Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.06.2009
Detailed
6!Huawei D100 wireless router multiple security vulnerabilities
document Undocumented unchangable telnet account admin:admin, information leakage.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. LinksExchanger - Crossite scripting. phpMyAdmin - Crossite scripting.
  


29.06.2009
Detailed
7!PHP memory corruption
document Memory corruption on EXIF data parsgin from JPEG file via exif_read_data().
 libpng information leak
document During displaying of 1-bit image with width values that are not divisible by 8 data from non-initialized memory is used.
 Baofeng Media Player buffer overflow
document Buffer overflow on SMPL playlists parsing.
 Ruby DoS
document Crash on oversized string in BigDecimal.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS SiteLogic: SQL injection, crossite scripting, information leak.
  


27.06.2009
Detailed
7!Adobe Shockwave Player memory corruption
document Memory corruption on Adobe Director 10 files parsing.
6!stardict information leakage
document Clipboard content is broadcasted into network.
6!HP OpenView Network Node Manager SNMP code execution
updated since 14.06.2009
document Bufffer overflow in rping application.
 Multiple MSN messengers SSL certificates vulnerabilities
document Server certificate is not validated.
  


26.06.2009
Detailed
 Motorola Timbuktu Pro remote control software buffer overflow
document Buffer overflow via PlughNTCommand named pipe.
 Samba security vulnerabilities
document smbclient format string vulnerability, ability to change file permissions if file is already open.
 Unisys Business Information Server buffer overflow
document Stack-based buffer overflow on network request processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.06.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


25.06.2009
Detailed
 Multiple OpenSSL DoS conditions
document Multiple vulnerabilities on DTLS handling.
 Cisco ASA Web VPN multiple security vulnerabilities
document Crossite scripting, filtering bypass, information leak.
 Cisco Physical Access Gateway DoS
document Memory leaks on HTTPs processing.
 Cisco Video Surveillance products security vulnerabilities
document DoS, unauthorized camera access.
  


24.06.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 amule shell characters vulnerability
document Shell characters vulnerability on video file filename.
  


23.06.2009
Detailed
7!WebKit / Apple Safari multiple security vulnerabilities
updated since 09.06.2009
document Multiple memory corruptions, local files access.
  


22.06.2009
Detailed
6!ToolTalk rpc.ttdbserverd buffer overflow
document Buffer overflow in _tt_internal_realpath RPC procedure.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.06.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.06.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.06.2009
Detailed
 Edraw PDF Viewer ActiveX unauthorized access
document FtpConnect() method allowd to upload any file to any location.
 PHP safemode execution protection bypass
document It's possible to bypass safemode protection by inserting few backslashes into command.
  


18.06.2009
Detailed
6!Apple iPhone functionality abuse
document By using tel: URI it's possible to force phone to dial some number without user's confirmation.
 Nokia 6212 multiple security vulnerabilities
document DoS, URI spoofing.
 Linux kernel DoS
document Deadlog on splice calls handling.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.06.2009
Detailed
8!Apple java code execution
document User-controlled pointer dereference in apple.laf.CColourUIResource() method.
 irssi off-by-one buffer overflow
document Off-by-one overflow on server data processing.
  


16.06.2009
Detailed
 CA ARCserve Backup DoS
document Crash on malfrmed TCP/6503 RPC messages parsing.
 Netgear DG632 router multiple security vulnerabilities
document Authentication bypass and DoS via web interface.
 Link Logger syslogd DoS
document Crash on syslog traffic flood.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.06.2009
Detailed
8!Mozilla Firefox multiple security vulnerabilities
document Privilege escalations, crossite scripting, DoS, race conditions, SSL spoofing if HTTP proxy is used, multiple memory corruptions.
8!Microsoft Word buffer overflows
updated since 11.06.2009
document Fre different buffer overflows on document parsing.
8!Windows print spooler multiple security vulnerabilities
updated since 10.06.2009
document Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading.
7!Microsoft Active Directory multiple security vulnerabilities
updated since 09.06.2009
document Double free() vulnerability, memory leaks.
6!Microsoft Excel multiple security vulnerabilities
updated since 10.06.2009
document Multiple buffer overflows, memory and pointers corruptions.
6!Apache Tomcat multiple security vulnerabilities
updated since 05.06.2009
document Information leak, user enumeration, DoS, directory traversal.
 DX Studio Player Firefox plug-in code execution
document It's possible to execute system commands via Javascript API.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 14.06.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeBSD IPv6 interface DoS
document Unprivileged user can set options and disable interface.
 FreeBSD information leak
document Integer overflow on pipe implementation allows reading data from another process' memory.
 F5 FirePass 4100 crossite scripting
updated since 14.11.2007
document SSL VPN download_plugin.php3, page backurl parameter, my.logon.php3, my.activation.php3 crossite scripting.
 Google Chrome DoS
document <script>location.hostname = "%";</script> causes endless loop.
  


11.06.2009
Detailed
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.06.2009
document Crossite data access, multiple memory corruptions.
7!Microsoft Power Point multiple security vulnerabilities
updated since 12.05.2009
document Multiple buffer overflows, memroy corruptions, integer overflows, etc.
 Mozilla Firefox for Linux / Unix DoS
document Crash on large size GIF used ad body background.
 Mizilla Firefox / Opera DoS
document Large number of netsted embedded elements leads to crash or resources exhaustion.
  


10.06.2009
Detailed
6!Microsoft Windows kernel multiple privilege escalation
document Multiple vulnerabilities in different subsystems.
6!Microsoft Wordpad / Microsoft Works multiple security vulnerabilities
updated since 14.04.2009
document Buffer overflows and memory corruptions on different file formats conversions.
 Microsoft Windows RPC privilege escalation
document Uninitialized porinter dereference in RPC Marshalling Engine.
 Microsoft Windows Search information leak
document Crossite scripting on search results.
  


09.06.2009
Detailed
6!Microsoft IIS WevDAV authentication bypass
document It's possible to access resources? requireing authentication anonymously.
6!Rasterbar / libtorrent / firetorrent / qBittorrent / deluge Torrent directory traversal
document Directory traversal on .torrent files processing.
6!libpurple / Pidgin buffer overflow
updated since 01.09.2008
document Buffer overflow on MSN SLP messages parsing.
 eCryptfs information leak
document mount passphrase may be logged to installation log.
 ImageMagick integer overflow
document Memory corruption on TIFF dimensions procesing.
  


08.06.2009
Detailed
6!SAP GUI ActiveX buffer overflow
document Buffer overflow in SAPIrRfc component Accept() method.
 HP Discovery & Dependency Mapping Inventory unauthorized access
   
  


06.06.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 GStreamer Good Plug-ins DoS
document Crash on malformed PNG image.
  


05.06.2009
Detailed
 XM Easy Personal FTP Server DoS
document Buffer overflow on HELP and TYPE commands.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apache apr-util webDav DoS
updated since 02.06.2009
document Memory consuption on large number of Entity elements.
 file utility buffer overflow
document Buffer overflow on .msi, .doc, .mpp files analysis.
  


04.06.2009
Detailed
7!Apple iTunes multiple security vulnerabilities
document Buffer overflow on different URIs handling.
7!Apple QuickTime multiple security vulnerabilities
updated since 02.06.2009
document Buffer overflows and memory corruptions on PICT, CRGN, FLC, PSD, AVI, Sorenson Video 3, JPEG2000 parsing.
6!Apple Mac OS X xterm memory corruption
document Integer overflow on CSI[4 ESC-sequence.
 CUPS DoS
document NULL pointer dereference on IPP_TAG_UNSUPPORTED tag parsing.
  


02.06.2009
Detailed
8!Safenet SoftRemote buffer overflow
document Buffer overflow in UDP/62514 port IKE service
6!Linux kernel multiple security vulnerabilities
document CIFS client buffer overflow, Xen DoS, nfs4 files execution.
 ASMAX AR 804 gu router commands execution
document System commands execution via Web interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple ACDSee applications vulnerabilities
document Buffer overflow on TIFF images and font parsing.
  


01.06.2009
Detailed
7!SonicWALL format string vulnerability
updated since 27.05.2009
document Format stirng vulnerability on server log parsing and during authentication.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
 Wireshark DoS
document Crash on PCNFSD packet parsing.
 Apache protection bypass
document Invalid IncludesNOEXEC option processing allows code execution via included .shtml files.
 VMWare DoS
document DoS from virtual machine if Descheduled Time Accounting Service is installed.
 Linksys WAG54G2 commands injection
document It's possible to inject command via Web interface.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru