Computer Security
[EN] securityvulns.ru no-pyccku



30.07.2012
Detailed
 PHP security vulnerabilities
document _php_stream_scandir overflow, SQLite functionality open_basedir protection bypass.
 libxslt DoS
   
  


29.07.2012
Detailed
6!ISC bind DoS
document Crash because of incorrect failed requests cache implementation.
 python multiple security vulnerabilities
updated since 09.07.2012
document DoS, crissoite scripting, information leakage.
 Apache mod_auth_openid weak permissions
document /tmp/mod_auth_openid.db weak permissions
  


23.07.2012
Detailed
8!HP StorageWorks code execution
document Few vulnerabilities in File Migration Agent TCP/9111 service
6!libexif / exif multiple security vulnerabilities
updated since 16.07.2012
document Buffer overflows, integer overflows, DoS conditions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Metasploit pcap_log symbolic links vulnerability
document Symbolic links vulnerability on temporary file creation.
 Google Chrome DLL spoofing
document Unsafe metro_driver.dll loading.
 HP AssetManager crossite scripting
document Multiple crossite scripting possibilities.
 DomsHttpd DoS
document Crash on Referer: header processing.
 nsd DNS server DoS
document NULL pointer dereference on malformed DNS packet processing.
  


18.07.2012
Detailed
 Dr.Web antivirus SQL injection
document SQL injection in com.drweb.activities.antispam.CursorActivity class of android antivirus allows untrusted applications to access SMS archive.
  


16.07.2012
Detailed
7!Cisco TelePresence applications multiple security vulnerabilities
document DoS, commands injection, code execution.
6!EMC RSA Authentication Manager multiple security vulnerabilities
document Crossite scripting, open redirection.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 AirDroid multiple security vulnerabilities
document Multiple cryptography weaknesses.
 EMC Celerra/VNX/VNXe unauthorized access
document NFS access restriction vulnerabilities.
 HP Operations Agent code execution
updated since 11.07.2012
document coda.exe buffer overflow on HTTP GET request processing.
 Rhythmbox code execution
   
 TPLink Gateway multiple security vulnerabilities
document Multiple vulnerabilities in Web interface.
 automake race conditions
   
  


11.07.2012
Detailed
6!Microsoft Sharepoint multiple security vulnerabilities
document Crossite scripting, URL redirection.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Checkpoint Arba protection bypass
document It's possible to bypass sandbox protection.
 Asterisk security vulnerabilities
document Few DoS conditions.
 libpurple / Pidgin code execution
document Code execution in MXit protocol.
 Microsoft Office security vulnerabilities
document VBA unsafe library loading, Office for Mac weak files permissions.
  


09.07.2012
Detailed
7!Avaya IP Office Customer Call Reporter code execution
document It's possible to upload executable files via ImageUpload.ashx
7!libtiff library integer overflow
updated since 09.04.2012
document Integer overflow on tiff parsing.
6!bcfg2 shell chatacters vulnerability
document It's possible to execute code as a root.
 Ubuntu AccountsService privilege escalation
document Invalid files caching.
 Linux kernel multiple security vulnerabilities
document DoS, privilege escalation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Spring Framework information leakage
   
 IBM Edge Components Caching Proxy crossite scripting
document Crossite scripting on non-existent page.
 Symantec Message Filter session hijacking
   
 Cyberoam DPI unsafe certificates
document All devices use same certificates for SSL connection hijacking.
 Microsoft IIS security vulnerabilities
document Requests flood with ~ sign in the path leads to server DoS; files and folders are accessible via 8.3 name making it easier to bruteforce names of hidden files and folders.
 EMC RSA Access Manager replay attack
document It's possible to replays sniffed session.
 HP Device Access Manager for Protect Tools Information Store ActiveX memory corruption
updated since 04.12.2011
document Buffer overflows in different methods.
 HP Photosmart printers DoS
   
 Apache mod_security protection bypass
document It's possible to bypass protection if both Content-Disposition: attachment and Content-Type: multipart are present
 MIT Kerberos 5 kadmind DoS
document NULL pointer dereference
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod