Computer Security
[EN] securityvulns.ru no-pyccku



29.07.2013
Detailed
9!Microsoft Windows multiple security vulnerabilities
updated since 10.07.2013
document Multiple vulnerabilities in .Net and Silverlight, multiple kernel components vulnerabilities, GDI+ TrueType parsing memory corruption, DirectShow memory corruption, VMW parsing memory corruption, multiple Internet Explorer memory corruption, Windows Defender privilege escalation.
7!ISC bind DoS
document assert() on client request processing.
7!HP LoadRunner multiple security vulnerabilities
document DoS, code execution.
7!Symantec Web Gateway multiple security vulnerabilities
document Crossite scripting, crossite request forgery, SQL injection, code execution, privilege escalation.
7!squid DoS
updated since 16.07.2013
document Crash on invalid Host: header.
6!SurgeFTP buffer overflow
document Heap based buffer overflow.
6!FreeBSD NFS privilege escalation
document It's possible to access files with credentials of any user if anonymous NFS acccess is allowed.
6!Cisco Video Surveillance Manager multiple security vulnerabilities
document Directory traversal, authentication bypass.
6!Apache OpenOffice security vulnerabilities
document Few memory corruptions.
6!HP Network Node Manager multiple security vulnerabilities
updated since 19.07.2013
document Unauthorized access, code execution, DoS.
 Little CMS library DoS
document Crash on file parsing.
 EMC NetWorker information leakage
document It's possible to retrieve sensible configuration information.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Barracuda Networks products multiple security vulnerabilities
document Web filter administration crossite scripting.
 Juniper Secure Access crossite scripting
document Crossite scripting in SSLVPN.
 HP Application Lifecycle Management crossite scripting
document HP Application Lifecycle Management Quality Center crossite scripting.
 CA Service Desk Manager crossite scripting
document Web interface crossite scripting.
 Barracuda CudaTel multiple security vulnerabilities
updated since 01.07.2013
document Multiple web interface vulnerabilities.
 Foscam cameras security vulnerabilities
updated since 11.03.2013
document Directory traversal, CSRF.
 Artweaver buffer overflow
document Buffer overflow on .AWD files parsing.
 XnView buffer overflow
document Buffer overflow on .PCT parsing.
 OpenAFS security vulnerabilities
document Weak enbcryption algorithm
 Samsung TV DoS
document Crash on oversized GET request.
 Dell Kace security vulnerabilities
updated since 17.07.2013
document Crossite scripting and SQL injection in web administration.
  


19.07.2013
Detailed
7!Cisco Unified Communications Manager multiple security vulnerabilities
document Hardcoded encryption key, code execution, privilege escation, SQL injection.
7!Sybase EAServer multiple security vulnerabilities
document Directory traversal, XML injection, shell characters injection.
6!Cisco Intrusion Prevention System multiple security vulnerabilities
document Multiple DoS conditions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Xpient Cash Drawer unauthorized access
document TCP/7510 port unauthorized access
 IceWarp multiple security vulnerabilities
document Web interface crossite scripting and XML injeciton.
 HP Smart Zero Client unauthorized access
   
 HP Database and Middleware Automation information leakage
   
 EMC Avamar security vulnerabilities
document Privilege escalation, crossite scripting.
 Dell PacketTrap multiple security vulnerabilities
document Multiple web interface vulnerabilities.
 Symantec Workspace Virtualization privilege escalation
document Unsafe function's hook.
 HP System Management Homepage multiple security vulnerabilities
document Code execution, unauthorized access, DoS.
 IBM WebSphere information leakage
document Access token inside URL.
  


17.07.2013
Detailed
 EMC VNX / Celerra privilege escalation
document Weak permissions for script files.
 Huawei E587 access point security vulnerabilities
document Crossite scripting, code execution.
 Samsung Galaxy SMS manipulation
document It's possible to manipulate SMS via built-in backup utility.
 MiniDLNA multiple security vulnerabilities
document Buffer overflows, SQL injections.
 Trend Micro DirectPass multiple security vulnerabilities
document DoS conditions
  


16.07.2013
Detailed
7!PHP memory corruption
updated since 15.07.2013
document Memory corruption in XML parsing, jdtojewish function DoS.
7!McAfee ePolicy Orchestrator security vulnerability
updated since 15.07.2013
document Few vulnerabilities are used in-the-wild to compromise corporate networks.
  


15.07.2013
Detailed
8!Linux kernel security vulnerabilities
updated since 03.06.2013
document iSCSI memory corruption, multiple information leaks, DoS, Broadcom B43 driver privilege escalation.
7!Adobe Shockwave Player multiple security vulnerabilities
document Memory corruption, code execution.
7!Adobe Flash Player multiple security vulnerabilities
document Multiple memory corruptions, code execution.
7!Adobe Coldfusion multiple security vulnereabilities
document DoS, code execution.
7!Adobe Acrobat / Reader multiple security vulnerabilities
document Multiple memory corruptions, code execution, privilege escalation.
6!EMC RSA BSAFE multiple security vulnerabilities
document SSL-related attacks.
6!Cisco Email Security / Web Security / Content Security multiple security vulnerabilities
document Code execution, DoS.
6!Multiple IP-cameras backdoor accounts
document Hardcoded accounts.
6!EMC RSA Authentication Manager security vulnerabilities
updated since 04.06.2013
document Information leakage, SQL injection.
 Asus routers security vulnerabilities
document Information leakage, code execution
 libxml2 DoS
document Out-of-memory reading on incomplete document parsing.
 Cisco ASA NGFW DoS
document Fragmented packets DoS.
 EMC Replication Manager information leakage
document Passwords are logged.
 Gnome File Roller directory traversal
document Directory traversal on archive processing.
 HP StoreVirtual unauthorized access
   
 Apache security vulnerabilities
document mod_dav malformed MERGE request crash, mod_rewrite log manipulation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 MiniUPnPd information leakage
document Memory content leakage in SSDP reply.
 fail2ban DoS
updated since 08.07.2013
document It's possible to trigger a block for arbitrary client.
 DD-WRT crossite request forgery
document Crossite request forgery via web interface.
 Microsoft Windows information leakage
document It's possible to recover administrator's password used during system installation.
 Linksys routers security vulnerabilities
document Crossite request forgery, XSS, code execution in web administration interface.
  


10.07.2013
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 27.05.2013
document Memory corruption, use-after-free, privilege escalation, information leakage.
6!nginx buffer overflow
document Buffer overflow on proxy_pass upstream HTTP server response processing. Buffer overflow on chunked response parsing.
 RSA SecurID weak encryption
document Symmetric key is stored locally with weak encryption.
 Zoom routers unauthorized access
document Authentication bypass, protection bypass
 HP StoreOnce D2D unauthorized access
document There is built-in support account with permissions to reset administrator's password.
  


08.07.2013
Detailed
 perl-Dancer headers injection
document headers injection in cookie handling methods.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 WinAmp security vulnerabilities
document Buffer overflow, uninitialized pointer dereference.
 autotrace buffer overflow
document Buffer overflow on BMP processing.
 php-radius buffer overflow
document Buffer overflow in radius_get_vendor_attr()
 libvirt DoS
document Resources exhaustion.
 perl Module::Signature privilege escalation
document Relative path is used to execute external application.
 ElasticSearch double free
document ElasticSearch rsyslog plugin doble free().
 Avast antiviral products multiple security vulnerabilities
document Privilege escalations.
  


01.07.2013
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, code execution, information leakages, crossite scripting, protection bypass.
7!FreeBSD mmap+ptrace vulnerability
document It's possible to modify mmap memory mapped files via ptrace.
7!puppet code exeuction
document Code execution via YAML object deserialization.
6!xml-security-c security vulnerabilities
document Stack overflow, heap buffer overflow.
6!OpenStack multiple security vulnerabilities
updated since 17.06.2013
document Keystone protection bypass and authentication bypass, Nova DoS.
6!HAProxy security vulnerabilities
updated since 06.05.2013
document Few memory corruptions.
 Apple iOS personal hotspot unauthorized access
document Password is generated using short wordlist.
 libRaw / libKDcraw memory corruption
document Memory corruption on full-color images processing.
 libcurl uninitialized memory reference
document Uninitialized memory access in curl_easy_unescape()
 Ruby certificate spoofing
document It's possible to bypass certificate name check.
 nfs-utils rpc.gssd privilege escalation
document Unsafe PTR DNS record resoulution is used in a security related operation.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod