Computer Security
[EN] securityvulns.ru
no-pyccku

  


29.06.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


27.06.2008
Detailed
 Motion video monitoring program buffer overflow
document Buffer overflow in HTTP server.
  


26.06.2008
Detailed
6!Gnome / Evolution HTML parsing memory corruption
document Memory corruption on HTML parsing, including HTML messages in Evolution.
6!Rhythmbox media player buffer overflow
document Buffer overflow on .pls files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: Crossite Scripting. ExpressionEngine: Crossite scripting.
  


25.06.2008
Detailed
6!Cisco Unified Communications Manager multiple security vulnerabilities
document Computer Telephony Integration Manager DoS (TCP/2748) The Real-Time Information Server SOAP interface (TCP/2556) unauthorized access.
 5th street game client formatstring vulnerability
document Format string vulnerability on messages parsing.
 ClamAV antivirus DoS
document Uninitialized memory reference on Petite-copmpressed files parsing.
 World in Conflict game server DoS
document NULL pointer dereference on zero data block.
 Call of Duty game server DoS
document Few vulnerabilities lead to server crash.
  


23.06.2008
Detailed
6!XnView / NConvert / GFL SDK buffer overflow
document Buffer overflow on oversized Sun TAAC files 'format' field.
 PHP safe_mode protection bypass
document Protection bypass with posix_access(), chdir(), ftok() functions.
 Jscape Secure FTP Applet sessions spoofing
document SSH key is not checked.
 Diigo Toolbar crossite scripting
document Crossite scripting with publiс comments.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 exiv2 / libexiv2 DoS
document Division by zero on zero Nikon lens metadata parameter.
  


19.06.2008
Detailed
6!Cisco Intrusion Prevention System DoS
document Problem on jumbo-frames parsing.
 CA ARCserve Backup Discovery Service DoS
document Malformed request causes service to crash.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.06.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 cbrPager shell characters vulnerability
document Shell characters vulnerability in archive filenames.
 fetchmail multiple security vulnerabilities
document NULL pointer dereference, uninitialized pointer dereference.
 Skulltag game server DoS
document Server hangs on malcrafted packet.
 Crysis games server DoS
document NULL pointer dereference on oversized request to HTTP/XML-RPC interface.
  


16.06.2008
Detailed
 DUC NO-IP weak encryption
document Password is stored in world-readable registry entry in reversable encryption form.
 S.T.A.L.K.E.R. game server DoS
document Crash on player name longer than 64 characters.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger - information leak, crossite scripting. Simple Machines - crossite scripting.
 GSC privilege escalation
document Privileges are only checked on client side.
 Returnil Virtual System protection bypass
document Configuraiton file encryption password is stored in cleartext in process memory.
  


14.06.2008
Detailed
6!mt-daapd buffer overflow
document Buffer overflow on POST request processing.
6!HP OpenView Network Node Manager code excution
document Integer overflow on TCP/8886 request parsing.
6!Microsoft Windows PGM DoS
document Infinite loop on PGM packet parsing.
 Apple Safari for Windows multiple security vulnerabilities
document Code execution through DLL spoofing, filename spoofing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Active Directory DoS
document Uninitialized memory reference on LDAP processing.
 Microsoft Windows WINS privilege escalation
document Memory corruption on packet parsing.
  


13.06.2008
Detailed
7!X Server multiple security vulnerabilities
document Inteer overflows, memory corruptions, information leak in different extensions.
  


11.06.2008
Detailed
7!Microsoft DirectX code execution
document MJPEG format AVI and ASF files parsing vulnerability, SAMI files parsing vulnerability.
7!Apple QuickTime buffer overflow
updated since 10.06.2008
document Buffer overflow on PICT images, INDEO video parsing.
6!Microsoft Internet Explorer multiple security vulnerabilities
document Crossite scripting, information leak.
6!Microsoft Wndows Bluetooth stack code execution
document The Windows Bluetooth Stack does not correctly handle a large number of SDP requests.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 uTorrent / BitTorrent DoS
document Web UI HTTP request Range: header DoS.
 Citect CitectSCADA memory corruption
document Memory corruption in TCP/20222 ODBC service.
 Microsoft Vista speech recognition unauthorized access
updated since 03.02.2007
document Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound.
  


10.06.2008
Detailed
7!FreeType2 library multiple security vulnerabilities
document Multiple integer overflows, buffer overflows, memory corruptions.
6!OpenOffice integer overflow
document Buffer overflow in rtl_allocateMemory() on different file formats parsing.
6!Multiple SNMPv3 authentication implementations bypass
document User-supplied number of signature bytes are checked on signature validation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.06.2008
Detailed
8!Linux kernel multiple security vulnerabilities
document Buffer overflow in CIFS and SNMP ASN.1 parsing code. Buffer overflow in DCCP.
6!Akamai Red Swoosh crossite scripting
document Crossite request forgery to embedded web server is possible.
 Network General Enterprise Administrator privilege escalation
document Administrative access doesn't require authentication.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.06.2008
Detailed
 NASA BigView buffer overflow
document PNM images parsing buffer overflow.
 Asterisk voice server DoS
updated since 05.06.2008
document SIP protocol parsing NULL pointer dereference in pedantic mode. Uninitialized memory reference on in ooh323 channel driver.
  


06.06.2008
Detailed
 F5 Firepass crossite scripting
document Crossite scripting via crossite scripting protection management page.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 06.06.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 VMWare multiple security vulnerabilities
updated since 05.06.2008
document Multiple privilege escalation in guest OS.
  


05.06.2008
Detailed
8!Cisco PIX / ASA multiple security vulnerabilities
document TCP ACKs DoS, TLS DoS, instant messenger DoS, HTTPs request parsing DoS, Control-plane ACLs feature bypass.
8!Sun Java System Active Server Pages multiple security vulnerabilities
document Information leaks, commands injection, directory traversals, buffer overflows, authentication bypass.
7!CA ETrust Secure Content Manager Gateway multiple security vulnerabilities
document Buffer overflow on FTP PASV and LIST commands.
6!HP ActiveX code execution
document HPISDataManager.dll code execution.
6!Kaspersky Antivirus IOCTL privilege escalation
document IOCTL 0x800520e8 buffer overflow.
6!HP StorageWorks Storage Mirroring buffer overflow
document TCP/1100, TCP/1106, UDP/1105 authentication buffer overflow.
6!Akamai Download Manager ActiveX code execution
updated since 01.05.2008
document Undocumented properties allow code download and execute.
 Linksys WRH54G wireless router DoS
document Web-interface crash on invalid HTTP request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Skype protection bypass
document Dangerous file protection dialog bypass.
  


04.06.2008
Detailed
6!C6 Messenger Installation Url Downloader ActiveX code execution
document It's possible to download and execute file. Vulnerability is used in-the-wild for hidden trojan code installation.
6!libxslt memory corruption
document XSL file parsing memory corruption.
 Linux kernel multiple security vulnerabilities
document fcntl() race conditions, tehuti driver privilege escalation.
  


02.06.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phloger: SQL injection.
  


01.06.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
aider a guerir l'impuissance signifie okhomme



Rating@Mail.ru