Computer Security
[EN] no-pyccku

7!Cisco routers IOS IPv6 vulnerability
document Bug during IPv6 packets parsing leads to router crash and potentially to code execution.
6!Novell eDirectory NMAS unauthorized access
document Forgotten password recovery option allows to recover password without answering secret question.
6!Opera 8 multiple security vulnerabilities
updated since 16.06.2005
document Crossite scripting on message generation if automatic redirection is disabled. javascript: crossite scripting. XMLHttpRequest object crossite access. Download dialog spoofing. Crossite scripting on image dragging.

 gopher symbolic links problem
document Symbolic links problem on temporary files creation.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 25.07.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

6!Sophos Antivirus buffer overflow
6!McAfee WebShield applience backdoor account
document There is built-in account with predefined login and password.
6!HP OpenView Radia Management Agent code execution
updated since 30.04.2005
document Directory traversal on external application invocation.

8!Multiple Mozilla / Firefox / Funderbird browsers and mail agent vulnerabilities
updated since 13.07.2005
document Multiple crossite scripting vulnerabilities, bypassing scripting protection, code execution.
7!MDaemon attachments directory traversal
document Directory traversal on attachment saving in content filtering option.
 Multiple eMule vulnerabilities
document DoS on Kad protocol parsing. Vulnerable version of zlib protocol is used.
 Microsoft Windows USB drivers buffer overflow
document Buffer overflow on USB device response parsing.
 FreeBSD IPSec authentication bypass
document Static key is used for AES-XCBC-MAC algorithm.
 SCO Unixware RPC request DoS
document Invalid bind request causes RPC portmapper service to hang.
 IBM Access information leak
document Critical data is stored in shared memory segment, open for reading and writing.
 ekg Gadu Gadu client / libgadu multiple vulnerabilities
updated since 05.07.2005
document Symbolic links problem on temporary files creation. Unfiltered shell characters. Libgadu integer overflow. Multiple platform-specific problems.

6!ProFTPD format string vulnerabilities
document Format string in directory name on shutdown message.
 Sun Solaris libmle privilege escalation
 Hauri antivirus updates and antiviral databases content spoofing
document Files integrity is not checked during update process.
 FTPShell FTP Server DoS
document Few FTP connections terminated without QUIT command cause service to crash.
 Apache SSL buffer overflow
document Buffer overflow on ssl_callback_SSLVerify_CRL( ) function.
 3com office connect wireless access point information leak
 Hobbit Monitor DoS
document Denial of Service during network message parsing.
 netpbm / pstotext PostScript code execution
updated since 25.07.2005
document -dSAFER option is not used while calling GhostScript.

7!Multiple ClamAV antivirus integer overflows
document Integer overflows on multiple file formats ( TNEF, CHM, FSG) parsing lead to heap corruption.
 Gentoo Linux sandbox portage package management system utility symbolic links problem
document Race conditions during temporary files creation.
 Multiple Siemens Santis 50 wireless router vulnerabilities
document DoS, local network administration backdoor access.
 SAP R/3 Internet Graphics Server directory traversal
document Directory traversal on accesing htdocs folder.
 Unfiltered shell characters in vim editor
document modelines mode shell characters problem on file open.

 GoodTech SMTP Server for Windows DoS
updated since 08.06.2005
document Incomplete e-mail addres in RCPT TO: command causes server to crash. Oversized RCPT TO: causes buffer overflow.

6!Multiple MySQL database management system vulnerabilities
document Multiple DoS, vulnerable zlib version is used.
6!Multiple Avast! antivirus ACE archives vulnerabilities
document Directory traversal, buffer overflow.
 Greasemonkey Firefox extension information leak
document Privileged functions are available with GM_xmlhttpRequest().
 Multiple DNRD Domain Name Relay Daemon vulnerabilities
document Multiple buffer overflow
 Small HTTP Server FTP Server directory traversal
 KF Webserver protection bypass
document By requesting resource like http://[victim_address]/All%20Disk%20Drives/C:/ it's p[ossible to access protected directory.
 Mozilla XPCOMM Race Conditions
document Race conditions on object deletion prior to complete page download laed to application crash.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 18.07.2005
 BIG-IP multiple problems
updated since 13.07.2005
document Certificates handling problem allows to bypass authentication process.
 Xerox WorkCentre Pro multiple vulnerabilities
updated since 08.07.2005
document Multiple Web interface vulnerabilities: authentication bypass, DoS, crossite scripting.

6!FreeBSD defvs jail restrictions bypass
document It's possible to access restricted hidden device nodes from kailed environment.

 PeanutHull Dynamic DNS client privilege escalation
document Help subsystem is launched with local system privileges.

6!Multiple MDaemon mail server vulnerabilities
document DoS on incomlete CRAM-MD4 handshake, buffer overflow on IMAP CREATE command.
6!Novell GroupWise WebAccess multiple bugs
updated since 17.01.2005
document Crossite scripting, unauthorized access.
 Multiple Race Drivers game vulnerabilities
document Buffer overflows, format string bugs,
 MRV InReach console server restrictions protection bypass
document If SSH key is used for authentication ports restrictions are not applied.

 Shoreline Firewall (ShoreWall) protection bypass
document If MAC addres authentication is used, all security rules and policies are bypassed.
 Futuresoft TFTP Server multiple vulnerabilities
updated since 01.06.2005
document Directory traversal, buffer overflow.

9!Microsoft Windows Color Management module buffer overflow
updated since 13.07.2005
document Buffer overflow during ICC tags processing in different graphics formats, including JPEG.
9!Sun Solaris LD_AUDIT privilege escalation
updated since 28.06.2005
document LD_AUDIT environment variable allows to attch external dynamic library compiled with library. In addition, there is buffer overflow while parsing this variable.
 Multiple PowerDNS bugs
document LDAP questions are not properly escaped, leading to deadlock with LDAP server. Race conditions then clients with recursion allowed are unable to perform recursive query after query from the client with recursion denied.
 Microsoft Outlook special DOS device names DoS
document Microsoft Outlooks gangs on the messages with attachment with special device name.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 11.07.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

7!Multiple Internet Explorer JPEG parsing problems
document Multiple problems including memory corruption on JPEG parsing.
 Skype communicator symbolic links problem
document Symbolic links problem on temporary files creation.
 Sybase EAServer buffer overflow
document Buffer overflow in CGI.
 JRun authntication token race conditions
document Race conditions lead to situation same token is issued to few clients.
 DG Remote Control Server DoS
document Malcrafted network packet causes service to crash.
 Belkin wireless routers multiple vulnerabilities
document Default admin account with no password, passwords in cleartext.

6!Remote Windows XP DoS
document Access behind allocated memory on network packets handling.
6!WinAmp MP3 files ID3v2 tags buffer overflow
document Buffer overflow on oversized ID3v2 tag fields.
 Sophos antivirus ZIP files Denial of Service
document Infinite loop while parsing ZIP files with BZIP2 comperssion and invalid archive length.
 Multiple SquirrelMail vulnerabilities
updated since 14.07.2005
document Crossite scripting, possibility to verwrite other user settings.

6!Cisco Security Agent IP packet DoS
document If a crafted IP packets with certain characteristics are sent to a Windows platform running CSA 4.5, Windows will halt with a blue screen and system crash.
 Cisco ONS telnet service DoS
document Sending a specially crafted stream of data to a telnet session can cause the session to lock up.
 OpenLdap pam_ldap / nss_ldap weak password change encryption
updated since 04.07.2005
document TLS is not used with LDAP server during password change, password is transmitted in cleartext.

8!Multiple MIT krb5 Kerberos 5 vulnerabilities
document krb5_recvauth() double free() problem. Buffer overflow and memory corruption in KDC.
8!Microsoft Internet Explorer buffer overflow
updated since 29.06.2005
document Buffer overflow while parsing document with embedded non-ActiveX <object> elements.
7!Multiple MacOS X vulnerabilities
document System wide denial of service on parsing malcrafted TCP packet. Possibility to overwrite system widget.
6!Microsoft Word buffer overflows
document Stack overflow on font information parsing.
 Apple Darwin Streaming Server special device name DoS
document DoS with Web interface while requesting document with special DOS device name.
 Electronic Mail Operator symbolic links problem
document stats_dump() symlink problem during temporary file creation.
 Heartbeat symbolic links problem
document Smlink problems on temporary files creation in different code fragments.
 Multiple SoftiaCom wMailServer vulnerabilities
document Users passwords are stored in unsafe place. Buffer overflow on oversized SMTP command.
 MailEnable mail server multiple vulnerabilities
updated since 07.04.2005
document DoS on extended ASCII characted in EHLO command. Multiple IMAP buffer overflows. Authorization HTTPS buffer overflow.

6!Multiple Cisco Call Manager vulnerabilities
updated since 12.07.2005
document Memory corruptions, memory leaks and DoS.
6!Linux kernel ia32 compatibility for 64 bit platforms race condtions
document Race conditions with heap memory corruption in execve() syscall.
6!Squid proxy server DNS reply spoofing
document Blind DNS server reply spoofing is possible.
 SMS symbolic links problem
document Symbolic links problem during insecure tamporary files creation in
 xpvm symbolic links problem
document Symbolic links problem in xpvm.tcl during temporary files creation.
 MMS Ripper Microsoft Media Services streams buffer overflow
document Heap overflow on MMST stream ID parsing.
 Microsoft IIS RCP/Encoded SOAP services DoS
document Infinite loop on complex arrey parsing.
 dhcpcd DHCP client DoS
document Size conformance between datagrame size and data size is not controlled.
 Hardware Cisco IP phones SIP messages spoofing
updated since 07.07.2005
document Due to insufficient data validation an attacker can send Messages-Waiting message to phone.
 Multiple McAffee Intrushield IPS (intrusion prevention system) vulnerabilities
updated since 07.07.2005
document Multiple web interface vulnerabilities including crosssite scripting and privilege escalation.
 Sukria backup manager weak repository permissions
updated since 10.06.2005
document Repository is world readable. Insecure temporary files creation.

 PHP, ASP, CGI web applications security vulnerabilities
updated since 04.07.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

 IBM Tivoli Management Framework DoS
document lcfp process allows only 1 connection in 5 minutes before authentication. It makes it possible to deny access to service for 5 minutes.
 PrivaShare Peer-to-Peer Chat and File Sharing Application DoS
document Denial of service on invalid network message.
 Novell NetMail crossite scripting
document Crossite scripting on attached HTML files.
 Debian Linux apt-setup weak permissions
document apt.conf file is created world readable.
 Multiple Bugzilla bug tracking system vulnerabilities
document It's possible to change bug flag and, under rare condition to view private bugs by unprivileged user.

6!Solaris unprivileged port hijacking
updated since 20.04.2005
document It possible to bind a process to a non-privileged network port, which already has been bound
 Lotus Notes mail server crossite scripting
document HTML attachment content is not filtered in Web interface.
 Access Remote PC weak password encryption
document Proxy server password is stored in cleartext in registry.
 net-snmp TCP DoS
document Error during connection-oriented protocols parsing.
 TCP Chat DoS
document DoS on invalid message format.
 Windows XP / 2000 / 2003 / NT named pipes usernames information leak
updated since 09.02.2005
document It's possible to retrieve usernames of the users accessing network resources.

6!Adobe Acrobat Reader for unix buffer overflow
document Buffer overflow in UnixAppOpenFilePerform() on /FILESPEC tag parsing.
6!Mozilla / Furefox / Thunderbird browsers GIF files buffer overflow
updated since 24.03.2005
document Buffer overflow on GIF file parsing.
 gnats (GNU problem report management system) privilege escalation
document By using -o option it's possible to overwrite local file with 'gnats' or 'root' user's privileges depending on installation.

6!Windows XP memory information leak
document If WMI is used a part of RPC cache memory is not cleaned, making sensitive information leakage.
 Centericq symbolic links problem
document Symbolic links problem on temporary files creation.
 KDE popper Windows messenged compatible message sender symbolic links problem
document Symbolic links problem on temoprary file creation.
 SpamAssassin and Vipul's Razor antispam filters DoS
updated since 17.06.2005
document CPU exhaustion on malcrafted e-mail headers.
 ppxp ppp dialup client privilege escalation
updated since 19.05.2005
document Elevated privilieges are not dropped than external aplication is executed or log file is open.
 Buffer overflow in PlanetWeb
updated since 17.09.2002
document Heap overflow on oversized GET request. Buffer overflow on oversized FTP request.

6!Courier Mail Server memory coruuption
document Memory corruption on SPF DNS records processing.
 log4sh symbolic links problem
document Symbolic links problem during temporary files creation.

 NetBSD audio drivers ioctl DoS
document Division by zero during ioctl() processing fo few audio cards types.
 PHP, ASP, CGI web applications security vulnerabilities
updated since 27.06.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

6!Multiple hardware platforms hyper threading technology systems information leak
updated since 13.05.2005
document Unprivileged thread can read data from privileged thread memory from CPU cache memory.
 Avaya Call Management System symbolic links problem
document lpadmin symbolic links problem.
 Hitachi Hibun privilege escalation
document PCMCIA hard disks are treated as internal devices without copying limitations. Hibun Viewer allows privileges beyond View permissions.
 Weak SSH Tectia Server key permission
document Server's private key is open for reading.
 PrevX Pro Intrusion Prevension System multiple vulnerabilities
document Protection bypass be using memory mapping and internal syscalls, DoS.
 Windows XP Service Manager race conditions
updated since 22.04.2003
document On some race conditions confidential information may appear in the files open by system services during system shutdown.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod