Computer Security
[EN] securityvulns.ru
no-pyccku




30.07.2009
Detailed
8!ISC bind named DNS server DoS
updated since 29.07.2009
document Crash on dynamic update message with ANY type (disablind dynamic updates doesn't eliminate problem).
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.07.2009
Detailed
6!Cisco IOS BGP DoS
document Few denial of service conditions on BGP updates with 4-bytes AS numbers.
6!Linux eCryptfs buffer overflow
document Buffer overflows on parse_tag_11_packet and parse_tag_3_packet functions.
 HP servers with LO100i (HP Lights Out 100) DoS
   
 Linux kernel DoS
document NULL pointer dereference on /dev/kvm call handling.
 Firebird SQL DoS
document op_connect_request request with invalid paramters causes server to shutdown listening socket end enter infinite loop.
  


28.07.2009
Detailed
6!OpenEXR multiple security vulnerabilities
document Integer overflow, buffer overflow, uninitialized pointer.
6!Google Chrome crossite scripting
document Crossite scripting with chrome://history/ and view-source:chrome://history/
6!Squid multiplesecurity vulnerabilities
document Multiple denial of service conditions.
  


27.07.2009
Detailed
7!Linux kernel privilege escalation
updated since 20.07.2009
document Error in NULL pointer dereference error handling.
6!Cisco Wireless LAN Controllers multiple security vulnerabilities
document Buffer overflow on authentication in embedded Web-server, multiple DoS conditions, unauthorized access to some ocnfiguration commands.
 The Movie Player / VLC Media Player integer overflow
document Integer overflow on Real stream parsing.
 NcFTPd privilege escalation
document By symlinking .message file it's possible to obtain content of the file behind FTP root.
 MySQL format string vulnerabilities
document COM_CREATE_DB, COM_DROP_DB format string vulnerabilities
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mozilla Firefox URL spoofing
document It's possible to spoof error text on invalid URL.
  


24.07.2009
Detailed
8!Adobe Flash Plasyer memory corruption
document Memory corruption on Flash parsing.
 Communigate Pro crossite scripting
document Crossite scripting on URLs inside message.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Asante FM2008 backdoor account
updated since 16.12.2004
document Undocumented superuser/asante account.
  


23.07.2009
Detailed
7!Apple iPhone memory corruption
document Integer overflow on CSS processing leads to memory corruption.
6!Akamai Download Manager ActiveX code execution
document It's possible to download and execute code without user intervation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


22.07.2009
Detailed
8!Multiple Mozilla Firefox security vulnerabilities
document Multiple memory corruptions, crossite access, integer overflows, buffer overflows.
6!Novell Privileged User Manager code execution
document It's possible to load dynamic libraries (including ones from network shares) by user's request.
  


21.07.2009
Detailed
 NASA CDF library multiple security vulnerabilities
document Memory corruptions in ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), CDFsel64() functions.
 Multiple browsers DoS
updated since 16.07.2009
document select() method doesn't limie the number of selected elements, leading to resources exhaustion.
  


20.07.2009
Detailed
6!net-snmp multiple security vulnerabilities
updated since 10.11.2008
document Buffer overflow in snmp_get, integer overflow in SNMP agent.
 Real Helix Server DoS
document DoS on RTSP and SETUP requests handling.
 dbus DoS
document Denial of Service via dbus_signature_validate.
  


19.07.2009
Detailed
 Multiple browsers DoS
document Crash or resources exhaustion on oversized unicode string operations via Javascript.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.07.2009
Detailed
6!Terratec HomeCinema multiple security vulnerabilities
document System libraries are replaced with outdated viersions during installation process in insecure manner.
6!PulseAudio race conditions
document Race condition on temporary files creation allow symlink attack.
 Android camera and audio control bypass
document Access control is only checked on application request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.07.2009
Detailed
 Cisco Unified Contact Center Express multiple security vulnerabilities
document Directory traversal and crossite scripting via administration page.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Office Publisher uninitialized pointer dereference
updated since 14.07.2009
document Uninitialized pointer dereference on older Publisher format conversion.
  


15.07.2009
Detailed
9!Microsoft Video ActiveX code execution
updated since 07.07.2009
document ActiveX vulnerability is actively for hidden malware installation.
6!ISC DHCP client buffer overflow
document Buffer overflow on network mask processing.
 Microsoft Virtual PC / Microsoft Virtual Server privilege escalation
document Acceess to certain privileged instructions is not checked within virtual machine.
  


14.07.2009
Detailed
7!Microsoft DirectShow multiple security vulnerabilities
document Multiple DoS conditions and memory corruptions on Apple QuickTime formats processing.
7!Mozilla firefox memory corruption
document Memory corruption during javascript processing.
6!HP ProCurve Threat Management Services zl Module multiple security vulnerabilities
document DoS conditions, unauthorized access.
6!libtiff multiple security vulnerabilities
updated since 07.07.2009
document Crash on LZWDecodeCompat. Potantial integer overflows in tiff2rgba and rgb2ycbcr.
 Microsoft ISA Server RADIUS authentication bypass
document It's psosible to bypass form-based authntication if server is set to use RADIUS authentication with One Type passwords.
 Novell eDirectory iMonitor buffer overflow
document Off-by-one overflow on HTTP Accept-Language: header.
  


13.07.2009
Detailed
7!Wyse terminals buffer overflow
document Buffer overflow in hagent.exe
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.07.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


10.07.2009
Detailed
 HTC handheld PCs directory traversal
document Bluetoth stack OBEX FTP directory traversal.
 Mozilla Firefox / Microsoft Internet Explorer / Opera /Google Chrome DoS
updated since 26.05.2009
document Hang on circle with large radius value in SVG tags. Hang and memory leak on reload with keygen tag.
  


09.07.2009
Detailed
6!Symbian / Nokia N96 multiple security vulnerabilities
updated since 06.07.2009
document Memory corruption on different multimedia formats.
 Apache DoS
document Data exceeding Content-length value causes CPU exhaustion. mod_deflate doesn't break file compress operation if client disconnects.
 Awingsoft Awakening Winds3D Viewer unauthorized access
document Code execution, file system access.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 MySQL COM_CREATE_DB format string vulnerability
document Format string vulnerability via databse name.
 IBM Lotus Sametime Instant Messaging and Web Conferencing
document Different reply timeings in case for invalid username and password.
  


08.07.2009
Detailed
6!Linux kernel multiple security vulnerabilities
document RTL8169 driver DoS, deadlock in inode processing code.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.07.2009
Detailed
 Avax Vector ActiveX buffer overflow
document Heap buffer overflow via PrinterName property.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 07.07.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 TekRADIUS privilege escalation
   
 Pidgin instant messenger DoS
document Memory exhaustion on OSCAR (ICQ) ICQWebMessage message processing.
 Photo DVD Maker buffer overflow
document Buffer overflow on .PDM files parsing.
  


06.07.2009
Detailed
7!Apple iPhone memory corruption
document Memory corruption on SMS messages parsing.
 Dillo browser integer overflow
document Integer overflow on PNG parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 xscreensaver symbolic links vulnerability
updated since 05.07.2009
document It's possible to obtain content of any file via ~/.xscreensaver symlink.
  


05.07.2009
Detailed
 Sun One WebServer source code disclosure
document It's possible to obtains page source code via alternate NTFS streams (http://server/hello.jsp::$DATA)
  


03.07.2009
Detailed
7!FreeBSD multiple security vulnerabilities
updated since 07.09.2008
document mount / nmount syscall implementcation buffer overflow. amd64 CPU registers privilege escalation. DoS через ICMPv6.
6!Soulseek buffer overflow
document Buffer overflow on file search functionality.
6!phion airlock Web Application Firewall multiple security vulnerabilities
document DoS, code execution.
 HP-UX nfs utilities DoS
   
 Sourcefire 3D Sensor / Sourcefire Defense Center privilege escalation
document Web interface privilege escalation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ModSecurity multiple security vulnerabilities
document Few denial of service conditions.
 Multiple Axesstel MV 410R wireless router security vulnerabilities
document Crossite scripting, devica access from WAN, default account.
 Artofdefence Hyperguard Web Application Firewall DoS
document Denial of service via memory exhaustion.
  


01.07.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru