Computer Security
[EN] securityvulns.ru
no-pyccku

  


26.08.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: crossite scripting.
 PartyGaming PartyPoker updates spoofing
document Cryptography is not used to validate update authenticity.
  


25.08.2008
Detailed
7!Xine multiple security vulnerabilities
document 5 buffer overflows in real Audio parsing, vulnerabilities in mng, mod, qt, matroska formats handling.
7!Microsoft .Net framework multiple security vulnerabilities
updated since 10.07.2007
document Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte.
6!Trend Micro multiple application authentication bypass
document Weak PRNG generator is used to generate session cookie.
 libxml library DoS
document DoS through CPU and memory exhaustion.
 vim multiple security vulnerabilities
updated since 14.06.2008
document Code execution on file open.
  


24.08.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: SQL injection, information leakage.
  


23.08.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. osCommerce: crossite scripting.
  


21.08.2008
Detailed
6!Linux kernel multiple security vulnerabilities
document IPSec ESP pacjet parsing DoS, multiple local DoS conditions, kernel memory data leak, privilege escalation.
6!Cisco IOS embedded FTP server multiple security vulneraiblities
updated since 12.05.2007
document DoS, unauthorized access, directory traversal.
 Anzio Web Print Object ActiveX buffer overflow
document Buffer overflow with mainurl parameter.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 yelp format string vulnerability
document Format string vulnerability via URI.
  


20.08.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.08.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: crossite scripting, information leak.
  


19.08.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: crossite scripting, automation protection bypass.
  


18.08.2008
Detailed
6!MicroWorld MailScan multiple security vulnerabilities
document Durectory traversal, authenticatio bypass, crossite scripting, informaiton leak via Web admin page (TCP/10443).
 Nokia 6131 phones multiple security vulnerabilities
document URI spoofing, device crash.
 Amarok symbolic links vulnerability
document Unsafe temporary files creation.
 Cisco WebEx Meeting Manager ActiveX buffer overflow
document atucfobj.dll buffer overflow
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm for WordPress: Spamming, Envolution: crossite scripting, informaiton leak.
  


15.08.2008
Detailed
7!HP-UX unauthorized access with ftp server
   
6!CA CA Host-Based Intrusion Prevention System SDK multiple security vulnerabilities
document Invalid IOCTL processing.
6!Microsoft Messenger unauthorized ActiveX access
updated since 12.08.2008
document Messenger.UIAutomation.1 ActiveX allows access to applciation functionality.
6!Symantec VERITAS Storage Foundation multiple security vulnerabilities
updated since 22.02.2008
document DoS on TCP/4888 request parsing, buffer overflow on UDP/3207 parsing.
 Ventrilo voice chat server DoS
document NULL pointer dereference.
 git buffer overflow
document Buffer overflow on oversized repository path.
 VMWare VirtualCenter information leak
document It's possible to obtain username information.
  


14.08.2008
Detailed
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.08.2008
document Multiple memory corruptions, MHTML crossite scripting.
  


13.08.2008
Detailed
8!Microsoft Office / Word / Excel / Power Point multiple security vulnerabilities
updated since 12.08.2008
document Multiple memory corruptions, protection bypass.
7!Microsoft Windows color management system memory corruption
updated since 12.08.2008
document Memory corruption on ICCM management.
  


12.08.2008
Detailed
7!Microsoft Access ActiveX file download
updated since 09.07.2008
document SnapShot Viewer ActiveX allows file download to any location.
6!Microsoft Windows privilege escalation
document Invalid event handling allows code execution in system context.
 Microsoft Windows IPSec policies vulnerability
document Under certain conditions rules are not applied after Windows 2003 domain is migrated to Windows 2008.
 hMailServer IMAP server DoS
document Memory leak on command execution leads to buffer overflow.
 Sun Solaris snoop format string vulnerability
document Format string vulnerability on SMB traffic parsing.
 Alcatel OmniSwitch switches buffer overflow
document Buffer overflow on oversized Cookie: header in embedded web server.
 UUDeview symbolic links vulnerability
document Insecure temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contact Form ][: crossite request forgery, crossite scripting.
  


08.08.2008
Detailed
 WinGate Mail Server DoS
document IMAP LIST command resources exhaustion.
 NoticeWare Email Server DoS
document Crash on oversized IMAP LOGIN command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contact Form ][: antiautomation protection bypass, crossite scripting.
 stunnel protection bypass
document Revoked certificate status is incorrectly checked.
  


07.08.2008
Detailed
8!Nokia series 40 phones multiple security vulnerabilities
document Multiple J2ME implementation vulnerabilities allow complete device compromization.
7!OpenVMS fingerd buffer overflow
document Buffer overflow on oversized username.
6!Wireshark multiple security vulnerabilities
document Multiple vulnerabilities in protocol dissectors, causing application to crash.
 Sun xVM privilege escalation
document VBoxDrv.sys driver kernel mode code execution.
 Apache mod_proxy_ftp crossite scripting
document Crossite scripting on FTP server content displaying.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress ME for XOOPS: crossite scripting.
 Ingres database server multiple security vulnerabilities
updated since 04.08.2008
document Weak file permissions, insecure shared library loading, buffer overflow in different utilities.
 Microsoft Halo: Combat Evolved game DoS
updated since 25.05.2005
document Endless loop on malformed data.
 8e6 Technologies R3000 Internet Filter URL filtering bypass
updated since 17.01.2008
document Stateful-filtering is not used. X-DecoyHost header may be used to bypass filtering.
  


05.08.2008
Detailed
8!Oracle multiple security vulnerabilities
updated since 18.07.2008
document New Critical Patch Update patches nearly 50 different vulnerabilities in all Oracle products.
  


04.08.2008
Detailed
7!Apple Mac OS X multiple security vulnerabilities
document Integer overflows and buffer overflows in graphics API and fonts API.
 OpenSC smart cards unauthrorized access
document It's possible to change smrtcard PIN code.
 America's army game server DoS
document Invalid assert() on network traffic parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Smeego: automation protection bypass, crossite scripting.
  


03.08.2008
Detailed
 OpenLDAP slapd DoS
document Crash on ASR.1 BER data processing.
  


01.08.2008
Detailed
6!CA ARCserve Backup for Laptops and Desktops buffer overflow
document LGServer server process buffer overflow.
6!HP-UX System Administration Manager unauthorized access
   
6!Python multiple security vulnerabilities
document Integer overflows, buffer overflows, cryptographic problems in multiple functions.
6!libxslt multiple security vulnerabilities
document Heap buffer overflow, invalid digital signature check.
 httrack buffer overflow
document Buffer overflow on oversized URL.
 pan newsreader buffer overflow
document Buffer overflow on .nzb files parsing.
 SAP MaxDB privilege escalation
document It's possible to obtain sdb:sdba privileges via dmbsrv process because of untrusted path usage.
 newsx buffer overflow
document Buffer overflow on the article with large number of lines beginning with period.
 Blue Coat K9 Web Protection buffer overflow
document Buffer overflow on Referer header parsing. Buffer overflow on control server response parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Citrix Metaframe Privilege escalation
document Autorun item path is not fully specified.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru