Computer Security
[EN] securityvulns.ru
no-pyccku

  


31.08.2009
Detailed
7!Linux kernel uninitialized pointers
updated since 14.08.2009
document proto_ops structure uninitialized pointers.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PostNuke: SQL injection.
 SolarWinds TFTP Server DoS
document Crash on TFTP requestparsing.
 Apache Xerces C++ library
document Crash on XML parsing.
  


28.08.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PostNuke: SQL injection.
  


27.08.2009
Detailed
6!HyperVM weak permissions
document Passwords and private keys are stored in world-readable file.
6!EasySec Personal Firewall buffer overflow
document Buffer overflow on FTP analysis.
 Xerox Workcentre DoS
document Crash on flood with LPR requests.
 CA Internet Security Suite DoS
updated since 19.08.2009
document Crash on IOCTL processing.
  


26.08.2009
Detailed
 Autonomy KeyView SDK library integer overflow
document Integer overflow on .XLS files parsing.
  


25.08.2009
Detailed
6!Mozilla Firefox extensions multiple security vulnerabilities
document Different exntensions allow code execution.
6!libvorbis multiple security vulnerabilities
updated since 04.06.2008
document Multiple integer overflows and denial of service.
 libneon certificate spoofing
document Invalid NULL character processing in CN field.
 WM Downloader buffer overflow
document Buffer overflows on different playlist formats parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Avast Antivirus buffer overflow
document Buffer overflow in File System Filter driver.
 Cisco CS-MARS information leak
document User's password may be stored in server logs.
 Linux kernel multiple security vulnerabilities
document Multiple DoS conditions, information leaks.
 PHP DoS
document Crash on JPEG Exif data parsing.
 DoS in multiple browsers
document Hang or crash on oversized location.hash
 Google Chrome DoS
document Hang on chromehtml: URL handling.
  


24.08.2009
Detailed
 setusercontext() privilege escalation in BSD systems
document Multiple application misbihave if different limits are set via setusercontext(), resulting in different exploitation scenarios.
  


21.08.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.08.2009
Detailed
8!Microsoft Office Web Components ActiveX memory corruption
updated since 14.07.2009
document ActiveX vulnerability is actively used in-the-wild for silent malware installation.
6!GnuTLS library certificate spoofing
document It's possible to spoof cerificate name with NULL byte; weak MD2-hashed signatures are accepted.
 Kaspersky Antivirus DoS
document Infinite loop on parsing URL with large number of dots.
 perl DoS
updated since 03.07.2009
document Crash on processing zlib stream via Compress::Raw::Zlib and bzip2 stream in Compress-Raw-Bzip2.
 ProShow buffer overflow
document Buffer overflow on .psh files parsing.
  


19.08.2009
Detailed
6!Libpurple / Pidgin memory corruption
document Memory corruption on malformed MSN protocol message.
6!Cisco Firewall Services Module DoS
document Crash on malcrafted ICMP packets.
6!Cisco IOS XR BGP DoS
updated since 19.08.2009
document BGP session reset on malformed BGP update.
 CA Host-Based Intrusion Prevention System DoS
document Malformed network packet causes system crash because of error in kmxIds.sys driver.
 HP Network Node Manager remote console weak files permissions
updated since 07.02.2007
document Weak permissions for C:\Program Files\HP OpenView allows executable files and system service file spoofing.
  


18.08.2009
Detailed
6!Apple Safari buffer overflow
document Buffer overflow on floating point numbers parsing.
 ntop DoS
document NULL pointer dereference on HTTP authentication.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.08.2009
Detailed
6!Adobe JRun multiple security vulnerabilities
document Directory traversal and crossite scripting in management console.
6!cURL / libcurl SSL certificate spoofing
document Certificate name spoofing via NULL byte.
6!Asterisk SIP DoS
updated since 11.08.2009
document Stack overlow (exhaustion) on SIP request processing.
 wxWidgets buffer overflow
document Buffer overflow on JPEG parsing.
 Adobe Coldfusion crossite scripting
document Multiple crossite scripting conditions.
 Easy Music Player buffer overflow
document Buffer overflow on WAV parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.08.2009
Detailed
 HP Insight Control Suite For Linux multiple security vulnerabilities
document Crossite request forgery, denial of service, code execution.
 SNOM VoIP phones authentication bypass
document Web interface access authentication bypass.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 13.08.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.08.2009
Detailed
7!Microsoft RDP client multiple security vulnerabilities
updated since 11.08.2009
document Memory corruption in ActiveX control, memory corruption on server reply processing.
7!Microsoft WINS multiple security vulnerabilities
updated since 11.08.2009
document Integer overflow, heap buffer overflow.
6!Microsoft Windows Workstation service memory corruption
updated since 11.08.2009
document Memory corruption on RPC message parsing.
6!Microsoft Windows MSMQ (message queuing) privilege escalation
updated since 11.08.2009
document DoS conditions in the service lead to named channel spoofing possibility.
 2Wire routers unauthorized access
document It's possible to reset password without knowledge of old one.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.08.2009
Detailed
8!Microsoft Windows media files processing memory corruption
document Memory corruptions and integer overflows on AVI processing.
8!OpenJDK multiple security vulnerabilities
document Information leaks, sandbox escape, multiple memory corruptions.
6!Microsoft ASP.NET DoS
   
6!libxml multiple security vulnerability
document Memory use-after-free, stack overflow (exhaustion).
 HP-UX ttrace DoS
document ttrace implementation allows denial of service conditions.
 Microsoft telnet NTLM relaying
document NTLM relaying attack against telnet client authentication is possible.
  


10.08.2009
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Dumb math captcha: protection bypass backdoor.
  


09.08.2009
Detailed
 in Huawei SmartAX MT880 unauthorized access
document Some administration functions, including administrative account creation, are available without password.
 Wireshark multiple security vulnerabilities
document RADIUS, AFS, infiniband protocol dessectors vulnerabilities
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


08.08.2009
Detailed
9!Sun Java multiple security vulnerabilities
document Integer overflow on JAR-files unpacking. Integer overflow on JPEG parsing.
8!Adobe Flash Player / AIR integer overflow
updated since 03.08.2009
document Integer overflow in intrf_count field of instance_info structure
7!Subversion / APR multiple buffer overflows
document Multiple integer overflows in libsvn_delta library.
7!EMC Replication Manager code execution
document Application execution via XML-based service on TCP/6700.
7!Computer Associates applications multiple security vulnerabilities
document Multiple vulnerabilities, inluding remote buffer overflow.
6!IBM AIX libc privilege escalation
document It's possible to maniuplate files via _LIB_INIT_DBG and _LIB_INIT_DBG_FILE environment variables for suid applications.
6!Memcached buffer overflow
document Integer overflow leading to heap buffer overflows.
 fetchmail certificate spoofing
document It's possible to spoof certificate name with NULL byte in prefix.
 ASUS notebooks and motherboards privilege escalations
document There are multiple possibilities for user with phisical memory access to execute code in high-pribileged SMM processor mode.
  


07.08.2009
Detailed
8!Mozilla Firefox, Thunderbird, SeaMonkey, NSS multiple security vulnerabilities
document Certificate spoofing, buffer overflow, code execution.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 29.07.2009
document Multiple memory corruptions, workaround for ATL vulnerability added.
6!Apple Mac OS X multiple security vulnerabilities
document Privilege escalations, multiple DoS conditions, buffer overflow in AppleTalk client, Safari certificate spoofing, multiple vulnerabilities on images parsing.
  


04.08.2009
Detailed
7!SAP Business One buffer overflow
document Buffer overflow in NT_Naming_Service.exe (TCP/30000).
  


03.08.2009
Detailed
6!znc IRC proxy directory traversal
document Directory traversal on DCC request.
 Asterisk DoS
document Crash on RTP text frames processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Epson Status Monitor weak permissions
document Weak permissions for EPSON_EB_RPCV4_01 and EPSON_PM_RPCV4_01 servicse executables.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru