Computer Security
[EN] securityvulns.ru no-pyccku



31.07.2007
Detailed
 BlueSkyChat ActiveX buffer overflow
document ConnecttoServer() hep memory buffer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Heartbeat claster software multiple DoS conditions
updated since 28.07.2006
document shmget shared memory section call weak permissions. remote DoS on heartbeat network messages parsing.
  


30.07.2007
Detailed
 Asterisk VoIP server IAX2 DoS
document NEW requests flood causes resources exhaustion.
 Fail2ban DoS
   
  


28.07.2007
Detailed
6!PHP glob code execution
document With negative argument values it's possible to executed code from address space controlled by attacker.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Sun Solaris finger information leak
document Additional accounts unformation is leaked if finger is requested with single digit argument.
  


27.07.2007
Detailed
6!libvorbis library multiple memory corruptions
   
6!IBM AIX utilities multiple security vulnerabilities
document Multiple suid root ftp client buffer overflow, dynamic library loading via -R command line argument in pioout, buffer overflow with terminal control sequences in capture.
 PHP win32service extension protection bypass
document Service management functions ara available from safe mode.
 Multiple Encase vulnerabilities
document Memory corruptions on processing of corrupted files and filesystems.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.07.2007
Detailed
6!BakBone NetVault Reporter scheduler service buffer overflow
document Heap buffer overflows in client (TCP/7978) and server (TCP/7977) schedule services.
 Festival for Linux weak defaults
document In default ocnfiguration, it's possible to access local service and execute command with root privileges withou password.
  


25.07.2007
Detailed
6!CA multiple application buffer overflow
document Buffer overflow in CA Message Queuing (TCP/3104) service.
6!Borland Interbase database server buffer overflow
document Buffer overflow on oversized TCP/3050 CREATE (0x14) request.
6!Panda AdminSecure agent buffer overflow
document Heap buffer overflow on parsing TCP/19226 and TCP/19227 network traffic.
6!IPSwitch IMAIL IMAP server buffer overflow
updated since 19.07.2007
document Buffer overflow in SEARCH and SUBSCRIBE commands and also during authentication procedure.
 NVClock symbolic links vulnerability
document Insecure creation of temporary files.
 Computer Associates eTrust Intrusion Detection code execution
document CallCode ActiveX allows access to unsafe functions.
 Computer Associates AntiVirus DoS
document Buffer overflow on CHM and RAR files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Windows ARP DoS
document Flood with packets with different MACs causes CPU exaustion.
  


24.07.2007
Detailed
7!Oracle multiple security vulnerabilities
updated since 19.07.2007
document DBMS_DRS.GET_PROPERTY and MDSYS.MD buffer overflow, crossite scripting, privilege escalation with views.
6!Cisco Wireless LAN Controllers DoS
document It's possible to cause ARP storm.
 rshd for Windows buffer overflow
document Buffer overflow on parsing TCP/514 request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Ipswitch Instant Messaging Server DoS
document Crash on parsing TCP/5179 traffic.
 Kaspersky Antivirus protection bypass
document Malware application can switch off antiviral protection by sitching the date 1 year back.
  


23.07.2007
Detailed
6!Secure Computing Security Reporter multiple security vulnerabilities
document Authentication bypass and directory traversal.
6!Norman Antivirus multiple security vulnerabilities
document Protection bypass with .DOC files, division by zero on DOC parsing, multiple buffer overflows on LZH and ACE archives parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


22.07.2007
Detailed
6!Citrix Access Gateway Citrix EPA ActiveX code execution
document ActiveX control allows to download and execute any executable module.
6!tcpdump buffer overflow
document Buffer overflow on BGP parsing.
6!Panda Antivirus integer overflow
document Integer overflow leads to buffer overflow on PE (.EXE) files parsing.
6!NOD32 Antivirus multiple security vulnerabilities
document Race conditions on CAB parsing, division by zero on ASPACK and FSG parsing, infinite loop on ASPACK parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.07.2007
Detailed
 JWIG DoS
document Loop on recursive template referencing.
  


19.07.2007
Detailed
8!Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
document Code execution, memory corruption, content spoofing, crossite scripting, DoS.
7!Trend Micro OfficeScan multiple security vulnerabilities
document Unauthorized access to administration interface, buffer overflow on session cookie parsing.
7!Asterisk VoIP server multiple security vulnerabilities
document Buffer overflow and DoS on IAX2 implementation, DoS in Skinny and STUN implementation.
7!Mozilla Firefox cache crossite access
updated since 10.07.2007
document wyciwyg:// URL in combination with 302 HTTP response allows to access cached pages.
6!Linux kernel multiple security vulnerabilities
updated since 19.07.2007
document DoS with cluster manager, DoS with usblcd driver, DoS with VFAT IOCTL.
6!Opera use-after-free vulnerability
document Memory is used after free() on BitTorrent headers parsing.
6!Trillian multiple security vulnerabilities
document Buffer overflow and unfiltered shell characters on aim:// URL processing.
6!Microsoft Internet Explorer 0-day vulnerability
updated since 10.07.2007
document Unfiltered shell characters on executed URL: protocol application handler.
 Microsoft DirectX buffer overflow
document Buffer overflow on compressed TGA images parsing.
 Cisco Wide Area Application Services DoS
document TCP TYN flood to TCP/139 and TCP/445 ports causes device to hang.
 CA eTrust Integrated Threat Management multiple buffer overflow
document Buffer overflows in Alert Notification Server RPC interface.
 IBM Tivoli Provisioning Manager for OS Deployment TFTP server DoS
document Devision by zero on invalid blksize argument.
 curl TLS certificates spoofing
document Certificate's activation adn expire dates are not checked if GnuTLS verification method is used.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 19.07.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM Lotus Notes information leak
document Administrator can enable debugging function to log all user's passwords.
  


18.07.2007
Detailed
 Yahoo Messenger buffer overflow
updated since 18.07.2007
document Buffer overflow on oversized e-mail address in address buuok entry.
  


15.07.2007
Detailed
 Microsoft Internet Explorer content spoofing
document It's possiblt to emulate navigation to different site by using document.open(), actually stayin in context of previous page.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 eSoft InstaGate EX2 UTM crossite forgery
document It's possible to submit the form with configuration data.
 Opera/Konqueror URL spoofing
document By using data: URL it's possible to spoof page location.
  


13.07.2007
Detailed
7!Progress database server buffer overflow
document Buffer overflow in network service TCP/5220, TCP/5230. Progress is installed by diffgerent RSA products.
7!Symantec Antivirus multiple buffer overflows
document Buffer overflows on CAB, RAR archives parsing.
7!Apple QuickTime buffer overflow
updated since 12.07.2007
document Buffer overflow on SMIL format parsing.
6!XMLDSIG code execution
document Multiple vulnerabilities on XML signatures validation.
6!XFS rc script race conditions
document Insecure usage of chown for temporary file allows to change ownersip of arbitrary file.
 libarchive multiple security vulnerabilities
document Memory corruption, buffer overflow, NULL pointer dereference.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 13.07.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.07.2007
Detailed
8!Adobe Flash player multiple security vulnerabilities
updated since 12.07.2007
document Multiple vulnerabilities lead to code execution and denial of service.
7!Symantec Backup buffer overflow
document Buffer overflow in RPC/based service (TCP/6106).
7!Cisco Unified Communications Manager / Presence Server multiple security vulnerabilities
document Unauthorized SNMP access, buffer overflow in Certificate Trust List (TCP/2444) and Real-Time Information Server Data Collector (TCP/2556).
6!XnView buffer overflow
updated since 12.07.2007
document Buffer overflow on parsing XPM image files.
6!SquirrelMail PGP plugin unfiltered shell characters
updated since 11.07.2007
document Unfiltered shell characters on external application invocation in fpr parameter of keyring_main.php script and in different places.
 Multiple applications security vulnerabilities
document Mozilla Firefox pop-ups DoS, Microsoft Register Server DoS, FreeWRL ActiveX memory corruption, Nonnoi ASP Barcode files overwrite, Eltima Software VSPAX DoS, Media Player Classic memory corruption, Eltima Software RunService AX DoS, Symantec Norton Ghost ActiveX DoS and code execution, ctiveReportsExcelReport, NMSDVDXLib, InnovaDSXP2.OCX ActiveX DoS.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.07.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IPSwitch WS_FTP logging daemon DoS
document Denial of service UDP/515 on network packet parsing.
 3COM Tippingpoint multiple protection bypass ways
document Invalid fragmented IP reassembly, some attacks against IIS may pass undetected.
  


11.07.2007
Detailed
8!Sun Java Webstart buffer overflow
updated since 10.07.2007
document Buffer overflow on JNLP file parsing.
7!Microsoft Windows Active Directory array overflow
updated since 10.07.2007
document Array index overflow on LDAP request parsing.
6!ClmAV antivirus / unrar denial of service
document NULL pointer dereference on RAR archive parsing.
6!Microsoft Publisher memory corruption
updated since 10.07.2007
document Memory corruption on .PUB files parsing.
 ISS Proventia Appliance multiple security vulnerabilities
document SSH user accounts detection, crossite scripting, PHP include, protection bypass.
 VisionSoft Audit multiple security vulnerabilities
document Buffer overflow, arbitrary files overwrite, information leak.
 AVG antivirus privilege escalation
document IOCTL 0x5348E004 allows unprivileged user to write kernel memory.
 IBM AIX libodm buffer overflow
document Buffer overflow on ODMPATH environment variable parsing.
 Zenturi Program Checker Pro ActiveX buffer overflow
document Buffer overflow in Fill method.
  


10.07.2007
Detailed
7!Microsoft Internet Information Server DoS
updated since 18.12.2005
document Request like http://www.example.com/_vti_bin/.dll/*\~0 for virtual folders with CGI execution enabled causes server to crash and potentially leads to code execution.
6!Microsoft Windows Vista firewall filtering bypass with Toredo
document Filtering tules are not applied to certein traffic types.
6!Microsoft Excel memory corruption
document Invalid calculation of version information causes memory corruption.
6!GIMP GNU image manipulation program multiple security vulnerabilities
document Multiple integer overflows on DICOM, PNM, PSD, PSP, Sun RAS, XBM, XWD formats parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 WinPCAPC packet capture layer privilege escalation
document One of IOCTLS allows kernel memory regions overwriting.
  


09.07.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.07.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 gfax symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
  


05.07.2007
Detailed
7!Asterisk VoIP server buffer overflow
document Multiple buffer overflows if T38 fax over SIP is enabled.
6!SAP Internet Communication Manager DoS
document DoS on 264 bytes long URI if Web caching is used.
6!SAP Message Server multiple buffer overflows
document Buffer overflows in services on ports TCP/3600, TCP/8100 and others.
6!SAP DB Web server buffer overflow
document Buffer overflow in enclosured Web server (TCP/9999).
6!HP Instant Support Driver Check ActiveX buffer overflow
updated since 04.07.2007
document Buffer overflow in queryHub() method.
6!Multiple SAP Internet Graphics Service security vulnerabilities
updated since 06.12.2006
document File removal, insecure undocumented features, buffer overflow, crossite scripting.
 EnjoySAP SAP GUI multiple ActiveX security vulnerabilities
document Multiple DoS conditions, buffer overflows, file creation.
 MySQL RENAME privilege escalation
document DROP permission is not checked during RENAME operation.
 GIMP GNU image manipulation program buffer overflow
document Heap buffer overflow on PSD image parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


04.07.2007
Detailed
8!GNU C integer overflow
document Integer overflow in ld.so dynamic loader.
6!Adobe air weak security model design
document Application restrictions are not enforced.
6!Internet Explorer drag-n-drop vulnerability
updated since 25.08.2004
document By using javaasript in conjunction with shell:startup it's possible to place executable into startup folder if user drags an object on the page or scrolls the page.
 Fujitsu-Siemens PRIMERGY BX300 switch authentication bypass
document It's possible to access some Web interface pages without authentication by their URL.
 Fujitsu-Siemens ServerView code execution
document Shell characters filtering problem in Web interface "ping" CGI script.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.07.2007
Detailed
7!Java Web Start directory traversal
document Directory traversal allows to bypass sandbox environment.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


02.07.2007
Detailed
8!Firebird database server buffer overflow
document Buffer overflow on database connect request processing.
 unicon-imc2 code execution
document Unsafe environment variable usage.
 gsambad Samba configuration tool symboc links vulnerability
document Symbolic links problem on temporary files creation.
 fireflier-server firewall configuration tool symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
 Yoggie Pico Pro security appliance code execution
document Unfiltered Web interface shell characters.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod