Computer Security
[EN] securityvulns.ru
no-pyccku




30.07.2010
Detailed
6!OpenLDAP multiple security vulnerabilities
document Memory corruptions, DoS condition
  


29.07.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 QQPlayer buffer overflow
document Buffer overflow on .smi files parsing.
 Mac OS X WebDav DoS
document It's possible to cause kernal panic via webdav_mount() function.
  


28.07.2010
Detailed
7!PgnuPG use-after-free vulnerability
document Use-after free vulnerability on certificate parsing.
 Nessus Web Server security vulnerabilities
document nessusd_www_server.nbin plugin information disclosure and crossite scripting.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 23.07.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Media Player Classic buffer overflow
document Heap buffer overflow on .m3u playlist parsing.
  


24.07.2010
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, use-after-free, integer overflows, array index overflow, code execution, etc.
 SAP NetWeaver multiple security vulnerabilities
document Crossite scripting in different components.
 iputils ping DoS
document Utility may hang on server response parsing.
  


23.07.2010
Detailed
6!Cisco Content Delivery Engine directory traversal
document Cisco Internet Streamer directory traversal.
 RSA Federated Identity Manager URL redirection
   
  


22.07.2010
Detailed
7!Hewlett Packard applications multiple security vulnerabilities
updated since 18.07.2010
document >20 vulnerabilities in different applications are fixed.
6!Novell Groupwise multiple security vulnerabilities
updated since 16.07.2010
document Buffer overflow for stack buffer (stack overrun) on Webaccess Proxy feature. Buffer overflow in IMAP.
  


20.07.2010
Detailed
8!Oracle / Sun applications multiple security vulneraebilities
updated since 15.07.2010
document Quarterly update fixed 59 different vulnerabilities.
  


19.07.2010
Detailed
 Microsoft ClickOnce technology insufficient security
document Installation of unsigned elements is allowed.
  


18.07.2010
Detailed
7!Ipswitch Imail multiple security vulnerabilities
document Format string vulnerabilities, unfiltered shell-characters, code execution.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 GIGABYTE Download Center ActiveX array index overflow
document Array index overflow in SetDLInfo() method of Dldrv2 ActiveX
 Juniper Secure Access crossite scripting
updated since 15.06.2010
document Administration interface crossite scripting.
  


17.07.2010
Detailed
7!IBM soliDB buffer overflow
document Buffer overflow in TCP/1315 service.
 python security vulnerabilities
document Buffer overflow in audioop.lin2lin, memory corruption in audioop.reverse.
 SAP GUI ActiveX unauthorized access
updated since 28.09.2009
document EAI WebViewer2D, VSFlexGrid, SAPBExCommonResources components insecure method.
  


16.07.2010
Detailed
 VTE control characters vulnerability
document Control characters are not checked when setting window or icon title, making it possible to insert terminal ESC-sequences.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.07.2010
Detailed
7!Microsoft Outlook code execution
updated since 14.07.2010
document It's possible to execute file from UNC resource by sending reference to file as ATTACH_BY_REFERENCE attachment.
 VMWare Studio priovilege escalation
document Privilege escalation via vami-sfcbd/
 WinAmp buffer overflows
document Multiple buffer overflows on .flw files parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 dotDefender protection bypass
document It's possible to bypass XSS protection.
  


14.07.2010
Detailed
7!Microsoft Access security vulnerabilities
document Multiple memory corruptions.
7!Microsoft Windows Canonical Display integer overflow
document Integer overflow on image displaying.
7!Microsoft Windows Help and Support Center code execution
document Code injection via URL.
 FreeBSD privilege escalation
document Under some conditions it's possible to bypass read-onyy flag for mbuf pages.
  


13.07.2010
Detailed
 znc DoS
document NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection.
 Apache Tomcat DoS and information leak
document Several flaws in the handling of the 'Transfer-Encoding' header.
 python-cjson buffer overflow
document Buffer overflow on python script parsing
  


11.07.2010
Detailed
6!pam motd privilege escalation
   
6!libpng multiple security vulnerabilities
document Memory corruption, resources exhaustion on PNG parsing.
 PBS Pro symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Heimdal Kerberos server DoS
document NULL pointer dereference on GAA-API token parsing.
 Cisco Industrial Ethernet 3000 switches unauthorized access
document Undeletable SNMP communities public and private.
  


08.07.2010
Detailed
 lftp file overwrite
document Downloaded file name in lftpget may be set by server without user confirmation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 08.07.2010
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.07.2010
Detailed
6!Cisco CSS / ACE multiple security vulnerabilities
document Certificate validation vulnerability, insufficient Web request validation.
6!Microsoft IIS authentication bypass
document It's possible to access restricted directory by using request like “http://victim.com/SecretFolder:$I30:$Index_Allocation/
 IRCDelphi IRC server DoS
document Crash on nickname parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Adaptive ALPHA Ethernet Adapter II Web-Manager authentication bypass
document It's possible to access web interface without authentication.
 pam_captcha information leak
document Behaviour is different depending on user account existance.
 Flash Slideshow Maker buffer overflow
document Buffer overflow on .fss files parsing.
  


06.07.2010
Detailed
6!Multiple iSCSI implementations security vulnerabilities
document Buffer overflow on iSNS message parsing.
6!Multiple mobile platforms security vulnerabilities
document CFNetwork API buffer overflow and more.
6!Editran editcp buffer overflow
document Buffer overflow in TCP/7777 service.
6!VLC Player buffer overflow
document Buffer overflow on .m3u files parsing.
 Xlight FTPd Directory Traversal
document Directory traversal in multiple SFTP commands.
  


02.07.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.07.2010
Detailed
9!Adobe Acrobat / Reader multiple security vulnerabilities
document Multiple memory corruptions.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru