Search:Vulnerability - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

30.07.2010
Detailed

6! OpenLDAP multiple security vulnerabilities
document Memory corruptions, DoS condition

29.07.2010
Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

QQPlayer buffer overflow
Buffer overflow on .smi files parsing.

Mac OS X WebDav DoS
It's possible to cause kernal panic via webdav_mount() function.

28.07.2010
Detailed

7! PgnuPG use-after-free vulnerability
document Use-after free vulnerability on certificate parsing.

Nessus Web Server security vulnerabilities
nessusd_www_server.nbin plugin information disclosure and crossite scripting.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 23.07.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Media Player Classic buffer overflow
Heap buffer overflow on .m3u playlist parsing.

24.07.2010
Detailed

9! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, use-after-free, integer overflows, array index overflow, code execution, etc.

SAP NetWeaver multiple security vulnerabilities
Crossite scripting in different components.

iputils ping DoS
Utility may hang on server response parsing.

23.07.2010
Detailed

6! Cisco Content Delivery Engine directory traversal
document Cisco Internet Streamer directory traversal.

RSA Federated Identity Manager URL redirection

22.07.2010
Detailed

7! Hewlett Packard applications multiple security vulnerabilities
updated since 18.07.2010
document >20 vulnerabilities in different applications are fixed.

6! Novell Groupwise multiple security vulnerabilities
updated since 16.07.2010
Buffer overflow for stack buffer (stack overrun) on Webaccess Proxy feature. Buffer overflow in IMAP.

20.07.2010
Detailed

8! Oracle / Sun applications multiple security vulneraebilities
updated since 15.07.2010
document Quarterly update fixed 59 different vulnerabilities.

19.07.2010
Detailed

Microsoft ClickOnce technology insufficient security
document Installation of unsigned elements is allowed.

18.07.2010
Detailed

7! Ipswitch Imail multiple security vulnerabilities
document Format string vulnerabilities, unfiltered shell-characters, code execution.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

GIGABYTE Download Center ActiveX array index overflow
document Array index overflow in SetDLInfo() method of Dldrv2 ActiveX

Juniper Secure Access crossite scripting
updated since 15.06.2010
Administration interface crossite scripting.

17.07.2010
Detailed

7! IBM soliDB buffer overflow
document Buffer overflow in TCP/1315 service.

python security vulnerabilities
Buffer overflow in audioop.lin2lin, memory corruption in audioop.reverse.

SAP GUI ActiveX unauthorized access
updated since 28.09.2009
EAI WebViewer2D, VSFlexGrid, SAPBExCommonResources components insecure method.

16.07.2010
Detailed

VTE control characters vulnerability
document Control characters are not checked when setting window or icon title, making it possible to insert terminal ESC-sequences.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

15.07.2010
Detailed

7! Microsoft Outlook code execution
updated since 14.07.2010
document It's possible to execute file from UNC resource by sending reference to file as ATTACH_BY_REFERENCE attachment.

VMWare Studio priovilege escalation
Privilege escalation via vami-sfcbd/

WinAmp buffer overflows
Multiple buffer overflows on .flw files parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

dotDefender protection bypass
It's possible to bypass XSS protection.

14.07.2010
Detailed

7! Microsoft Access security vulnerabilities
document Multiple memory corruptions.

7! Microsoft Windows Canonical Display integer overflow
Integer overflow on image displaying.

7! Microsoft Windows Help and Support Center code execution
Code injection via URL.

FreeBSD privilege escalation
Under some conditions it's possible to bypass read-onyy flag for mbuf pages.

13.07.2010
Detailed

znc DoS
document NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection.

Apache Tomcat DoS and information leak
Several flaws in the handling of the 'Transfer-Encoding' header.

python-cjson buffer overflow
Buffer overflow on python script parsing

11.07.2010
Detailed

6! pam motd privilege escalation

6! libpng multiple security vulnerabilities
document Memory corruption, resources exhaustion on PNG parsing.

PBS Pro symbolic links vulnerability
Symbolic links vulnerability on temporary files creation.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Heimdal Kerberos server DoS
document NULL pointer dereference on GAA-API token parsing.

Cisco Industrial Ethernet 3000 switches unauthorized access
Undeletable SNMP communities public and private.

08.07.2010
Detailed

lftp file overwrite
document Downloaded file name in lftpget may be set by server without user confirmation.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 08.07.2010
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

07.07.2010
Detailed

6! Cisco CSS / ACE multiple security vulnerabilities
document Certificate validation vulnerability, insufficient Web request validation.

6! Microsoft IIS authentication bypass
It's possible to access restricted directory by using request like “http://victim.com/SecretFolder:$I30:$Index_Allocation/

IRCDelphi IRC server DoS
Crash on nickname parsing.

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Adaptive ALPHA Ethernet Adapter II Web-Manager authentication bypass
It's possible to access web interface without authentication.

pam_captcha information leak
Behaviour is different depending on user account existance.

Flash Slideshow Maker buffer overflow
document Buffer overflow on .fss files parsing.

06.07.2010
Detailed

6! Multiple iSCSI implementations security vulnerabilities
document Buffer overflow on iSNS message parsing.

6! Multiple mobile platforms security vulnerabilities
CFNetwork API buffer overflow and more.

6! Editran editcp buffer overflow
Buffer overflow in TCP/7777 service.

6! VLC Player buffer overflow
Buffer overflow on .m3u files parsing.

Xlight FTPd Directory Traversal
document Directory traversal in multiple SFTP commands.

02.07.2010
Detailed

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

01.07.2010
Detailed

9! Adobe Acrobat / Reader multiple security vulnerabilities
document Multiple memory corruptions.