Computer Security
[EN] no-pyccku

6!FreeBSD iconv security vulnerabilities
document NULL pointer dereference, out-of-bound array access.
6!GnuPG DoS
document Infinite loop in decompression.
 iodine authentication bypass
document reverse tunneling is possible.
 gif2tiff buffer overflow
document Buffer overflow on gif parsing.
 LibreOffice code execution
document Under some conditions, macros can be executed.
 Samba multiple security vulnerabilities
document DoS, information leakage.
 Sophos Antivirus Configuration Console crossite scripting
document Crossite scripting in Web interface.

6!Xen multiple security vulnerabilities
document DoS, information leakage, privilege escalation.
 HP Software Executive Scorecard security vulnerabilities
document Directory traversal, code execution.
 OpenStack multiple security vulnerabilities
document Heart information leakage, Cinder privilege escalation, Nova multiple vulnerabilities, Neutron protection bypass.

8!Google Chrome / Chromium multiple security vulnerabilities
document Memory corruptions, buffer overflows.
7!PHP security vulnerabilities
document Symbolic links vulnerabilities, dns_get_record() buffer overflow.
6!musl-libc buffer overflow
document Buffer overflow on DNS response parsing.
6!Oracle multiple security vulnerabilities
document Multiple privilege escalations via built-in Java machine.
 Linux restrictions bypass
document SECCOMPS restrictions bypass on MIPS.
 Apache commons-beanutils code exeuction
document ActionForm class parameter unrestricted access.
 OpenAFS uninitialized memory
document Uninitialized memory access is possible.

7!SAP multiple security vulnerabilities
document Multiple hardcoded credentials, unauthorized configuration access.
6!WebTitan multiple security vulnerabilities
document SQL injection, code execution, durectory traversal.
6!squid DoS
document DoS via Range: request if SSL-Bump is allowed.
 PowerDNS DoS
document DoS via decriptors exhaustion.
 CoSoSys Endpoint Protector multiple security vulnerabilities
document Backdoor accounts, SQL injections, information disclosure.
 python-PGP code execution
document Shell injections.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Bilyoner apps insecure data transmission
document Under some conditions data is sent unencrypted.
 DCMTK privileges escalation
 s3dvt multiple security vulnerabilities
document Multiple privilege escalations.
 IBM DB2 privilege escalation
document Insecure dynamic libraries loading.
 Cloudera Manager information disclosure
document Sensitive configuration information disclosure via API.
 PHP/fileinfo/file DoS
document Resources exhaustion and infinite loop in CDF files parsing.
 proxmox user enumeration vulnerability
 ppc64-diag symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
 D-Link DSL-500T / DAP 1150 / DAP-1320 multiple security vulnerabilities
updated since 11.12.2011
document Web administration interface crossite request forgery, authentication bypass, directory traversal.

7!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Buffer overflows, memory corruptions, clickjacking.
7!Asterisk multiple security vulnerabilities
document DoS, restrictions bypass, code execution.
6!dpkg directory traversal
6!IBM AIX privilege escalation
document libodm insecure files creation.
6!Cisco IOS XR DoS
document DoS via IPv6 packet.
 miniupnpc buffer overflow
document Signed to unsigned conversion leads to buffer overflow.
 HP Service Virtualization code execution
document Code execution via AutoPass License Server
 apt insufficient certificate validation
document Insufficient certificate validation during apt-get source
 Linux syscall auditing DoS
document System crash on audited syscall with large number.
 Yealink VoIP phones security vulnerabilities
document Crossite scripting, CRLF injection.

8!Adobe Reader / Acrobat multiple security vulnerabilities
updated since 29.05.2014
document Buffer overflows, memory corruptions, information disclosures, use-after-free.
7!Linux privilege escalation
document ring 0 code execution via futex syscall.
7!Google Chrome / Chromium multiple security vulnerabilities
updated since 05.05.2014
document Protection bypass, use-after-free, memory corruptions, integer overflow.
6!libav multiple security vulnerabilities
 chkrootkit privilege escalation
document It's possible to execute file from /tmp
 mupdf buffer overflow
document Buffer overflow on XPS parsing.
 FreeBSD DoS
document Race conditions on threads context switching.

8!OpenSSL multiple security vulnerabilities
document Protection level downgrade attacks, multiple DTLS vulnerabilities, DoS.

7!FreeBSD ktrace information leakage
document It's possible to obtain kernel memory content.
 sendmail file descriptor leakage
document File descriptors are not closed on external applications call.
 OpenPAM protection bypass
document In some situations policy from valid location may not be loaded.

8!GnuTLS and libtasn1 multiple security vulnerabilities
document Buffer overflows, integer overflows, NULL pointer dereference.
 libvirt XXE vulnerability
 Wing FTP Rush insufficient certificate validation
document SSL certificate is not validated.
 JavaMail header injection
document It's possible to inject header via setSubject.
 HP IceWall DoS
 Panda products privilege escalation
 VMWare privilege escalation
document NULL pointer dereference in VMWare Tools for Windows.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod