Computer Security
[EN] securityvulns.ru
no-pyccku

  


31.07.2008
Detailed
6!RealPlayer multiple security vulnerabilities
updated since 25.07.2008
document Buffer overflow on SWF files parsing. ActiveX memory corruption. ActiveX arbitrary files deletion.
  


30.07.2008
Detailed
6!ffmpeg library code execution
document Memory corruption on STR files parsing.
 Unreal Tournament multiple security vulnerabilities
document Memory corruption, NULL pointer dereference on network packet parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: crossite scripting, automation protection bypass.
 poppler library DoS
document Problem with PDF file widgets initialization.
  


29.07.2008
Detailed
6!AVG antivirus DoS
document Division by zero on UPX files parsing.
6!Multiple DNS servers and clients DNS records spoofing
updated since 12.07.2008
document DNS poisoning attack may be used to spoof query results.
 DoS through HP OpenView Internet Services Probe Builder
document It's possible to terminate any system process through TCP/32968
 Axesstel CDMA-routers unauthorized access
document It's possible to access configuration pages directly without password.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.07.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FireStats WordPress plugin: crossite scripting, automation protection bypass, DoS, information leak, unauthorized access.
  


26.07.2008
Detailed
 Apple Safari memory corruption
document memory corruption on stylesheets parsing.
 Cygwin setup packages spoofing
document Package source authentity is not checked during installation procedure.
  


24.07.2008
Detailed
 Asterisk multiple security vulnerabilities
document Traffic amplification, DoS with resouurces exhaustion.
 Wireshark sniffer DoS
document Application crash on network traffic parsing.
 Agnitum Outpost protection bypass
document File protection bypass with special characters in filenames.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Nucleus: information leak, SQL injection, crossite scripting, automation protection bypass.
  


22.07.2008
Detailed
6!EMC Dantz Retrospect backup server and lcient multiple security vulnerabilities
document Password recovery from hash for both server and client, memory corruption, DoS.
 ZDaemon games server DoS
document NULL pointer dereference on malformed network packet.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PostNuke: crossite scripting, automation protection bypass.
 SmbClientParser shell characters vulnerability
document Shell characters vulnerability with shared folder names.
  


19.07.2008
Detailed
6!HP Select Identity unauthorized access
document Unauthorized access via Active Directory Bidirectional LDAP Connector.
 afuse shell characters problem
document Privilege escalation with shell characters in filenames.
 F-Prot antivirus DoS
document Out-of-bound memory access on CHM files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contrexx CMS: crossite scripting, registration automation.
 Oracle SQL injection lateral attacks
updated since 27.04.2008
document SQL injection into uncontrolled PL/SQL procedires is possible with e.g. modification of data format with ALTER SESSION.
  


18.07.2008
Detailed
7!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Array index overflow on CSS parsing, crash on GIF processing under Mac OS X, code execution on command-line launch with URI.
6!PCRE buffer overflow
updated since 18.07.2008
document Buffer overflow on regular expression compilation.
 Velocity Web Server directory traversal
   
 vim Netrw plugin code execution
document Directory name shell characters vulnerability.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.07.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CNCat: crossite scripting.
 bluez bluetooth stack memory corruption
document Memory corruption on SDP packet parsing.
  


15.07.2008
Detailed
 Simple DNS Plus DoS
document Server crash on receiving few responses to single request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. phpWebSite: automated registration, crossite scripting.
  


12.07.2008
Detailed
7!Sun Java multiple security vulnerabilities
document 8 different vulnerabilities, including privilege escalation, sandbox protection bypass and code excutions.
6!Novell eDirectory multiple security vulnerabilities
document Integer overflows, memory corruptions.
6!Apache multiple DoS conditions
document mod_proxy requests recursion, mod_ssl memory leak.
 Apple Core Image Fun House buffer overflow
document Buffer overflow on .funhouse files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 vsftpd FTP server memory leak
updated since 12.07.2008
document Memory leak on invalid authentication attempt leads to memory exhaustion.
 Microsoft Outlook Web Access crossite scripting
updated since 09.07.2008
document Crossite scripting on different pages.
  


10.07.2008
Detailed
6!libpoppler library uninitialized pointer
updated since 09.07.2008
document Uninitialized pointer dereference on PDF parsing.
6!Microsoft SQL Server multiple security vulnerabilities
updated since 09.07.2008
document Buffer overflows, memorry corruptions, information leak.
 WeFi information leak
updated since 04.07.2008
document Log files are stored in world-readable folder.
  


09.07.2008
Detailed
7!Microsoft Windows Explorercode execution
document Problem while parsing saved search files .search-ms.
6!HP OpenView Network Node Manager multiple security vulnerabilities
document Unauthorized access, code execution.
6!Microsoft Windows DNS server and DNS client DNS reply spoofing
updated since 14.11.2007
document Weak pseudo-random generator is used to generate DNS request ID.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 09.07.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RavenNuke: CAPTCHA bypass.
 F5 FirePass SNMP DoS
document Crash on 1.3.6.1.2.1.25.6 traversing.
  


07.07.2008
Detailed
7!PCRE library buffer overflow
document Buffer overflow on regular expression compiling.
  


05.07.2008
Detailed
6!Microsoft Outlook information leak (callback)
document By setting CA certificate URL field in certificate used for message signing, it's possible to force Outlook to issue HTTP request without user intervation.
 Novell GroupWise Messenger Client buffer overflow
document Buffer overflow on MSN server response parsing.
  


04.07.2008
Detailed
 Mercurial version control system unauthroized access
document Directory traversal.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. SLAED CMS: CAPTCHA bypass, crossite scripting.
  


03.07.2008
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, code execution, certificate spoofing, .jar files signature spoofing, etc.
6!Ruby multiple security vulnerabilities
updated since 27.06.2008
   
 QNX phgrafx privilege escalation
document suid root utility buffer overflow on .pal files parsing.
 SÖLDNER - Secret Wars games server DoS
document CPU exhaustion on network packet parsing.
 - HP System Management Homepage crossite scripting
   
  


02.07.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.07.2008
Detailed
6!S.T.A.L.K.E.R. game server multiple security vulnerabilities
document Integer overflows, buffer overflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke 8.1.1 Discontrol - automation protection bypass.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
If you're planing to travel then Cluberia certainly help you reserve hotel



Rating@Mail.ru