agent spam filtering network DoS
document Few bugs causing application crash or infinite loop.
 Sun Solaris lpadmin symbolic links problem
 Yaws Webserver source code leak
document %00 at the end of executable file allows to see it's content.

6!ViRobot anti-virus server buffer overflow
updated since 21.08.2003
document Multiple buffer overflows.
 Finjan SurfinGate content filtering protection bypass
document It's possible to bypass URL filtering by using escape sequences.

8!Microsoft Internet Explorer PNG images buffer overflow
document Heap overflow on large specific PNG chunk.
8!Microsoft Windows HTML Help files parsing buffer overflow
document Heap overflow on HTML help (.chm) files structure parsing.
8!Microsoft Windows SMB file system client buffer overflow
updated since 09.02.2005
document Buffer overflow on nework protocol parsing.
6!Microsoft ISA Server proxy / firewall multiple vulnerabilities
document Cache poisoning problem, NetBIOS predefined filter vulnerability.
6!Microsoft Windows Web Client service (WebDav client) buffer overflow
document Buffer overflow on client request parsing.
6!Microsoft Outlook Web Access crossite scripting
updated since 08.07.2003
document It's possible to inject script into message and to acces username/password.
 Microsoft Agent content spoofing
document Microsoft Agent ActiveX allows to spoof trusted site content.
 Microsoft Step-by-Step Interactive Training buffer overflow
document Buffer overflow on link files (.cbo, .cbl, .cbm) parsing.
 Microsoft Outlook Express NNTP client buffer overflow
document Buffer overflow on NNTP server reply parsing.
 Multiple system telnet client information leak
document Telnet server can request client's environment variables.

7!Multiple bugs in OpenSSL
updated since 30.09.2003
document Rpbolem with stack corruption, uninitialized memory references.
6!Sun Java Webstart virtual machine protection bypass
document It's possible to bypass sandbox environment.
6!Multiple Macromedia products licensgin service privilege escalation
document Ilcensing service file has weak permisions and may be spoofed by local user.
 Novell eDirectory directory services special DOS device names DoS
document Special devices access causes error in dhost.exe.
 Multiple bluetooth devices DoS
document Traffic or connection flood leads to denial of service.

 Symantec PcAnywhere privilege escalation
document By using "Caller Properties" it's possible to execute application with Local System privileges.
 Adobe License Manager privilege escalation
document It's possible to obtain Local System privileges.
 Cisco switches protected Voice VLANs protection bypass
document Malformed CDP (Cisco discovery protocol) message opens access to voice VLAN from data VLAN.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 07.06.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
 shtool shell tools set synbolic links problem
updated since 26.05.2005
document gen_tmpfile symbolic links problem.
 Pico Server web server multiple vulnerabilities
updated since 16.05.2005
document Information leak, directory traversal.

6!Multiple AIX privilege escalations
document invscout, diagTasksWebSM, getlvname utilities buffer overflows.
 Pragma TelnetServer crossite scripting
document Crossite scripting if log files are stored in HTML format.
 SGI Irix rpc.mountd privilege escalation
document Under some conditions write access is possible to read only exports.
 C-JDBC clastered database access interface information leak
document Vulnerability in caching mechanism allows to access cached data without access rights validation.
 xmysqladmin MySQL administration utility symbolic links problem
document Unsafe temporary files creation.
 MacOS X launchd synbolic links race conditions
document Unsafe temporary files creation.
 tattle SSH attacks protection script shell characters problem
document Insufficient filtering of command parameters during external program incovation allows remote code execution.
 TFTPD 2000 TFTP Server DoS
 Leafnode NNTP proxy DoS
updated since 06.05.2005
document DoS ifserver closes connection before all data received.

7!Multiple Linux kernel vulnerabilities
document DoS and possible code execution on invalid mmap() arguments, ptrace problem rase again on amd64 platform.
6!Kaspersky Antivirus privilege escalation
updated since 06.06.2005
document klif.sys driver removes supervisor memory protection bit. It's code can be modified from user space application and to be executed in kernel mode.
6!IBM WebSphere Application Server administrative console buffer overflow
updated since 03.06.2005
document Buffer overflow during authentication process.
6!Multiple FTP servers path globbing DoS
updated since 16.03.2001
document Command like ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* causes server to hang.
 silvercity lexical analysis application symbolic links problem
document Symbolic links problem on temporary files creation.

 Sun One application server directory traversal
 FlexCast audio video streaming server authentication vulnerability
 Sun Solaris libc privilege escalation
 Raknet network library DoS
document Endless loop with 100% CPU usage on empty UDP packet.
 AOL Instant Messenged integer overflow
document Integer overflow on signed type during buffy icon GIF file parsing.
 ePSXe Sony PlayStation emulator buffer overflow
document Buffer overflow on command line parsing.

 LutelWall Linux firewall symbolic links problem
document Symbolic links problem in update script.
 Giptables firewall symbolic links problem
document Symbolic links problem in startup script.
 Everybuddy translation script symbolic links problem
document Symbolic links problem during temporary files creation.
 Crob FTP Server buffer overflow
document Buffer overflow in different FTP commands.
 FUSE Linux userland filesystem interface information leak
document Memory page is not zeroed, it leads to information leak from kernel space.
 Multiple Clavister Security Gateway Appliance Firewall vulnerabilities
document DoS on IP packets handling. Weak authentication mechanism.

 LiteWeb Web Server protection bypass
document It's possible to bypass password protection by adding additional slashes to URL.
 Fortinet Fortigate firewall backdoor account
document maintainer/pbcpbn[serial number] account has local root access to device.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 30.05.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

6!Microsoft ISA Server 2000 firewall DoS
document Microsoft Internet Security and Acceleration Server's Firewall crashes when heavy network traffic is received from a SecureNAT client.
 e-Post SPA-PRO mail server buffer overflow
document Buffer overflow in IMAP login command.
 HP OpenView RADIA management portal notify daemon buffer overflows
document Buffer overflow on oversized RADEXECD process command.

6!Symantec Brightmail AntiSpam database unauthorized access
document Static built-in password is used to access database.
 Hummingbird InetD FTP Server, LPD server multiple vulnerabilities
document Buffer overflows, DoS.
 Ettercap network security analysis tool format string vulnerability
document Format string bug on curses_msg() call.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod