Computer Security
[EN] no-pyccku

6!Symantec Antivirus / Symantec Client Security privilege escalation
updated since 26.08.2005
document With help subsystem it's possible to execute code with LocalSystem privileges.
 ELSA Lancom information leak
document Administrative password can be obtained by remote user in cleartextwith Web interface.
 BTDT BitTorent port DoS
document Null HTTP header integer underflow.
 Adobe Version Cue multiple vulnerabilities
updated since 24.08.2005
document Executable files are writable. It's possible to attach user's library to suid executable. Symbolic links problem.

 Multiple BFCommand & Control Server Manager game servers management utility vulnerabilities
document Authentication bypass, privilege escalation, DoS.
 ntpd incalid gid usage
document Invalid processing of -u parameter causes ntpd to start with invalid gid.

6!HP OpenView unfiltered shell characters
updated since 26.08.2005
document It's possible to execute code with request like http://[host]:3443/OvCgi/connectedNodes.ovpl?node=a| [your command] |
 Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 22.08.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Nokia Affix Bluetooth multiple vulnerabilities
updated since 25.04.2005
document Integer overflow on socket creation. Buffer overflow in btftp client. btsrv/btobex unfiltered shell characters problem. popen() unfiltered shell characters.

7!Sophos antiviral applications and libraries buffer overflow
document Heap overflow on parsing Visio files data.
6!Apache web server DoS
document Wide HTTP request byterange paramters for CGI application leads to memory exhaustion.
6!Sun Solaris DHCP utilities and DHCP client privilege escalation
updated since 27.01.2005
 CVS concurent versions system symbolic links vulnerability
document script symbolic links problem during temporary files creation.
 simpleproxy proxy server format string vulnerability
document Format string bug on parent HTTP proxy server reply parsing.
 Quake 2 Lithium mode format string bug
document Format string bug on parsing player's nickname.
 HP-UX Veritas file system unauthorized access
 libpam-ldap authentication bypass
document Result of an attempt to authenticate against an LDAP server that does not set an optional data field is ignored.
 Astaro security Linux default configuration multiple vulnerabilities
document It's possible to access with CONNECT proxy, Webmin directory traversal, crossite scripting.
 LapFTP FTP client buffer overflow
document Buffer overflow on .LSQ filees parsing.
 BEA WebLogic crossite scripting
document Crossite scripting in administration console.
 Home FTP Server directory traversal
document It's possible to obtain any file from remote system.

6!Hauri antiviral products buffer overflow
document Buffer overflow on parsing ACE archives.
 QNX inputtrap unauthorized files access
document -e flag allows to specify input file, file ownership and privileges are not checked.
 mplayer movie player buffer overflow
document Buffer overflow on video file audio header.
 ZipTorrent BitTorrent client information leak
document Proxy server path is stored in local readable file.
 Ventrilo VoIP sotware DoS
document DoS on parsing incoplete UDP message of status service (UDP/3784).

7!Multiple Computer Associates software vulnerabilities
updated since 22.08.2005
document CA Message Queuing service buffer overflow, DoS and privilege escalation.
6!Microsoft IS error pages information leak
document Request variable SERVER_NAME controllable by client is used to validate server access.
6!mutt mail agent buffer overflow
updated since 18.08.2005
document Buffer overflow on parsing messages from mailbox.
 slocate file search utility DoS
document updatedb fails to handle long directory paths.
 Cisco Intrusion Prevention System privilege escalation
document Users with OPERATOR or VIEWER privileges can gain full administrative control.
 Cisco Monitoring Center for Security / CiscoWorks Management Center SSL certificate spoofing
document Bug in certificate validation allows to spoof IDS / IPS certificate.

7!Multiple MacOS X vulnerabilities
updated since 18.08.2005
document Apple Mac OS X Directory Services contains a buffer overflow, Apple Mac OS X Server servermgrd authentication vulnerable to buffer overflow, Apple Mac OS X AppKit vulnerable to buffer overflow via the handling of maliciously crafted rich text files, Apple Mac OS X AppKit vulnerable to buffer overflow via maliciously crafted Microsoft Word files, Apple Mac OS X Safari vulnerable to arbitrary command execution via URLs in PDF files, Apple Safari fails to perform security checks on links in rich text content.
6!elm mail agent buffer overflow
document Buffer overflow on oversized Expires: e-mail header.
6!Linux kernel multiple vulnerabilities
document Multiple DoS conditions, code execution while mounting compressed ISO file system, IPSec protection bypass by local user.
6!Lotus Domino weak files permissions
updated since 14.08.2005
document Database names.nsf with password hashes is world readable.
 LM Sensors symbolic links problem
document Unsafe temporary files creation.
 ProcessExplorer system monitoring tool buffer overflow
document Buffer overflow during parsing of CompanyName and VersionInfo PE file headers of running process.

 Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 15.08.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

6!Hauri antivirus directory traversal
document Directory traversal during archive antiviral checking.
6!tor anonymity, integrity and confidentiality loss
document DH handshake flaw causes situation first hop malicious server can lear all keay of client negotiation for the rest of the circuit.
 Multiple OpenVPN DoS conditions
document Problem with OpenSSL errors handing, memory exhaustion, race conditions.
 Unauthorized Cisco Clean Access virus isolation solution API access
updated since 17.08.2005
 libtiff TIFF graphics library DoS
updated since 29.07.2005
document Crash on zero YCbCr subsampling value.

9!Multiple Microsoft Internet Explorer vulnerabilities
updated since 09.08.2005
document Memory corruption on JPEG files parsing, memory corruption on COM object installation, crossite scripting with Web folders.
6!Adobe Acrobat / Adobe Acrobat Reader buffer overflow
document Buffer overflow in plugin module.
6!Unauthorized Linksys wireless access points access
document Clients without WPA Personal/TKIP authentication can access device with authentication enabled.
 Multiple Xerox Document Centre web interface vulnerabilities
document Unauthorized access, DoS, crossite scripting.
 Juniper Netscreen VPN user enumeration
document Different reply for existing user in IKE.
 Open DC Hub buffer overflow
document $RedirectAll command buffer overflow.
 SafeHTML content filtering bypass
document It's possible to bypass content filtering by using UTF-7 encoding.
 bluez-utils unauthorized bluethooth access
updated since 17.08.2005
document Improper validation of bluetooth device name.
 Sun StorEdge 6130 disk array unauthorized access
updated since 13.05.2005
 osh restricted shell buffer overflow
updated since 17.02.2005
document Buffer overflow during command parsing.
 Novell GroupWise client memory cleartext passwords
document Cahed password is stored cleartext in memory.

 World Poker Championship game buffer overflow
document Buffer overflow on oversized player's name.
 Multiple HP Ignite-UX deployment tool vulnerabilities
document /etc/passwd copy is available via TFTP, TFTP filesystem is world writable.
 ifenslave / iwconfig network device management utilities buffer overflow
document Buffer overflow on parsing command lines arguments.
 Hummingbird FTP client weak encryption
document Profiles are "encrypted" by XOR'ing with fixed byte value (0x7d).

 KDE langen2kvtml symbolic links problem
document Insecure temporary file creation.
 Multiple MindAlign instant messenger vulnerabilities
document Information leak, authentication bypass, crossite scripting, weak encryption, DoS.

6!Veritas Backup Exec unauthorized access
updated since 13.08.2005
document It's possible to retrieve any file from TCP/10000.
 Grandstream Budge Tone IP phone DoS
document Large datagrame to UDP/5060 port causes device to hang.
 Multiple Mentor ADSL router vulnerabilities
document Undocumented Web-interface TCP/5678, no passwords in default configuration, DoS, cleartext passwords in configuration file.
 JaguarControl ActiveX buffer overflow
document Buffer overflow on Jtex paramters on Jtex paramter.
 Whisper passwords manager cleartext password
document Passwords are visible in cleartext in process memory. Password for password store is not used in ecnryption, allowing to restore passwords from password file.
 Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 08.08.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

6!Kaspersky Antivirus for Unix / Linux weak default file permissions
document Weak folder permissions allow to overwrite any system file with symlink attack.

6!Novell eDirectory iMonitor for Windows buffer overflow
document Buffer overflow in dhost.exe process.
6!Linux NFS Network File System buffer overflow
document Buffer overflow on parsing nfsacl protocol XDR data.
6!Nortel Contivity VPN Client privilege escalation
updated since 11.08.2005
document File open dialog exllows to execute file with LocalSystem privileges.
6!Microsoft Windows Plug and Play service buffer overflow
updated since 09.08.2005
document Stack overflow on named pipes request processig.
 Wise WinTerm thin client windows terminal DoS
document Device crash on zero IP options.
 Network Associates ePolicy Orchestrator Agent privilege escalation
document By creating junction point (NTFS hard link) it's possible to access files with privileges of local system.

6!Linksys WLAN Monitor privilege escalation
document It's possible to execute application with LocalSystem privileges from Help system.
 HP Proliant Server ILO unauthorized access
document Unuathorized access is possible through Integrated Lights Out firmaware if server is powered off but power cord is unplugged.

6!Gaim instant messenger buffer overflow
document Buffer overflow on away message displaying.
6!Multiple Evultion e-mail agent and groupware client format string vulnerabilities
document Format string bugs on vCard format parsing, LDAP server reply parsing, remote server tasks displaying.
6!Microsoft Windows RDP protocol DoS
updated since 09.08.2005
document Bug in RDP protocol parsing causes system to crash and restart.
 Sun Solaris printd print daemon unauthorized files access
document It's possible to remove arbitrary files with printd user's privileges.
 Veritas NetBackup backup suite DoS (fake)
updated since 23.07.2005
document Crash with NULL-pointer reference on invalid timestamp value. Because error occures is child process it doesn't affects any functionality.

6!Microsoft Windows print Spooler service buffer overflow
document Buffer overflow on named pipes request processing.
6!Multiple Microsoft Windows Kerberos service vulnerabilities
document DoS on protocol parsing. Ability so spoof server on smart card authentication.
6!Microsoft Windows Telephony service privilege escalation
6!MySQL user defined functions multiple vulnerabilities
document Buffer overflow on oversized user defined function name. DoS, directory traversal and privilege escalation on external functions invocation.
 Linux kernel keyring management DoS
document System crash on attempt to delete uninstantiated keyring. Semaphore leakage on KEYCTL_JOIN_SESSION_KEYRING operation.
 FFTW symbolic links problems
document symbolic links problem on temporary files creation.
 Wine Windows Windows on Unix emulator symbolic links problem
updated since 14.03.2005
document Unsafe temporary files creation.

 EMC Navisphere Manager Directory Traversal Vulnerability
document Web interface directory traversal.
 NetworkActiv Web Server Cross-Site Scripting
document Crossite scripting with error messages on requests like http://[host]/?">[code].
 SUN McDATA switches broadcast storm
document Device replyes to the packets with broadcast source address making it possible to DoS network with broadcast strom.
 Linux kernel XFRM array overflow
 PHP, ASP, CGI web applications security vulnerabilities
updated since 01.08.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple Lantronix SecureLinx console server vulnerabilities
updated since 08.07.2005
document SSH keys and log files are accessible through Web interface. Unsfae file permissions. Directory traversal. Privilege escalations, buffer overflows.

 nCipher Cryptographic Hardware Interface Library cryptographic weakness
document On process forking random bytes cache is not clearing, leading to same (pseudo)random sequence is generated with few child processes.

 Metasploit Framework Defanged mode protection bypass
document It's possible to overwrite _Defanged environment variable with StateToOptions() function.
 Debian Linux apt-cacher code execution
 GXT Editor buffer overflow
document Buffer overflow on oversized string in text file.

6!Computer Associates BrightStor ARCserve Backup agent buffer overflow
document Buffer overflow on malformed TCP/6070 data.
 Quick 'n Easy FTP Server buffer overflow
document Buffer overflow on oversized FTP command

7!Jabberd Jabber instant messaging server buffer overflow
document Multiple buffer overflows on JID string parsing in jid.c.
 Norton GoBack authentication protection bypass
document It's possible to bypass authentucation check by using debugging mechanism.
 nbSMTP SMTP client format string bug
document Format string bug on server reply parsing.
 Microsoft ActiveSync multiple vulnerabilities
document During synchronization with broadcast media (LAN or Wi-Fi) all data, including authentication is sent cleartext and it's possible to spoof client or server. It's possible to access device without password, DoS.

 HP NonStop server kernel DCE DoS
 Business Objects Enterprise / Crystal Reports Denial of Service
 Trillian instant messenger cleartext passwords leak
document Yahoo Mail passwords are stored in common place with in cleartext.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod