Computer Security
[EN] securityvulns.ru
no-pyccku




29.06.2010
Detailed
7!libtiff multiple security vulnerabilities
updated since 23.06.2010
document Multiple memory corruptions on tiff files parsing.
6!D-Link DAP-1160 routers unauthroized access
document Uhauthorized remote configuration is possible via DCC (D-Link Click'n'Connect) protocol and Web interface.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Nuance OmniPage multiple security vulnerabilities
document Current versions of Microsoft Windows libraries are replaces with outdated ones during installation process.
  


28.06.2010
Detailed
 Cisco Adaptive Security Appliance crossite scripting
document Crossite scripting via ewsponse splitting.
  


26.06.2010
Detailed
9!Adobe Flash Player / Acrobat / Reader memory corruptions
updated since 11.06.2010
document Multiple vulnerabilities on Flash content parsing.
  


25.06.2010
Detailed
8!Mozilla Firefox / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, integer overflow, use-after-free, information leak, buffer overflow, content filterinf bypass.
6!Novell iManager buffer overflows
document Few different buffer overflows.
6!libneon library / svn buffer overflow
document Buffer overflow in NTLM authorization implementation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.06.2010
Detailed
6!Linksys WAP54G access point unauthroized access
updated since 15.06.2010
document Debug interface with hardcoded Gemtek/gemtekswd account is available.
 AnNoText ADVOAkte multiple security vulnerabilities
document Buffer overflow and files overwriting in ActiveX component.
 Wing FTP Server DoS
document Crash on PORT command parsing.
 UFO: Alien Invasion code execution
document Code execution on IRC server command parsing.
 Codeorigin Sysax Multi Server DoS
document Multiple buffer overflows in different FTP commands.
 Skype for Mac OS X DoS
document Crash on chat message with specific Unicode characters.
 Weborf Web server DoS
updated since 23.06.2010
document Crash on invalid connection: header.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 fastjar archiver directory traversal
document Directory traversal during file extraction.
 Microsoft Windows CHM files protection bypass
document It's possible to bypass CHM file locking protection for file downloaded from Internet.
  


20.06.2010
Detailed
7!Samba buffer overflow
document Buffer overflow and DoS conditions on SMB request parsing.
6!HP OpenView Network Node Manager multiple security vulnerabilities
updated since 09.06.2010
document Memory corruption on HTTP and SNMP request processing.
 Sudo protection bypass
document It's possible to bypass PATH variable sanitization be setting few PATH variables.
 pmount symbolis links vulnerability
document Insecure creation of lock files.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 TitanFTP directory traversal
updated since 17.06.2010
document xcrc and comb commands directory traversal
  


17.06.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 XnView buffer overflow
document Buffer overflow on MBM images parsing.
  


16.06.2010
Detailed
7!UnrealIRCd IRC server multiple security vulnerabilities
document Buffer overflow, backdoor code.
  


15.06.2010
Detailed
6!Cisco Unified Contact Center Express directory traversal
document Directory traversal in TCP/6295 service, DoS.
 Cisco Application Extension Platform privilege escalation
document Privileged actions may be performed by unprivileged user via API.
 Sophos Anti-Virus privilege escalation
document Memory corruptio on system calls processing.
 D-Link DI-604 router vulnerabilities
document Crossite scripting, buffer overflow in administration interface.
 McAfee UTM Firewall crossite scripting
document Crossite scripting in administration interface.
  


14.06.2010
Detailed
8!Microsoft Internet Explorer code execution
document It's possible to execute code via hcp:// handler.
7!Microsoft Office multiple security vulnerabilities
updated since 09.06.2010
document Code execution via embedded COM objects, multiple Excel memory corruptions
6!Multiple Sourcefire weak encryption vulnerability
document Same private key is used in all devices.
6!Microsoft Windows win32k privilege escalation
updated since 08.06.2010
document Multiple memory corruptions.
 pcsc-lite buffer overflow
document PCSCD buffer overflow
 Perl protection bypass
document Safe.pm protection bypass
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cherokee Web-server DoS
updated since 05.11.2009
document Crash on DOS special device name.
  


11.06.2010
Detailed
9!Apple Webkit / Safari / Google Chrome multiple security vulnerabilities
updated since 08.06.2010
document Multiple memory corruptions, code execution.
 Creative Software AutoUpdate Engine 2 ActiveX buffer overflow
document Buffer overflow in BrowseFolder() method
 ISC DHCP server DoS
document Server stops on request with zero length client ID.
  


09.06.2010
Detailed
7!Code execution with multiple ActiveX components in Microsoft Windows
updated since 08.06.2010
   
6!Microsoft .Net XML signing protection bypass
document Only part of signature is compared in case of incomplete HMAC.
6!Microsoft SharePoint multiple security vulnerabilities
document Crossite scripting, information leak, DoS.
6!Microsoft Windows OpenType Compact Font Format driver memory corruption
document Memory corruption on IOCTL processing.
 Microsoft IIS memory corruption
document Memory corruption if Extended Protection for Authentication is enabled.
  


08.06.2010
Detailed
8!Microsoft Internet Explorer multiple security vulnerabilities
document Crossite scripting, information leakage, multiple memory corruptions.
7!Microsoft Windows media files parsing memroy corruption
document Memory corruption on JPEG / MJPEG parsing.
 CA ARCserve Backup information leak
   
 RSA Key Manager SQL injection
document SQL injection during data decryption.
 Exim hard links vulnerability
document Hard links vulnerability on mail dirs and lock files handling.
 Core FTP Server multiple security vulnerabilities
document Multiple buffer overflows, directory traversals, DoS conditions.
  


07.06.2010
Detailed
6!HP StorageWorks Storage Mirroring unauthorized access
   
 HP ServiceCenter crossite scripting
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple browsers DoS
updated since 20.05.2010
document Mail program compose message window is created for avery frame with mailto:, news:, nntp:, etc URI.
  


03.06.2010
Detailed
7!SBLIM SFCB multiple security vulnerabilities
document Buffer overflow and integer overflow in TCP/5988, TCP/5989 interfaces.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Wing FTP Server crossite scripting
document Crossite scripting in administration interface.
  


02.06.2010
Detailed
7!Novell ZENworks buffer overflow
document Buffer overflow on TCP/998 traffic parsing.
6!Netgear WG602v4 router buffer overflow
document Buffer overflow during web access authentication.
6!Transmission torrent client buffer overflow
document Buffer overflow on URL parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 EMC Avamar DoS
document Crash on network messages parsing.
 nano editor symbolic links vulnerability
document Race conditions during temporary files creation.
 Applicure dotDefender crossite scripting
document Crossite scripting in administration interface.
  


01.06.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 01.06.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 nginx information leak
document It's possible to access page source code by adding %20 to URI.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru