Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.06.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 flack123 buffer overflow
document Stack-based buffer overflow on Vorbis comments parsing
 Microsoft Internet Explorer DoS
document Browser DoS on the page in domain with special characters.
 Mozilla Firefox focus spoofing
document It's possible to spoof the focus of key press events.
  


29.06.2007
Detailed
6!Intel Core 2 CPUs multiple security vulnerabilities
document Multiple vulnerabilities allow application to access protected pages and corrupt data in memory.
  


28.06.2007
Detailed
8!Symantec Mail Security for SMTP buffer overflow
document Buffer overflow on packed executables parsing.
6!KVIrc IRC client buffer overflow
document Buffer overflow in irc:// URL handler.
6!OpenEdge buffer overflow
document Buffer overflow on parsing TCP/IP message.
6!HP Photo Digital Imaging ActiveX unauthorized access
document Unsafe saveXMLAsFile method in hpqxml.dll.
 Avahi DBUS DoS
document Empty TXT record causes daemon to crash.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Internet Communication Framework multiple security vulnerabilities
document Multiple crossite cripting vulnerabilities.
 SAP NetWeaver / Web Dynpro Java multiple security vulnerabilities
document Multiple crossite scripting conditions.
 Juniper Steel Belted RADIUS CRL access problem
document Certificates revocation list download ffeature doesn't work.
 Conti FTP Server DoS
document LIST //A: request causes server to hang.
  


27.06.2007
Detailed
7!RealPlayer / HelixPlayer buffer overflow
document Buffer overflow on SMIL2 format time parsing.
6!MIT Kerberos multiple security vulnerabilities
updated since 26.06.2007
document kadmind stack-based buffer overflow, buffer overflow and uninitialized pointer free() in RPC library.
 Avax Vector ActiveX unauthorized access
document WriteMovie method allows write access to the disk.
 Checkpoint firewall products crossite scripting
document Crossite scripting within administration interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.06.2007
Detailed
 LiteWeb HTTP server DoS
document Large number of requests to nonexistant page causes resource consumption.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Key Focus Web Server crossite scripting
document Crossite scripting with administration console.
 SHTTPD HTTP server information leak
document It's possible to access scripts source code with request of kind http://127.0.0.1/test.php%20
 Safari bufer overflow
document Buffer overflow during creation of bookmark for the page with oversized title.
  


25.06.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apple Safari XMLHttpRequest object header injection
document It's possible to inject additional headers into XMLHttpRequest object's request.
  


24.06.2007
Detailed
 BarcodeTools BarCodeAx ActiveX buffer overflow
document Buffer overflow in BeginPrint method.
 Redhat Linux cluster service multiple security vulnerabilities
document Uninitialized memory, buffer oveflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


22.06.2007
Detailed
8!Microsoft Outlook Express / Windows Mail multiple security vulnerabilities
updated since 12.06.2007
document Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs.
6!MadWifi multiple security vulnerabilities
document DoS on different frames parsing, local array index overflow.
 Evolution Data Server integer overflow
document Integer overflow in Camel mailer component on negative value of IMAP server SEQUENCE command reply.
 xfsdump symbolic links vulnerability
document xfs_fsr utility insecurely creates .fsr temporary directory.
 VLC media player multiple security vulnerabilities
document Format string vulnerabilities in Ogg Vorbis and Ogg Theora comments parsing, CDDA data, SAP/SDP discovery service. Integer overflow and uninitialized variables on WAV parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 GNU emacs DoS
document Crash on images processing.
  


21.06.2007
Detailed
6!ProFTPD authentication bypass
document There is no check data used for authentication is retrieved by the same authentication module if multiple authentication modules are configured.
 MyServer HTTP server multiple security vulnerabilities
document Crossite scripting with demo pages, script source code access with capital character in path.
 httpsv multiple security vulnerabilities
document It's possible to retrieve script source with URL like http://127.0.0.1/test.htm%20. DoS on large number of requests to non-existant pages.
 HP Help and Support Center buffer overflow
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.06.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 jasper library buffer overflow
document Heap buffer overflow on JPEG-2000 images parsing.
 Multiple open-iscsi security vulnerabilities
document Invalid implementation of internal sockets and semaphores access.
 MPlayer buffer overflow
document Buffer overflow on parsing CDDB server data.
 Apache httpd multiple local DoS conditions
updated since 30.05.2007
document It's possible to manipalte main worker process causing it to send SIGUSR signal from root to any process, process halt, resources exhaustions.
 Apache mod_mem_cache information leak
document Under some conditions data from previsously sent server reply headers may be leaked.
  


19.06.2007
Detailed
6!Trillian instant messenger buffer overflow
updated since 19.06.2007
document Invalid processing of UTF-8 text.
 MaraDNS DoS
updated since 19.06.2007
document Dynamic memory leak on unsupported query class or opcode .
 Apache Tomcat Accept-Language crossite scripting
document Crossite scripting with invalid Accept-Language header.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 19.06.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.06.2007
Detailed
 HP System Management Homepage privilege escalation
document Novell e-directory users have permissions of root group.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.06.2007
Detailed
7!ClamAV antivirus multiple security vulnerabilities
document Multiple buffer
 Kaspersky Internet Security privilege escalation
document Invalid processing of SSDT hooked functions arguments.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apache MyFaces Tomahawk crossite scripting
document Crossite scripting on 'autoscroll' parameter.
  


14.06.2007
Detailed
6!OpenOffice buffer overflow
document Ivalid dynamic memory allocation on RTF document prtdata tag parsing.
 Apache Tomcat crossite scripting
document Crossite scripting with Manager / Host Manager or JSP pages examples.
 libgd PNG DoS
document Resource exhaustion on PNG parsing.
 Spamassasin local DoS
document It's possible to overwrite arbitrary file.
  


13.06.2007
Detailed
9!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.06.2007
document Multiple memory corruptions, content spoofing.
6!Microsoft Windows Secure Channle DoS
updated since 12.06.2007
document Service hangs on SSL/TLS handshake parsing.
6!Apple Safari for Windows commands execution
updated since 12.06.2007
document Shell characters problem on protocol handlers invocation. Format string vulnerability.
 Apple Safari crossite scripting
document window.setTimeout() works in context of changed window.location.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 libexif library integer overflow
updated since 05.06.2007
document Integer overflow on EXIF data parsing.
  


12.06.2007
Detailed
9!Microsoft Windows APi code execution
document Insufficient validation of function arguments.
6!Microsoft Windows Vista weak security permissions
document Weak permissions for files and registry entries.
6!Microsoft Visio multiple security vulnerabilities
updated since 12.06.2007
document Multiple memory corruptions.
 Arris Cadant C3 CMTS DoS
document DoS on IP options processing.
 PHP parse_str variables overwrite
document Insufficient arguments validation allows to overwrite internal variables.
 Cisco Trust Agent for Mac OS X privilege escalation
document It's possible to manipulate system settings with root permissions while message is displayed during user logon.
 Windows Privacy Tray identiy spoofing
document It's possible to spoof sender identity during message displaying.
 Ace-FTP FTP client buffer overflow
document Buffer overflow on parsing server banner.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.06.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Windows GDI+ library DoS
updated since 11.06.2007
document Division by zero on .ICO files parsing.
  


11.06.2007
Detailed
7!Yahoo! Messenger WebCam ActiveX multiple buffer overflows
document Few buffer overflows in Ywcvwr.dll library.
7!Multiple Symantec antiviral products Reporting Server code execution
updated since 06.06.2007
document It's possible to spoof executable report file. Password hash is leaked during failed logon attempt.
7!CA multiple antiviral products buffer overflow
updated since 06.06.2007
document Buffer overflow on CAB archives parsing.
6!Linux kernel multiple security vulnerabilities
document Kernel memory content leak in cpuset and setsockopt. Weak PRNG generator. GEODE-AES weak encryption key generation.
 SafeNET High Assurance Remote / SoftRemote DoS
document Infinite loop on IPv6 parsing.
 Packeteer PacketShaper DoS
document Reboot on malformed Web interface request.
 BlueCoat K9 Web Protection buffer overflow
document Buffer overflow on parsing TCP/2372 request for 127.0.0.1 interface.
 sudo with Kerberos authentication privilege escalation
document sudo fails to check granted tickets match to requested service, making it possible to use faked Kerberos server.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Alcatel-Lucent OmniPCX 7.0 VLAN information leak
document Broadcast and multicast packets cross VLAN boundaries.
 Symantec ghost DoS
document Crash on parsing UDP/1346, UDP/1347 requests.
 µTorrent DoS
updated since 04.06.2007
document Large number of empty lines cause buffer overflow.
 Microsoft Html Popup / Outlook Express Address Book ActiveX DoS
document Crash on element displaying.
  


05.06.2007
Detailed
8!Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
updated since 01.06.2007
document Multiple DoS conditions, addEventListener method crossite scripting. Multiple heap oberflows, integer overflows, etc.
7!Symantec VERITAS Storage Foundation multiple security vulnerabilities
updated since 03.06.2007
document DoS via resource consumption against TCP/8199 administrative service. VxSchedService.exe (TCP/4888) scheduler service authentication bypass and code execution.
6!Macrovision FLEXnet ActiveX buffer overflow
document Buffer overflow in boisweb.dll.
6!ClamAV antivirus DoS
document Resources exhaustion on OLE2 documents parsing.
 screen password protection bypass
document Some key sequences allow access to locked console.
 Centennial Symantec Discovery buffer overflow
document XferWan.exe stack buffer overflow.
  


04.06.2007
Detailed
7!Microsoft Internet Explorer and Mozilla Firefox multiple security vulnerabilities
document Internet Explorer race conditions allow cross domain access. Mozilla Firefox IFRAME cross domain access. Mozilla file download dialogs delay protection bypass. MSIE address bar spoofing.
6!F5 Firepass SSL VPN unfiltered shell characters security vulnerabilities
document Shell characters problem via username parameter of my.activation.php3 script.
6!F-Secure Antivirus buffer overflow
updated since 03.06.2007
document Buffer overflow on LZH archives parsing. Infinite loop on ARJ and FSG parsing.
 Vonage VoIP phones weak defaults
document Administrative interface in available via WAN connection with username/password of user/user.
 PeerCast information leak
document Username and password are present in request URI.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PvPGN Battle.NET game server DoS
document Commands ipban a 1.2.3.4/5 ipban del 1.2.3.4 cause server to crash.
  


03.06.2007
Detailed
6!APC PowerChute Network Shutdown directory traversal
document Directory traversal in Acme.Serve embedded web server with %5c and %2e.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Outpost firewall DoS
document Local user can cause partial denial of system services by manipulating outpost_ipc_hdr mutex.
  


01.06.2007
Detailed
7!Sun JRE / JDK multiple security vulnerabilities
document Buffer and integer overflows in JPG and BMP processing, sandbox protection bypass with system classes.
6!PHP multiple security vulnerabilities
document chunk_split() integer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Windows Active Directory users account enumeration
document It's possible to enumerate accounts with Logon Hours limitation set.
 GNU findutils locate buffer overflow
document Heap buffer overflow on parsing old-format locate database.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
Where to Buy Website Traffic?



Rating@Mail.ru