Computer Security
[EN] securityvulns.ru
no-pyccku




29.07.2006
Detailed
6!Osiris system integrity monitor format string vulnerability
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


28.07.2006
Detailed
6!ISS RealSecure / BlackICE DoS
document Bug in SMB_MailSlot_Heap_Overflow (MS06-035/KB917159) vulnerability attack detection leads to 100% CPU usage.
6!Yahoo Messenger instant messenger agent DoS
updated since 22.06.2006
document Application crashes on message with malformed link. Vulnerability is known to be used in-the-wild.
6!Cisco VPN client for Windows privilege escalation
updated since 25.05.2006
document Privilege escalation with help subsystem.
 Symantec Brightmail AntiSpam multiple security vulnerabilities
document It's possible to DoS system and access system files if control center access is enabled from any computer.
 InterActual Player ActiveX buffer overflow
document Buffer overflow in ITIRecorder.MicRecorder control.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Winlpd buffer overflow
document Buffer overflow on LPR (TCP/515) request handling.
  


27.07.2006
Detailed
 Zyxel Prestige 660H-61 crossite scripting
   
 Sheila unfiltered shell characters problem
document Filenames shell characters problem.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco VPN Concentrator DoS
document IKE requests flood leads to resource exhaustion.
  


26.07.2006
Detailed
 AutoVue SolidModel Professional archiver multiple buffer overflows
document Buffer overflows on multiple archive formats handling.
 FileCOPA FTP Server multiple buffer overflows
document Multiple FTP commands buffer overflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


25.07.2006
Detailed
7!Apache crossite scripting
document By using Expect: header it's possible to inject HTML code to another site's context.
6!AgePhone software SIP IP phone buffer overflow
document Buffer overflow on SIP packet parsing.
 TurboZIP buffer overflow
document Buffer overflow on corrupted archive repair.
 DynaZip buffer overflow
document Buffer overflows in DZIP32.DLL/DZIPS32.DLL libraries on ZIP archives processing.
 Warzone Resurrection game buffer overflows
document Buffer overflows in recvTextMessage and NETrecvFile functions.
 Password Safe protection bypass
document Password database locking doesn't work under some specific conditions.
 Opsware Network Automation System weak permissions
document /etc/init.d/mysqll init script contains MySQL 'root' account password in cleartext.
 Siemens Speedstream Wireless Router Denial of Service Vulnerability
document Malformed request to Web interface causes router to hang.
 libmikmod library buffer overflow
document Heap memory overflow on GT2 file format parsing.
 CheckPoint Firewall-1 directory traversal
document TCP/18264 built-in Web-server directory traversal.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeCiv Civilization game clone DoS
updated since 07.03.2006
document Out of memory reference.
  


24.07.2006
Detailed
6!Tippingpoint aplianca protection bypass
document Attacker can force firewall to switch to layer 2 filtering mode.
6!Sun Solaris information leak
document sysinfo() function leaks kernel memory content.
 libdumb library buffer overflow
document Buffer overflow on parsing IR music files format.
 Cheese Tracker buffer overflow
document Buffer overflow on XM format files parsing.
 Novell firewall client privilege escalation
document "Save Configuration As..." dialog allows execute application with Local System privilege.
 BT Voyager wireless routers information leak
document It's possible to access backup configuration file and PPP account data without authentication.
 VMWare for Unix weak permissions
document Under specific condition remoteadministration private key file may be created world-readable.
 Rocks Clusters privilege escalation
document "mount-loop" and "umount-loop" suid application privilege escalation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


22.07.2006
Detailed
6!D-Link routers UPNP buffer overflow
document Buffer overflow on oversized UPNP (TCP/1900) M-SEARCH request.
6!Linux kernel procfs race conditions
document Privilege escalation is possible.
6!OutpostFirewall / Lavasoft Firewall privilege escalation
document Firewall administration application launches explorer.exe with Local System privileges if explorer.exe is not running.
6!Multiple Ethereal / TEthereal / TShark / WireShark security vulnerabilities
document Buffer overflows in multiple protocols dessectors.
6!Multiple Cisco Security Monitoring, Analysis and Response System security vulnerabilities
document Default preconfigured Oracle databse account, JBoss code execution, multiple administrative interface code executions.
6!Microsoft Internet Information services buffer overflow
updated since 11.07.2006
document Buffer overflow in ASP files processing leads to privilege escalation.
 Multiple UFO2000 game security vulnerabilities
document Memory corruptions, buffer overflows, SQL injections, etc.
 Weak Mercury Messenger permissions
document Chat log director yis world-readable.
  


14.07.2006
Detailed
9!Microsoft Windows XP/2003 Picture and Fax Viewer / Wine / ME code execution
updated since 28.12.2005
document Buffer overflow on parsing WMF metafiles. It may be used for silent Spyware/Trojan installation with Internet Explorer or another browser and also with Lotus Notes. There are vulnerabilities not covered by MS06-001.
6!McAfee ePolicy Orchestrator directory traversal
document It's possible to access any files with TCP/8081 interface.
 Multiple Microsoft Works vulnerabilities
document Multiple vulnerabilities including buffer overruns on different file formats parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.07.2006
Detailed
 libtunepimp library buffer overflow
document LookupTRM::lookup() oversized album release date buffer overflow.
 Juniper JunOS IPv6 DoS
document Memory leak on specific IPv6 packet processing.
 BT Voyager wireless information leak
document It's possible to access few configuration files without authentication.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.07.2006
Detailed
8!Microsoft Office buffer overflow
updated since 08.07.2006
document Buffer overflow in mso.dll LsCreateLine function. Buffer overflow on image formats parsing.
7!Linux cored ump files privilege escalation
document Application can create coredump file in any directory by setting rlimits.
6!Cisco Intrusion Prevention System DoS
document Device failure on malformed network packet.
6!Multiple Cisco Unified CallManager security vulnerabilities
document Multiple vulnerabilities with Command Line Interface and SIP protocol processing.
 eBay Enhanced Picture Services buffer overflow
   
 Cisco Router Web Setup weak default security settings
document By default it's possible to access IOS Web interface without authentication with highest access security level.
 Finjan Appliance cleartext password
document ps.fdb.bak file contains Firebird database server password.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.07.2006
Detailed
7!Multiple Macromedia flash player security vulnerabilities
document Multiple security vulnerabilities lead to code execution with possibility for silent malware installation.
6!ASP.NET source code disclosure
document It's possible to retrieve source codes for scripts and executable, except protected file extensions.
6!WinGate directory traversal
document Directory traversal with IMAP.
 Juniper DX crossite scripting
document Web administration system log crossite scripting thorugh username.
 Samba file server DoS
document Memory exhaustion in smbd by issuing large number of share connection requests.
 Multiple FlexWATCH network camera security vulnerabilities
document Crossite scripting, authentication bypass.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


10.07.2006
Detailed
 SipXtapi SIP library buffer overflow
document Buffer overflow on CSeq field parsing.
 MIMESweeper For Web Crossite scripting
document Crossite scripting for blocked page.
  


09.07.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


08.07.2006
Detailed
 GIMP GNU image manipulation program buffer overflow
document Buffer overflow on XCF format parsing.
 Multiple WebEx downloader plugin vulnerabilities
document Buffer overflow, code execution.
 Kaillera buffer overflow
document Static buffer overflow on oversized nickname.
 Sparklet game format string vulnerabilitity
document Format string vulnerability on player name displaying.
 MICO CORBA implementation DoS
document Crash on invalid object key.
 Multiple AdPlug Adlib library buffer overflows
document Stack and heap based buffer overflows on CFF, MTK, DMO, DTM, S3M formats parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.07.2006
Detailed
8!Suid utilities (vixie-cron, shadow, ppp) user limits privilege escalation
updated since 26.05.2006
document setuid() return code is not checked. It makes it possible to execute code with root privileges by exhausting user limits.
 libmms multimedia stream library buffer overflows
document Multiple buffer overflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Touch ActiveX control code execution
document Execute() method allows execution of arbitrary files.
  


05.07.2006
Detailed
 JetAudio buffer overflow
document Buffer overflow on oversized media file tag.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


04.07.2006
Detailed
 ImgSvr buffer overflow
document Buffer overflow on oversized HTTP POST request.
 Multiple TK8 Safe vulnerabilities
document Password bruteforcing, protected directory overwriting, buffer overflow.
 F5 FirePass 4100 security appliance crossite scripting
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.07.2006
Detailed
 Communigate Pro mail server DoS
document Server crash on empty mailbox access with malformed client.
  


02.07.2006
Detailed
6!Multiple HP-UX utilities security vulnerabilities
document 'mkdir' privilege escalation, 'passwd' DoS.
6!Apple iTunes integer overflow
document Inter overflow on AAC files parsing (.M4A, .M4P) with invalid sample_size_table value.
6!libwmf integer overflow
document Integer overflow causes heap overflow.
 Hobbit client unauthorized files access
document logfecth suid utiliy allows local files access.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru