Computer Security
[EN] securityvulns.ru no-pyccku



27.07.2015
Detailed
 Cisco Videoscape Delivery System DoS
document It's possible to reload device with HTTP request.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 libuser / userhelper security vulnerabilities
document Unsafe files handling, insufficient characters filtering.
 LXC directory traversal
document Directory traversal on lock files creation.
 Elastic Logstash directory traversal
updated since 14.06.2015
document Directory traversal in file output plugin.
  


26.07.2015
Detailed
8!Google Chrome / Chromium multiple security vulnerabilities
document Restrictions bypass, multiple memory corruptions, crossite scripting.
6!EMC Avamar directory traversal
document 
6!Cisco Unified MeetingPlace password reset
document It's possible to change password without entering previous one and session validation.
6!FreeBSD DoS
document Resources exhaustion via LAST_ACK state connections.
 Cisco Application Policy Infrastructure Controller privilege escalation
document It's possible to obtain root access.
 Cisco IOS DoS
document DoS in TFTP server.
  


20.07.2015
Detailed
8!Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
updated since 20.07.2015
document Quarterly CPU fixed over 170 different vulnerabilities.
7!Elasticsearch security vulnerabilities
document Code execution, directory traversal.
 tidy security vulnerabilities
document Buffer overflow and integer overflow on HTML parsing.
 freexl library DoS
document DoS on Excel document parsing.
 Apache security vulnerabilities
document DoS, few potential vulnerabilities.
 TOTOLINK routers multiple security vulnerabilities
document Code execution, backdoor account, CSRF, XSS.
  


19.07.2015
Detailed
9!Microsoft Windows multiple security vulnerabilities
document Internet Explorer and VBScript multiple security vulnerabilities, RDP code execution, Hyper-V code execution, multiple privilege escalations.
8!Microsoft Office multiple security vulnerabilities
document Memory corruptions, DLL planting, restrictions bypass.
8!Adobe Reader / Acrobat multiple security vulnerabilities
document Buffer overflows, memory corruptions, information disclosure.
8!Adobe Flash Player multiple security vulnerabilities
document Multiple memory corruptions, buffer overflows, information disclosure.
6!Adobe Shockwave Player security vulnerabilities
document Memory corruptions.
  


14.07.2015
Detailed
6!libwmf multiple security vulnerabilities
document Multiple memory corruptions.
6!Cisco ASA multiple security vulnerabilities
document Multiple DoS conditions, commads injections, information disclosure, certificate validation bypass.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 VMWare applications privilege escalation
document Weak executable file DACL.
 ipTime routers code execution
document Code execution via shell characters injection into DHCP request hostname.
 AirLive IP cameras commands injection
document Few commands injection possibilities.
 AirLink101 SkyIPCam1620W commands injection
document Commands injection, hardcoded credentials.
 EMC RecoverPoint for Virtual Machines restriction bypass
document Privilege escalation.
 stunnel authentication bypass
document Authentication is possible if redictions are used.
 Android backup content spoofing
document Malware application can spoof content of the adb backup.
  


13.07.2015
Detailed
8!PHP multiple security vulnerabilities
document Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure.
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple NSS cryptography vulnerabilities, memory corruptions, restriction bypasses, information disclosure, privilege escalation.
 HAProxy information disclosure
document Under some conditions, data from previous request can be obtained.
 cups-filters buffer overflow
document texttopdf buffer overflows.
 pdns recursor DoS
document CPU exhaustion and crash on processing name that refers to itself.
 ntpd DoS
document Crash is possible under specific conditions.
 ISC bind named DoS
document Crash on DNSSEC validation.
  


09.07.2015
Detailed
8!OpenSSL restrictions bypass
document Certificate without CA flag can be validated as a valid signing certificate.
  


05.07.2015
Detailed
8!Apple Mac OS X / EFI multiple security vulnerabilities
document Privilege escalation, information disclosure, multiple memory corruptions.
7!Apple iOS multiple security vulnerabilities
document DoS, certificate trust vulnerabilities, multiple memory corruptions, information disclosure, weak cyphers, code execution.
7!Apple QuickTime multiple security vulnerabilities
document Multiple memory corruptions on different formats handling.
7!Apple Safari / Webkit multiple security vulnerabilities
document Multiple memory corruptions.
6!Apache Storm code execution
document Code execution on the web server.
  IBM Domino Web Server crossite scripting
document 
 Polycom RealPresence Resource Manager multiple security vulnerabilities
document Information disclosure, privilege escalation, directory traversal.
 Microsec e-Szigno / Netlock Mokka content spoofing
document Signed content spoofing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.07.2015
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 unattended-upgrades man-in-the-middle
document Under some conditions package spoofing is possible.
 libcrypto++ timing attacks
document Rabin-Williams algorithm timing attacks.
 HP-UX privilege escalation
document pppoec privilege escalation.
 EMC Isilon OneFS code execution
document Command injection in web administration.
 ipTIME code execution
updated since 19.04.2015
document Code execution via web interface.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod